Apple Antitrust Case: What It Means for Small eBook Publishers

If you publish eBooks, you may be wondering how a recent antitrust case against one of the world’s best known eBook sellers affects you.

A U.S. District Judge recently ruled against Apple Inc. saying the tech giant violated federal antitrust law when it entered into agreements with five major publishers to drive up eBook prices.

Though Apple has vowed to appeal the ruling, the case shows the U.S. Justice Department’s commitment to ensure Apple can no longer use its position in the industry to influence prices.

Apple vs. Amazon

Amazon, one of Apple’s chief eBook selling rivals, isn’t directly involved in the case. But observers say the issue really goes back to the competition between the two.

With a much larger share of the eBook market, Amazon had initially used a strategy of buying eBooks at wholesale and then selling them below cost simply to promote its Kindle eReader devices, Reuters reported.

An agreement with Apple allowing five major publishers to set higher prices for their eBooks in Apple’ store forced Amazon into a similar arrangement, the court said.

An Advantage for Small Publishers

The court decision, which some say shifts the advantage back in Amazon’s favor, creates certain advantages for smaller eBook publishers too.

While close competition between big publishers may standardize eBook prices, small publishers, depending on the platform they choose, can set any price they wish.

Rob Eager, a book marketing expert, suggests several strategies when pricing eBooks.

Because eBook readers tend to be very price sensitive, Eager recommends beginning with a price below the standard $9.99 per title established by Amazon.

Better yet, Eager suggests following the lead of eBook authors like Seth Godin. Godin has recommended eBook authors give away their first book free in an effort to build an audience.

As an alternative, Eager says eBook authors can offer an eBook free for the first thirty to ninety days of release.

eBook Concept Photo via Shutterstock

Tablets Are Displacing Personal Computers with Consumers

Customer interaction and payments to your website are more and more likely to be taking place from a tablet or other mobile device.

A continued decline in the number of PCs being shipped and presumably bought worldwide shows that tablets are displacing them with consumers, especially in emerging markets.

What the Numbers Say

A recent report from Gartner Inc. shows a 10.9 percent decline in PC shipments in the second quarter of 2013. It is the fifth consecutive quarter of decline, the longest sustained decrease in shipments in the industry’s history.

Meanwhile, a separate report from International Data Corporation suggests an even more precipitous drop in PC shipments for the second quarter of about 11.7 percent. But IDC insists total shipment were actually higher than projected.

What This Means

This doesn’t mean small business owners will necessarily be using tablets instead of PCs to operate their businesses. But it could mean that most of your customers especially outside the U.S. might be mobile.

In a prepared release, Mikako Kitagawa, principal analyst at Gartner explained:

We are seeing the PC market reduction directly tied to the shrinking installed base of PCs, as inexpensive tablets displace the low-end machines used primarily for consumption in mature and developed markets. In emerging markets, inexpensive tablets have become the first computing device for many people, who at best are deferring the purchase of a PC. This is also accounting for the collapse of the mini notebook market.

At the same time, tablet shipments have seen a sustained increase, going from 18.7 million in the first quarter of 2012 to 40.6 million in the first quarter of 2013.

Sales generated from mobile marketing continue to increase as well. For example, in the U.S. alone, those sales are expected to increase by 52 percent by 2015 to an estimated $400 billion.

Small business owners must make sure their websites are mobile and able to take mobile payments to prepare for this growing demand.

Tablet Consumer Photo via Shutterstock

RivalIQ’s John Clark: Using Competitive Intelligence Amongst Limitless Information

With so much information flying around on the Internet, you’d think it would be easy to keep up with everything that’s going on in your market and amongst your competitors.  But it’s more a matter of knowing what information is important in understanding how well you match up. Being able to focus on which networks, content and metrics will help you beat the competition is the name of the game in this age of real-time information.

John Clark, CEO of RivalIQ, a competitive intelligence platform provider, joins Brent Leary to share his thoughts on how to approach CI (competitive intelligence) in today’s environment along with some best practices for making the most of the information at your fingertips.

* * * * *

Small Business Trends: Can you tell us a little bit about your background?

John Clark: My first software company actually started when I was 17. I have continued through a variety of industries to take us to what is today, Rival IQ, where we focus on helping marketers within companies and agencies extract competitive insights out of their market landscape.

Small Business Trends: What is competitive intelligence today and how does it compare to a few years ago?

John Clark: There are so many more channels of activity for the typical marketer to have to deal with. There is a tremendous amount of activity, it is a non stop flow of information. The reality is there is a ton of information that you can gleam from the market, but at the same time it is easy to become essentially obsessed with it as well.

So we talk a lot about how you would be a fool not to watch what your competitors are doing, but you would be a fool to obsess about it.

The trick is having systems in place and those can be manual or automated to essentially gather this information and when it is valuable for you to see what is going on with your competitors.

Small Business Trends: What are some of the main things a company should be looking to do when trying to understand what is the competitive landscape around them?

John Clark: People should spend their energy understanding who the players in their market are. So we talk about building your market landscape or your competitive landscape. It is really understanding who are the companies that are either directly competitive to you or are tangentially competitive to you in a way that you think that you can learn from their behavior. I would characterize the latter as aspirational targets. People you think are really doing well in the market you can learn from them.

So those are the three types of companies that would be important to assemble. It is important just to know who those are and then there is the Web or online presence that you can explore. There is a whole variety of social channels that are important to be evaluating. There are a variety of other metrics like SEO base metrics, that are important to be identified that are certainly the big groups that are important to gather information on and be watching on a periodic basis.

Small Business Trends: What kind of things can you find out, or what you should be finding out, in order to understand what is going on in the industry you are in?

John Clark: From our prospective, important things to do as you setup a competitive landscape are have the list of people that you think are valuable that you can learn from and you can inform your strategy from. Then you want to start doing some base lining or bench marking which would be going and looking at how they cross all of the various marketing channels and how they describe themselves.

The positioning is a perfect example. We spend a decent amount of energy on how to talk about your business and how do your competitors talk about their business and how they compare.

If you go and pull descriptions from ten different competitor websites and line them up against each other, or the title text or how they describe themselves on say Twitter or Facebook, and you look at them side by side, you are going to discover a common things that you want to make sure you get in to your own description as well.

Making sure that you have assembled the competitive metrics, which is essentially for your industry, then look at who’s present on what channels. Look at Facebook, Twitter, Google Plus and LinkedIn, and ask yourself, “Am I on those channels and are my competitors on those channels?”

The final thing would be looking at the effectiveness or the engagement on those various channels. What are people doing and are they effective? Because you can certainly be present on Facebook, but being present on Facebook and having deep engagement with your customer base are two very different things.

Small Business Trends: Lets say you are in this certain industry and you have a list of competitors and you can look across the different social networks and how you compare to them, but you dig deeper to see the industry is really heavily using Facebook. How can I get up to speed or use Facebook and look at each individual but also look at the overall industry and how it’s doing?

John Clark: Exactly. Not just the overall industry, but the trick on engagement is to go and figure out who is doing the best. Because this is where some of the learning is coming from. Whether it’s SEO or engagements or what-not, as you dig in, see who is being the most effective. Dig into what are they doing, are they posting videos or doing contests or promotions, or are they doing something that seems to resonate with a customer that is common to my customer - and decide if that is something that might be worth experimenting with.

This is where some of the learning comes from. You are not going to change your strategy day in and day out based on this information, but are you evolving your strategy. If you identify things that are working for other folks it is something to evaluate. It may be something that you want to make a part of your tactics.

Our product is always evolving so we are adding more and more to it. But one of the things that we present to people is where it has seen significant moves and changes in the market. So that you can figure out where to go dig deeper for insights.

That’s the value of using technology. Because the reality is, everything that I have described, given enough time and energy, can go by hand and be gathered in spreadsheets to assemble it. It is very tedious, very hard and tough to maintain, but it is accessible. If you have something that is on an ongoing 24 x 7 basis, then you are able to go quickly look at the results to see where there have been significant movements.

I would say that people are starting to seek tools to essentially manage this chaotic, rapidly changing amount of information. Because they realize they can learn from it, but they don’t know how to manage it. That is really the problem that we are trying to solve at Rival IQ.

Small Business Trends: What is the difference between generic social listening and what you guys do with competitive intelligence?

John Clark: There is definitely some overlap. I’d say that we have approached the market from a slightly different way that goes back to that premise that - you don‘t want to obsess about your competitors, but you don’t want to ignore them either. If you accept that as a valuable premise, our goal is to make it easier for you to build up that market landscape or that competitive landscape of people that you want to watch and learn from.

Then focus that filter on companies looking at a bunch of different metrics, not just social. Social is important, but also SEO related metrics, Web based metrics and how they are changing meta data and title tags and things like that that effect search. So it is a related but slightly different task.

Small Business Trends: Where can people learn more?

John Clark: RivalIQ.com

This interview on competitive intelligence is part of the One on One interview series with thought-provoking entrepreneurs, authors and experts in business today. This transcript has been edited for publication.  

RivalIQ’s John Clark: Using Competitive Intelligence Amongst Limitless Information

With so much information flying around on the Internet, you’d think it would be easy to keep up with everything that’s going on in your market and amongst your competitors.  But it’s more a matter of knowing what information is important in understanding how well you match up. Being able to focus on which networks, content and metrics will help you beat the competition is the name of the game in this age of real-time information.

John Clark, CEO of RivalIQ, a competitive intelligence platform provider, joins Brent Leary to share his thoughts on how to approach CI (competitive intelligence) in today’s environment along with some best practices for making the most of the information at your fingertips.

* * * * *

Small Business Trends: Can you tell us a little bit about your background?

John Clark: My first software company actually started when I was 17. I have continued through a variety of industries to take us to what is today, Rival IQ, where we focus on helping marketers within companies and agencies extract competitive insights out of their market landscape.

Small Business Trends: What is competitive intelligence today and how does it compare to a few years ago?

John Clark: There are so many more channels of activity for the typical marketer to have to deal with. There is a tremendous amount of activity, it is a non stop flow of information. The reality is there is a ton of information that you can gleam from the market, but at the same time it is easy to become essentially obsessed with it as well.

So we talk a lot about how you would be a fool not to watch what your competitors are doing, but you would be a fool to obsess about it.

The trick is having systems in place and those can be manual or automated to essentially gather this information and when it is valuable for you to see what is going on with your competitors.

Small Business Trends: What are some of the main things a company should be looking to do when trying to understand what is the competitive landscape around them?

John Clark: People should spend their energy understanding who the players in their market are. So we talk about building your market landscape or your competitive landscape. It is really understanding who are the companies that are either directly competitive to you or are tangentially competitive to you in a way that you think that you can learn from their behavior. I would characterize the latter as aspirational targets. People you think are really doing well in the market you can learn from them.

So those are the three types of companies that would be important to assemble. It is important just to know who those are and then there is the Web or online presence that you can explore. There is a whole variety of social channels that are important to be evaluating. There are a variety of other metrics like SEO base metrics, that are important to be identified that are certainly the big groups that are important to gather information on and be watching on a periodic basis.

Small Business Trends: What kind of things can you find out, or what you should be finding out, in order to understand what is going on in the industry you are in?

John Clark: From our prospective, important things to do as you setup a competitive landscape are have the list of people that you think are valuable that you can learn from and you can inform your strategy from. Then you want to start doing some base lining or bench marking which would be going and looking at how they cross all of the various marketing channels and how they describe themselves.

The positioning is a perfect example. We spend a decent amount of energy on how to talk about your business and how do your competitors talk about their business and how they compare.

If you go and pull descriptions from ten different competitor websites and line them up against each other, or the title text or how they describe themselves on say Twitter or Facebook, and you look at them side by side, you are going to discover a common things that you want to make sure you get in to your own description as well.

Making sure that you have assembled the competitive metrics, which is essentially for your industry, then look at who’s present on what channels. Look at Facebook, Twitter, Google Plus and LinkedIn, and ask yourself, “Am I on those channels and are my competitors on those channels?”

The final thing would be looking at the effectiveness or the engagement on those various channels. What are people doing and are they effective? Because you can certainly be present on Facebook, but being present on Facebook and having deep engagement with your customer base are two very different things.

Small Business Trends: Lets say you are in this certain industry and you have a list of competitors and you can look across the different social networks and how you compare to them, but you dig deeper to see the industry is really heavily using Facebook. How can I get up to speed or use Facebook and look at each individual but also look at the overall industry and how it’s doing?

John Clark: Exactly. Not just the overall industry, but the trick on engagement is to go and figure out who is doing the best. Because this is where some of the learning is coming from. Whether it’s SEO or engagements or what-not, as you dig in, see who is being the most effective. Dig into what are they doing, are they posting videos or doing contests or promotions, or are they doing something that seems to resonate with a customer that is common to my customer - and decide if that is something that might be worth experimenting with.

This is where some of the learning comes from. You are not going to change your strategy day in and day out based on this information, but are you evolving your strategy. If you identify things that are working for other folks it is something to evaluate. It may be something that you want to make a part of your tactics.

Our product is always evolving so we are adding more and more to it. But one of the things that we present to people is where it has seen significant moves and changes in the market. So that you can figure out where to go dig deeper for insights.

That’s the value of using technology. Because the reality is, everything that I have described, given enough time and energy, can go by hand and be gathered in spreadsheets to assemble it. It is very tedious, very hard and tough to maintain, but it is accessible. If you have something that is on an ongoing 24 x 7 basis, then you are able to go quickly look at the results to see where there have been significant movements.

I would say that people are starting to seek tools to essentially manage this chaotic, rapidly changing amount of information. Because they realize they can learn from it, but they don’t know how to manage it. That is really the problem that we are trying to solve at Rival IQ.

Small Business Trends: What is the difference between generic social listening and what you guys do with competitive intelligence?

John Clark: There is definitely some overlap. I’d say that we have approached the market from a slightly different way that goes back to that premise that - you don‘t want to obsess about your competitors, but you don’t want to ignore them either. If you accept that as a valuable premise, our goal is to make it easier for you to build up that market landscape or that competitive landscape of people that you want to watch and learn from.

Then focus that filter on companies looking at a bunch of different metrics, not just social. Social is important, but also SEO related metrics, Web based metrics and how they are changing meta data and title tags and things like that that effect search. So it is a related but slightly different task.

Small Business Trends: Where can people learn more?

John Clark: RivalIQ.com

This interview on competitive intelligence is part of the One on One interview series with thought-provoking entrepreneurs, authors and experts in business today. This transcript has been edited for publication.  

NHS Surrey fined £200,000 by the ICO over personal security fears

NHS Surrey has been fined £200,000 by the Information Commissioner's Office (ICO) after more than 3,000 patient records were found on a second hand computer.

The computer, which was bought through an online auction site, was sold by a data destruction company employed by NHS Surrey to wipe and destroy old computer equipment. The company carried out the service for free, with an agreement that they could sell any salvageable materials after the hard drives had been securely destroyed.

NHS Surrey was alerted to the problem by a member of the public who bought the computer and found that it contained patients details. Further investigation found confidential sensitive personal data and HR records, including patient records relating to approximately 900 adults and 2,000 children on the device.

NHS Surrey reclaimed a further 39 computers sold by the trading arm of their new data destruction provider. Ten of these computers were found to have previously belonged to the healthcare service; three of which still contained sensitive personal data.

According to the ICO, the NHS Surrey IT team explained that the hard drives would have to be physically destroyed because they may store confidential medical information. The director of the data destruction company provided an assurance to the IT team that the hard drives would be crushed by an industrial guillotine, although there was no legal contract between them.

The ICO found that NHS Surrey mislaid the records of the equipment passed for destruction between March 2010 and 10th February 2011, and was only able to confirm that 1,570 computers were processed between 10th February 2011 and 28th May 2012. The data destruction company was unable to trace where the computers ended up, or confirm how many might still contain personal data.

Stephen Eckersley, head of enforcement at the ICO, said: “The facts of this breach are truly shocking. NHS Surrey chose to leave an approved provider and handed over thousands of patients' details to a company without checking that the information had been securely deleted. The result was that patients' information was effectively being sold online.

“This breach is one of the most serious the ICO has witnessed and the penalty reflects the disturbing circumstances of the case. We should not have to tell organisations to think twice before outsourcing vital services to companies who offer to work for free.”

NHS Surrey was dissolved on 31st March 2013 with some of its legal responsibilities passing to the NHS Commissioning Board. The board will be required to pay the penalty amount by 22nd July 2013.

The people of Surrey were previously affected by three incidents that led to an ICO monetary penalty of £120,000. In a similar incident, Brighton and Sussex University Hospitals NHS Trust faced a fine of £325,000 after a third party was tasked to destroy approximately 1,000 hard drives, and some appeared on an online auction site.

Jonathan Armstrong, partner at law firm Duane Morris, said that it appeared that the ICO seemed to want to send the message that data controllers, especially in the NHS, should be wary of free offers.

“Effectively they want to send the message that personal data should not be compromised to save cash,” he said.

“I'm not sure whether the legacy body or the new one self-reported, but perhaps there was some delay as efforts were made to try and get the other devices back. You'll see some were recovered but there's still a lot out there.

“Another major factor was the fact data recovery tools had to be used to recover it. If the data was more readily accessible the penalty might have been higher.”

Chris McIntosh, CEO of ViaSat UK, said: “Performing due diligence on sub-contractors and ensuring that no sensitive data is put at risk as they perform their tasks should be a matter of course, for the NHS or for anyone. However, at the same time when dealing with such sensitive information, it should be protected from unauthorised access from cradle to grave: for example, if such data was encrypted when first stored then even a slip-up in disposal would not put it in danger of being compromised.

“Increasing financial pressure means that sub-contracting is likely to become common in more and more parts of the public sector. When a single incident can cause a huge amount of damage to public trust of the NHS, it is imperative that any contractor's data protection is under the same scrutiny as the NHS itself: even if it means choosing a more costly option.”

NHS Surrey fined £200,000 by the ICO over personal security fears

NHS Surrey has been fined £200,000 by the Information Commissioner's Office (ICO) after more than 3,000 patient records were found on a second hand computer.

The computer, which was bought through an online auction site, was sold by a data destruction company employed by NHS Surrey to wipe and destroy old computer equipment. The company carried out the service for free, with an agreement that they could sell any salvageable materials after the hard drives had been securely destroyed.

NHS Surrey was alerted to the problem by a member of the public who bought the computer and found that it contained patients details. Further investigation found confidential sensitive personal data and HR records, including patient records relating to approximately 900 adults and 2,000 children on the device.

NHS Surrey reclaimed a further 39 computers sold by the trading arm of their new data destruction provider. Ten of these computers were found to have previously belonged to the healthcare service; three of which still contained sensitive personal data.

According to the ICO, the NHS Surrey IT team explained that the hard drives would have to be physically destroyed because they may store confidential medical information. The director of the data destruction company provided an assurance to the IT team that the hard drives would be crushed by an industrial guillotine, although there was no legal contract between them.

The ICO found that NHS Surrey mislaid the records of the equipment passed for destruction between March 2010 and 10th February 2011, and was only able to confirm that 1,570 computers were processed between 10th February 2011 and 28th May 2012. The data destruction company was unable to trace where the computers ended up, or confirm how many might still contain personal data.

Stephen Eckersley, head of enforcement at the ICO, said: “The facts of this breach are truly shocking. NHS Surrey chose to leave an approved provider and handed over thousands of patients' details to a company without checking that the information had been securely deleted. The result was that patients' information was effectively being sold online.

“This breach is one of the most serious the ICO has witnessed and the penalty reflects the disturbing circumstances of the case. We should not have to tell organisations to think twice before outsourcing vital services to companies who offer to work for free.”

NHS Surrey was dissolved on 31st March 2013 with some of its legal responsibilities passing to the NHS Commissioning Board. The board will be required to pay the penalty amount by 22nd July 2013.

The people of Surrey were previously affected by three incidents that led to an ICO monetary penalty of £120,000. In a similar incident, Brighton and Sussex University Hospitals NHS Trust faced a fine of £325,000 after a third party was tasked to destroy approximately 1,000 hard drives, and some appeared on an online auction site.

Jonathan Armstrong, partner at law firm Duane Morris, said that it appeared that the ICO seemed to want to send the message that data controllers, especially in the NHS, should be wary of free offers.

“Effectively they want to send the message that personal data should not be compromised to save cash,” he said.

“I'm not sure whether the legacy body or the new one self-reported, but perhaps there was some delay as efforts were made to try and get the other devices back. You'll see some were recovered but there's still a lot out there.

“Another major factor was the fact data recovery tools had to be used to recover it. If the data was more readily accessible the penalty might have been higher.”

Chris McIntosh, CEO of ViaSat UK, said: “Performing due diligence on sub-contractors and ensuring that no sensitive data is put at risk as they perform their tasks should be a matter of course, for the NHS or for anyone. However, at the same time when dealing with such sensitive information, it should be protected from unauthorised access from cradle to grave: for example, if such data was encrypted when first stored then even a slip-up in disposal would not put it in danger of being compromised.

“Increasing financial pressure means that sub-contracting is likely to become common in more and more parts of the public sector. When a single incident can cause a huge amount of damage to public trust of the NHS, it is imperative that any contractor's data protection is under the same scrutiny as the NHS itself: even if it means choosing a more costly option.”

After Countless Suggestions, It’s Terrible

I was reading an interview recently with the head of a company who said something about their recent success being the result of countless suggestions from employees.

First off, I was surprised that this company not only was interested in employee ideas, but actually asked for them.

Sounds great right?

Then I started thinking back on some of my past co-workers and ideas they might have floated if they’d been asked. Add in a few focus groups and consultants and this cartoon just sort of presents itself.

After Countless Suggestions, It’s Terrible

I was reading an interview recently with the head of a company who said something about their recent success being the result of countless suggestions from employees.

First off, I was surprised that this company not only was interested in employee ideas, but actually asked for them.

Sounds great right?

Then I started thinking back on some of my past co-workers and ideas they might have floated if they’d been asked. Add in a few focus groups and consultants and this cartoon just sort of presents itself.

Microsoft\'s 180-day fixing policy described as impractical

Microsoft's new rule on application bug fixes is flawed itself, as some vulnerabilities can take longer than 180 days to fix.

Speaking to SC Magazine, Mark Raeburn, CEO of Context Information Security, said that the problem is that vulnerabilities will be found in technologies that require a complete rebuild and "that can take years, and in some cases it has".

He said: “You cannot say that it will take one, ten or a thousand days, if it is only one bug you will be able to fix it this week. If it is longer, then it can be more long-winded, but people should be working with vendors to fix problems and they want to fix things. All bug fixing is part of penetration testing.”

Microsoft announced this week that developers will have to submit an updated application to Microsoft within 180 days of being notified of a critical or important severity issue. As part of a new policy around handling vulnerabilities in apps that are available through the Windows Store, Windows Phone Store, Office Store and Azure Marketplace, developers will be required to fix security vulnerabilities in their apps. Microsoft will be able to remove an app from sale if the developer does not provide an effective fix.

It said in a statement that no apps have come close to exceeding this deadline, and while it realised that there may be cases where a developer needs more than 180 days, it would work with the developer to get an updated app replacement as soon as possible.

“So far, we have had excellent cooperation from developers in fixing vulnerabilities in their programs. The policy change is just one more step that we are taking to help ensure that vulnerabilities are addressed appropriately,” it said.

Robert Hansen, director of product management for WhiteHat Security, said: “I think it is a natural response to increasing pressure to reduce the lifespan of vulnerabilities in the Microsoft ecosystem. Using the app store type methodology of a walled garden, they can begin to mediate how apps should behave.

“It's a shame they don't apply the same restrictions on things like Flash and Java, which tend to be much more regularly exploited than traditional desktop apps. It's also potentially worth noting that the time frames differ between Google's disclosure policy and Microsoft's takedown policy by months.”

Blue Coat denies claims that it is supplying \'embargoed\' nations with technology

Blue Coat has said that it takes any report of its technology being used in embargoed countries "very seriously" and clarified that it has never permitted the sale of its products to countries embargoed by the US.

In a statement sent to SC Magazine, Blue Coat said that it could not comment on a new report around the use of its technologies in embargoed countries, but would review it. It said: “When we become aware of such allegations, we review the source information to determine whether it provides new information about the presence of our products in embargoed countries.”

According to a report by SC Magazine US, Citizen Lab, part of the Munk School of Global Affairs at the University of Toronto, released the paper 'Some Devices Wander by Mistake: Planet Blue Coat Redux' that questioned the vendor's distribution of products containing web monitoring capabilities. It claimed that the technologies are being used in countries with a track record of targeting journalists and dissidents with surveillance technologies. It also claimed that the ProxySG and PacketShaper products were detected on public networks in 83 countries, including Iran, Syria and Sudan.

In 2011, Blue Coat became the subject of controversy after it was discovered that its products were being used by the Syrian government to censor and monitor web activity during a violent crackdown against dissidents. After an investigation, the US Commerce Department fined a third-party distributor of Blue Coats' products, Dubai-based Computerlinks FZCO, $2.8 million for diverting devices to Syria.

Citizen Lab project leader Morgan Marquis-Boire told SC Magazine US that the concerns surrounding the sale of dual-use technology by Blue Coat are "demonstrative of a systematic problem". While Blue Coat is by no means the only company that has ever had these types of accusations launched against them, “Companies should fervently investigate and know customers before and during a sale of their surveillance products,” he said.

Blue Coat confirmed that it had been actively cooperating with the US government since 2011 as part of its investigation into the illegal transfer of its products to Syria by third parties.

It said: “In the meantime, we want to clarify that Blue Coat has never permitted the sale of our products to countries embargoed by the US. We continue not to sell to embargoed countries and also do not allow our partners to sell our products to embargoed countries.

“Even when our products are unlawfully diverted to embargoed countries without our knowledge, we use various techniques to limit our products from receiving updates or support from our servers or support personnel.”

It went on to say that it fully supports US embargoes against sanctioned countries, respects and supports human rights and it does not design its products, or condone their use, to suppress human rights.

“We design and sell business assurance technology solutions that make it possible for enterprises to safely and quickly choose the best applications, services, devices, data sources, and content the world has to offer. Our products are not intended for surveillance purposes,” it concluded.

Blue Coat denies claims that it is supplying \'embargoed\' nations with technology

Blue Coat has said that it takes any report of its technology being used in embargoed countries "very seriously" and clarified that it has never permitted the sale of its products to countries embargoed by the US.

In a statement sent to SC Magazine, Blue Coat said that it could not comment on a new report around the use of its technologies in embargoed countries, but would review it. It said: “When we become aware of such allegations, we review the source information to determine whether it provides new information about the presence of our products in embargoed countries.”

According to a report by SC Magazine US, Citizen Lab, part of the Munk School of Global Affairs at the University of Toronto, released the paper 'Some Devices Wander by Mistake: Planet Blue Coat Redux' that questioned the vendor's distribution of products containing web monitoring capabilities. It claimed that the technologies are being used in countries with a track record of targeting journalists and dissidents with surveillance technologies. It also claimed that the ProxySG and PacketShaper products were detected on public networks in 83 countries, including Iran, Syria and Sudan.

In 2011, Blue Coat became the subject of controversy after it was discovered that its products were being used by the Syrian government to censor and monitor web activity during a violent crackdown against dissidents. After an investigation, the US Commerce Department fined a third-party distributor of Blue Coats' products, Dubai-based Computerlinks FZCO, $2.8 million for diverting devices to Syria.

Citizen Lab project leader Morgan Marquis-Boire told SC Magazine US that the concerns surrounding the sale of dual-use technology by Blue Coat are "demonstrative of a systematic problem". While Blue Coat is by no means the only company that has ever had these types of accusations launched against them, “Companies should fervently investigate and know customers before and during a sale of their surveillance products,” he said.

Blue Coat confirmed that it had been actively cooperating with the US government since 2011 as part of its investigation into the illegal transfer of its products to Syria by third parties.

It said: “In the meantime, we want to clarify that Blue Coat has never permitted the sale of our products to countries embargoed by the US. We continue not to sell to embargoed countries and also do not allow our partners to sell our products to embargoed countries.

“Even when our products are unlawfully diverted to embargoed countries without our knowledge, we use various techniques to limit our products from receiving updates or support from our servers or support personnel.”

It went on to say that it fully supports US embargoes against sanctioned countries, respects and supports human rights and it does not design its products, or condone their use, to suppress human rights.

“We design and sell business assurance technology solutions that make it possible for enterprises to safely and quickly choose the best applications, services, devices, data sources, and content the world has to offer. Our products are not intended for surveillance purposes,” it concluded.

Microsoft\'s 180-day fixing policy described as impractical

Microsoft's new rule on application bug fixes is flawed itself, as some vulnerabilities can take longer than 180 days to fix.

Speaking to SC Magazine, Mark Raeburn, CEO of Context Information Security, said that the problem is that vulnerabilities will be found in technologies that require a complete rebuild and "that can take years, and in some cases it has".

He said: “You cannot say that it will take one, ten or a thousand days, if it is only one bug you will be able to fix it this week. If it is longer, then it can be more long-winded, but people should be working with vendors to fix problems and they want to fix things. All bug fixing is part of penetration testing.”

Microsoft announced this week that developers will have to submit an updated application to Microsoft within 180 days of being notified of a critical or important severity issue. As part of a new policy around handling vulnerabilities in apps that are available through the Windows Store, Windows Phone Store, Office Store and Azure Marketplace, developers will be required to fix security vulnerabilities in their apps. Microsoft will be able to remove an app from sale if the developer does not provide an effective fix.

It said in a statement that no apps have come close to exceeding this deadline, and while it realised that there may be cases where a developer needs more than 180 days, it would work with the developer to get an updated app replacement as soon as possible.

“So far, we have had excellent cooperation from developers in fixing vulnerabilities in their programs. The policy change is just one more step that we are taking to help ensure that vulnerabilities are addressed appropriately,” it said.

Robert Hansen, director of product management for WhiteHat Security, said: “I think it is a natural response to increasing pressure to reduce the lifespan of vulnerabilities in the Microsoft ecosystem. Using the app store type methodology of a walled garden, they can begin to mediate how apps should behave.

“It's a shame they don't apply the same restrictions on things like Flash and Java, which tend to be much more regularly exploited than traditional desktop apps. It's also potentially worth noting that the time frames differ between Google's disclosure policy and Microsoft's takedown policy by months.”

Microsoft welcomes Secunia to vulnerability security alliance

Secunia and Microsoft have partnered to offer a consolidated approach to patch management.

The partnership sees Secunia selected as Microsoft's first vulnerability security alliance partner, which will also enable the technology giant to introduce Secunia's products to its global technology centres that will allow users to deploy third-party patches.

According to Secunia, its vulnerability, intelligence and patch management solution, the Secunia Corporate Software Inspector (Secunia CSI 6.0), integrates seamlessly with Microsoft System Center 2012 Configuration Manager.

Peter Colsted, CEO of Secunia, said: “The Microsoft Technology Center only partners with industry leaders and we are very pleased to be invited to join their alliance program. Secunia is already a member of the Microsoft System Center Alliance program, and we listen carefully to the Microsoft community, the System Center customers and most valuable professionals, when we develop the product features and plug-ins that facilitate integration with Microsoft's offerings.”

Andrew Conway, director of product marketing at Microsoft, said: “With System Center 2012 Configuration Manager, our customers can empower employee productivity on a wide range of devices while maintaining compliance and working to protect company data.

“With Secunia CSI 6.0 and System Center 2012 Configuration Manager, our joint customers can streamline patch management processes and protect both Microsoft and non-Microsoft applications from vulnerabilities.”