Firefox 23 patches five critical bugs, adds feature to block MitM attacks

In total, the updated browser fixes 15 flaws potentially affecting users.

Mozilla has announced new security features and bug fixes for its Firefox browser users.

With the release of Firefox 23 on Tuesday, the company patched five critical bugs in the browser, which addressed two memory safety flaws that could allow a remote attacker to execute arbitrary code or cause a denial-of-service attack resulting in memory corruption and an application crash.

Other critical flaws that were fixed included a buffer underflow issue that occurred when generating certificate request message format (CRMF) requests, and another CRMF request bug that could allow a saboteur to execute malicious code or carry out cross-site scripting (XSS) attacks.

Mozilla also addressed a critical use-after-free problem that occurred when the document object model (DOM) was modified during a SetBody mutation event, which could lead to an exploitable crash.

Firefox 23 also brings a host of browser functionality changes for users, namely a new 'mixed content blocking' feature introduced to block man-in-the-middle (MitM) attacks and potential “eavesdroppers on HTTPS pages,” release notes from Mozilla said.

The browser feature would enhance security by blocking certain content by default, such as scripts or images on HTTPS pages. Users would be able disable the feature on a page-by-page basis.



Microsoft to fix Internet Explorer again next week as one of eight patches

Microsoft will issue eight bulletins on next week's Patch Tuesday, including three that are rated as critical.

With the remaining five rated as important, the critical updates will address remote code execution vulnerabilities in Windows, Internet Explorer and Exchange. The five important patches are all for Windows.

Paul Henry, security and forensics analyst at Lumension, said: “IT departments will get a bit of a reprieve this August Patch Tuesday. While eight bulletins may seem high at first glance, three of them are considered critical and just one impacts the current code base.

“Bulletin number two impacts legacy code, primarily XP. Remember, XP is done in April so be sure to get your upgrade plans in place. Bulletin three rounds out the critical patches with an Exchange issue.

As for our important patches this month, bulletin four is an escalation of privilege across all platforms; bulletin five is an escalation of privilege across all 32-bit platforms and bulletin six is a denial-of-service issue impacting Windows Server 2012. Bulletins seven and eight are denial-of-service issues.”

Wolfgang Kandek, CTO of Qualys, said: “Altogether, this will be a normal sized Patch Tuesday, with three critical issues. It will be interesting to see if the Exchange release in bulletin three is related to the recent Oracle CPU, which updated the Outside In package that Microsoft uses in the Exchange document conversion routines.”

Tommy Chin, technical support engineer at Core Security, said: “This month's remediation is all about the Exchange servers. The remote code execution disclosure within the Exchange server represents a threat to all companies using Exchange to run their email service.

“This communication channel is usually taken for granted since it normally works without question. However, what if all email communications suddenly became compromised? For most organisations, this scenario is simply unacceptable due to the sensitive information contained within today's email conversations.”  



Amazon Down 15 Minutes, Loses Over $66,000 Per Minute

Amazon error placeholder page

Amazon stock investors took a deep breath this afternoon as online retail giant Amazon went down for a brief time without warning.

Media accounts differ on the exact duration. Reuters and several other news outlets put the downtime for users in the U.S. and Canada on both Web and mobile at around 15 minutes. However, some sources suggest downtime was longer with GeekWire putting it at about 40 minutes.

Amazon has offered no response to most media inquiries. (Small Business Trends also tried to contact the mega online retailer earlier today without success.)

However, in a brief tweet CNBC claimed Amazon told the cable news channel its site was down for “improvements” and would be open again for business soon.

Less than one hour’s downtime may not sound like a lot in the overall scheme of things.  But when you’re as big as Amazon, minutes mean big losses. Forbes calculated that given Amazon’s most recent annual numbers, the company probably lost about $66,240 per minute in sales.  So that’s almost $1 million in lost sales if you buy the 15-minute explanation.  If the site was inaccessible for closer to 40 minutes, that’s over $2.5 million in lost sales.

Of course, Amazon can easily survive those kinds of lost sales.  With a market cap of $130 billion as of today, a few measly millions are a rounding error.

However, as a small business, if your site goes down, you may be hard-pressed to bounce back as quickly, especially if you use outside tech help.  By the time you contact your tech help, and they free up from other demands, several hours could have gone by.

And while your site is down, not only do you have to contend with potential losses â€" but your company could lose credibility, especially if the outage continues for hours or days.

Here Amazon did a smart thing. The company had a branded placeholder screen ready.  Within a few minutes, the placeholder page saying “Oops!” went up.  So instead of simply getting a screen with an alarming error message, such as “500 internal server error,” you saw a page that looked like an Amazon.com page of sorts (image above).  Even though the site was still down, it wasn’t quite as glaring an issue, because it looked like an Amazon page.

You, too, can minimize the loss of credibility and resulting fallout, by putting in place your own custom error page.

Watch the video below for a simple tutorial on how to install your own error page so you’re ready the next time your site goes down. If your server has CPanel installed, it’s not difficult. For most small businesses, the reality is, you’re likely to experience the occasional outage.  It’s better to be prepared.




Calendar vs. Fiscal Year: What’s Right for Your Business?

calendar vs. fiscal year

Upon launching a new business, you might be faced with the question of choosing a tax year for your business. Should your accounting period be aligned with the regular calendar year (as you’ve probably been accustomed to with your personal taxes) or should you define your own start and end dates for reporting your tax year?

Who Can Change Their Tax Year?

Before we wade into the nuances of choosing a tax year, it’s important to realize that not every business has the flexibility to pick their tax year. For example, sole proprietors don’t exist apart from their owner, and therefore they need to use the calendar tax year (like the owner’s personal tax return). Likewise, partnerships and LLCs typically need to use the same tax year as the majority of the owners. And generally speaking, S Corporations need to follow a calendar tax year.

In the cases above, if you want your business to adopt a different fiscal year, you’ll need to petition the IRS for special permission. In this case, the burden is on you to convince the IRS that you have a real business purpose for using a different tax year.

For this reason, the C Corporation offers the most flexibility in terms of choosing between calendar year and fiscal year. Many accountants will advise their clients to opt for a C Corp if using a fiscal tax year is critical.

What’s the Advantage of Fiscal Year Reporting?

A fiscal tax year is basically a period of 12 consecutive months beginning on a date other than January 1. Calendar tax year reporting is very simple, and you get to follow the same schedule as your personal taxes. So, why would a business want to complicate things by using a different reporting schedule?

The key reason to switch from a calendar year is to better match your business’ income and expenses for the reportable tax year. For example, maybe you have a seasonal business where the bulk of expenses are in October-November and your income is made in March-April. A regular tax calendar would split these times, so your expenses for the season wouldn’t be matched up with the income.

Another example is with companies who seek crowdsourced funding from sites like Kickstarter. For example, let’s say your business received its Kickstarter funds in November (and these funds are taxed as income), but you’re not going to start the project and incur expenses until February. With calendar tax year reporting, you’d have unusually high income for the first year that wouldn’t be offset by expenses. In this case, you might opt to form a C Corp and choose a fiscal year of Nov. 1 - Oct. 31.

How Do You Change Your Reporting Calendar?

If you’ve already filed a tax year for your business, but would like to change your schedule, you’ll need to file IRS Form 1128, Application to Adopt, Change, or Retain a Tax Year.

Calendar Photo via Shutterstock




Batchbook’s Drag and Drop Import: Small Improvement Powerful Results

batchbook drag and drop

I think we take technology for granted. For example, every few days or so when I use my email (hosted by Google) I find neat improvements to the experience. Some are big, and some are small. One recent improvement is that when there is a date and time reference you can click on it to add it easily to your Google calendar.

In a similar vein Batchbook, a CRM provider, now let’s you take a file of contacts (like a spreadsheet) and drag it to Batchbook. Batchbook will then seamlessly start the import process.

This is a “tiny” improvement - but I bet it takes quite a bit of programming to do it right. In many systems you have to go to the “import” area to import a list contacts.

Kudos to Batchbook for a neat “little” improvement. Read more information about it here.



Batchbook’s Drag and Drop Import: Small Improvement Powerful Results

batchbook drag and drop

I think we take technology for granted. For example, every few days or so when I use my email (hosted by Google) I find neat improvements to the experience. Some are big, and some are small. One recent improvement is that when there is a date and time reference you can click on it to add it easily to your Google calendar.

In a similar vein Batchbook, a CRM provider, now let’s you take a file of contacts (like a spreadsheet) and drag it to Batchbook. Batchbook will then seamlessly start the import process.

This is a “tiny” improvement - but I bet it takes quite a bit of programming to do it right. In many systems you have to go to the “import” area to import a list contacts.

Kudos to Batchbook for a neat “little” improvement. Read more information about it here.



Franchising Social Media: Then And Now

franchising social media

I first wrote (here on Small Business Trends) about how franchisors were starting to use social media back in 2009. I shared some of the things that franchise industry executives were discussing about social media, including their concerns. Things like:

  • The number of leads they would get from social media marketing.
  • Lead quality.
  • ROI (Return on Investment) on social media marketing programs.
  • Dealing with negative comments on blogs and social media sites.

While some of those concerns still exist, the franchise industry as a whole has successfully traversed through the hills and valleys of what’s still a pretty young phenomenon. There’s a real  - and very hard to explain â€" energy present in social media. It’s always changing and it continues to evolve through new tools and new platforms. And it’s being used in ways that none of us, with the exceptions below, could have imagined a few short years ago.

None of us except for maybe these social media and marketing experts:

Franchising And Social Media

A year or so after I wrote the post, conversations I was having with franchisors had definitely changed. The things they were asking, as they related to social media, included questions like these:

  • Should we set-up a blog?
  • Should we set-up a Facebook Page?
  • What about Twitter? Should we open up a Twitter account?

My answers were yes, yes and yes. And, they still are.

Since then, the franchise industry (as a whole) has really become more comfortable with social media and its myriad uses. According to Jason Daley, a columnist for Entrepreneur magazine:

“Franchisors have moved squarely away from wondering, ‘Is social media even necessary?’ to not only accepting the new technologies, but actually embracing them.”

Based on recent interactions with franchise executives and franchise marketing managers, Jason’s observation is right on the mark. Now, instead of fielding questions that start with the word, “should,” the questions that I’ve been answering during the past year or so include these:

The Challenge

One of the challenges for franchisors using social media is actually related to business model itself. Each franchise location is individually owned and operated which makes it challenging for franchise marketing departments to monitor and control.

In her Mashable post, Taylor Hulyk of re:group writes:

“When considering social media within the bounds of franchising, the questions of how one designs, develops, executes and measures the program multiply tenfold. The franchisor, unlike other business owners, has to be concerned with the performance of several franchisees as the continuous extension of his or her brand.”

Franchisee performance is one issue, and franchisors are always trying to figure out ways to improve it. But, there’s another issue that seems to be coming up more and more, and it’s sometimes more challenging for franchisors to deal with. It’s the issue of what I call, “franchisee megaphones.”

A perfect example of a franchisee megaphone is when John Metz, a huge multiple-location franchisee, and an obvious opponent to Obamacare, decided to pass on his increased healthcare costs to his customers. That went well. Can you imagine what the Denny’s Facebook Page looked like during that controversy?

The thing is, when a franchisee goes rogue, he or she can’t just be fired; franchisees are not employees. That’s why more and more franchisors are asking themselves if specific social media policies need to be implemented.

Prediction: All franchisors will have written social media policies in place within the next two years. Franchisees need know what they can and can’t do when it comes to posting on social media networks. After all, they’re representing their brands.

When it Works

LED Source, the only franchisor of LED lighting in North America, recently reached out to Facebook fans for a LED lighting challenge. The contest encouraged all staging, studio, installing and corporate theater professionals throughout the U.S. and Canada to submit a video via Facebook of their outdated, problematic lighting systems for a chance to win a LED lighting package worth over $20,000.

As video submissions flooded in, a panel of experts selected the top five finalists.  Facebook fans then voted on the grand prize winner. Cincinnati Shakespeare Company (CSC) of Ohio was named the winner for their creative and humorous video and received the coveted LED lighting makeover to replace their energy-draining stage lighting.

Rhonda Sanderson, CEO of Sanderson PR, who helped put this successful marketing campaign together, told me that their firm leveraged Facebook to hold the actual contest, but then tied all of their public relations efforts surrounding the contest into the social media campaign as well. “Twitter was used to share news surrounding the contest and direct followers to their Facebook page. Additionally, all press secured around the contest and its winners were shared via social media to gain further exposure and increase fans and followers,” Sanderson told me.

But, the campaign was successful in one other way.

“Our current lights are basically the SUV’s of the lighting world,” said Brian Phillips, producing artistic director of the CSC, after being announced the winner. “We are so grateful for this opportunity, as it will change our lives and our art in a profound and meaningful way.”

The franchise social media landscape has changed. It feels like everybody is franchising is on board now.

Franchisors, would you like to share some of your recent social media marketing successes?

Yesterday Tomorrow Photo via Shutterstock




5 Reasons Dell’s Latitude 10 Windows 8 Tablet Is Good For Business Productivity

For the past few days I’ve been using Dell’s Latitude 10  Windows 8 tablet. I like it.

Running Windows 8 (the latest operating system with the “tiles”) Dell’s Latitude 8 enables you to dually run Windows 8 programs like Microsoft Office, Quickbooks or other programs while also using the “apps” that you might be used to using on a tablet.

I ran a Gotomeeting with this tablet and it worked flawlessly. If you’re looking to have a “PC” but also want a tablet experience, the Latitude 10 is one to consider.

Here’s a few reasons why Windows 8 should be looked at, if you have not upgraded already

  • More secure
  • Better interface
  • Touch screen flexibility
  • Tablet like flexibility
  • More performance (battery life, etc)

See my full video review here or below:



5 Reasons Dell’s Latitude 10 Windows 8 Tablet Is Good For Business Productivity

For the past few days I’ve been using Dell’s Latitude 10  Windows 8 tablet. I like it.

Running Windows 8 (the latest operating system with the “tiles”) Dell’s Latitude 8 enables you to dually run Windows 8 programs like Microsoft Office, Quickbooks or other programs while also using the “apps” that you might be used to using on a tablet.

I ran a Gotomeeting with this tablet and it worked flawlessly. If you’re looking to have a “PC” but also want a tablet experience, the Latitude 10 is one to consider.

Here’s a few reasons why Windows 8 should be looked at, if you have not upgraded already

  • More secure
  • Better interface
  • Touch screen flexibility
  • Tablet like flexibility
  • More performance (battery life, etc)

See my full video review here or below:



5 Reasons Dell’s Latitude 10 Windows 8 Tablet Is Good For Business Productivity

For the past few days I’ve been using Dell’s Latitude 10  Windows 8 tablet. I like it.

Running Windows 8 (the latest operating system with the “tiles”) Dell’s Latitude 8 enables you to dually run Windows 8 programs like Microsoft Office, Quickbooks or other programs while also using the “apps” that you might be used to using on a tablet.

I ran a Gotomeeting with this tablet and it worked flawlessly. If you’re looking to have a “PC” but also want a tablet experience, the Latitude 10 is one to consider.

Here’s a few reasons why Windows 8 should be looked at, if you have not upgraded already

  • More secure
  • Better interface
  • Touch screen flexibility
  • Tablet like flexibility
  • More performance (battery life, etc)

See my full video review here or below:



Asana (Task and Project Tool) Continues To Add New Benefits For Small Teams

We at smallbiztechnology.com use Asana as one of the key tools to manage our editorial process and all of our projects.

It helps that it’s free for 30 users or less - but we’d pay for it - if we had to as well.

I like it because it’s easy to add tasks and assign tasks. But the other features it has such as tagging, dates, sub-tasks and more - make it invaluable.

  • Recently Asana added even more features - translating to awesome benefits for teams.
  • Sometimes you delete tasks and need to find them and get them back - Asana has this feature now.
  • You can also use Asana to track your time (especially billable client time).
  • Often times tasks change but you want to know what has changed in that task -you can now do this.

Asana rocks and you should consider adding it to your tool set - your business will thank you.



Asana (Task and Project Tool) Continues To Add New Benefits For Small Teams

We at smallbiztechnology.com use Asana as one of the key tools to manage our editorial process and all of our projects.

It helps that it’s free for 30 users or less - but we’d pay for it - if we had to as well.

I like it because it’s easy to add tasks and assign tasks. But the other features it has such as tagging, dates, sub-tasks and more - make it invaluable.

  • Recently Asana added even more features - translating to awesome benefits for teams.
  • Sometimes you delete tasks and need to find them and get them back - Asana has this feature now.
  • You can also use Asana to track your time (especially billable client time).
  • Often times tasks change but you want to know what has changed in that task -you can now do this.

Asana rocks and you should consider adding it to your tool set - your business will thank you.



Asana (Task and Project Tool) Continues To Add New Benefits For Small Teams

We at smallbiztechnology.com use Asana as one of the key tools to manage our editorial process and all of our projects.

It helps that it’s free for 30 users or less - but we’d pay for it - if we had to as well.

I like it because it’s easy to add tasks and assign tasks. But the other features it has such as tagging, dates, sub-tasks and more - make it invaluable.

  • Recently Asana added even more features - translating to awesome benefits for teams.
  • Sometimes you delete tasks and need to find them and get them back - Asana has this feature now.
  • You can also use Asana to track your time (especially billable client time).
  • Often times tasks change but you want to know what has changed in that task -you can now do this.

Asana rocks and you should consider adding it to your tool set - your business will thank you.



Few Americans Invest in Startups

invest in startups

Few Americans finance new companies, particularly those founded by non-relatives, recent studies by the Federal Reserve Board of Governors and Babson College reveal. That’s part of the reason why entrepreneurship advocates are frustrated by the Securities and Exchange Commission’s (SEC) failure to write the rules for equity crowd funding in a timely fashion. Many in the entrepreneurship community hope that crowd funding will boost the fraction of Americans putting their money in start-ups.

Few Americans have invested in other people’s newly founded companies in recent years. The 2012 Global Entrepreneurship Monitor (GEM), a representative survey of American adults directed by Babson College, finds that only 5.3 percent of Americans “personally provided funds for a new business started by someone else, excluding any purchases of stocks or mutual funds” during prior three years. Moreover, the typical amount invested by those providing funds was only $5,000.

Few American households hold equity investments in private businesses operated by someone else. The 2010 Federal Reserve Survey of Consumer Finances - a representative survey of the financial position of American households conducted every three years by Federal Reserve Board of Governors - shows that only 1.9 percent of American households holds equity in a business that no member of the household actively manages.

Many other assets are much more commonly held than equity in other people’s companies. According to the Survey of Consumer Finances, 68.6 of American households own their own homes; 17.9 percent hold stock in publicly held companies; 14.4 percent have equity in another residential property (rental real estate, a vacation home or time-share); 13.6 percent hold stock in a business they manage; and 8.1 percent have an ownership stake in a non-residential property.

The share of Americans who make informal investments â€" investments in private businesses belonging to friends, families and strangers â€" has changed little in recent years. In 2007, 4.5 percent of those surveyed as part of the GEM said they had invested in a new business started by someone else, a fraction little different from the 5.3 percent who reported doing this in 2012.

The majority of informal investments go to a relative of the investor â€" 50.2 percent according to the 2012 GEM study. The next biggest fraction goes to friends, neighbors, and coworkers, which the 2012 GEM indicates received 35.3 percent. In 2012, only 11.4 percent of the investments went to a “stranger with a good idea,” the survey reveals.

Given that there are approximately 235 million American adults, the GEM survey percentages translate to about 470,000 Americans making an investment in a stranger’s business every year.

The number of Americans who make angel investments is of similar magnitude. The Center for Venture Research at the University of New Hampshire, which conducts quarterly surveys of angel investors, estimates that there were 268,160 active angels in this country in 2012.

Entrepreneurship advocates hope that equity crowd funding will help to boost these numbers. The Jump Start Our Businesses Startup (JOBS) Act, passed by Congress and signed into law by President Obama in April 2012, allows non-accredited investors to buy equity stakes in private companies through online crowd funding portals, once the SEC writes the rules governing such transactions.

Whether the outcome will be as advocates hope remains to be seen, however. As of the date this column was written, the SEC has still not yet finished writing the crowd funding rules, despite a December 2012 deadline imposed by Congress.

Money Photo via Shutterstock




Few Americans Invest in Startups

invest in startups

Few Americans finance new companies, particularly those founded by non-relatives, recent studies by the Federal Reserve Board of Governors and Babson College reveal. That’s part of the reason why entrepreneurship advocates are frustrated by the Securities and Exchange Commission’s (SEC) failure to write the rules for equity crowd funding in a timely fashion. Many in the entrepreneurship community hope that crowd funding will boost the fraction of Americans putting their money in start-ups.

Few Americans have invested in other people’s newly founded companies in recent years. The 2012 Global Entrepreneurship Monitor (GEM), a representative survey of American adults directed by Babson College, finds that only 5.3 percent of Americans “personally provided funds for a new business started by someone else, excluding any purchases of stocks or mutual funds” during prior three years. Moreover, the typical amount invested by those providing funds was only $5,000.

Few American households hold equity investments in private businesses operated by someone else. The 2010 Federal Reserve Survey of Consumer Finances - a representative survey of the financial position of American households conducted every three years by Federal Reserve Board of Governors - shows that only 1.9 percent of American households holds equity in a business that no member of the household actively manages.

Many other assets are much more commonly held than equity in other people’s companies. According to the Survey of Consumer Finances, 68.6 of American households own their own homes; 17.9 percent hold stock in publicly held companies; 14.4 percent have equity in another residential property (rental real estate, a vacation home or time-share); 13.6 percent hold stock in a business they manage; and 8.1 percent have an ownership stake in a non-residential property.

The share of Americans who make informal investments â€" investments in private businesses belonging to friends, families and strangers â€" has changed little in recent years. In 2007, 4.5 percent of those surveyed as part of the GEM said they had invested in a new business started by someone else, a fraction little different from the 5.3 percent who reported doing this in 2012.

The majority of informal investments go to a relative of the investor â€" 50.2 percent according to the 2012 GEM study. The next biggest fraction goes to friends, neighbors, and coworkers, which the 2012 GEM indicates received 35.3 percent. In 2012, only 11.4 percent of the investments went to a “stranger with a good idea,” the survey reveals.

Given that there are approximately 235 million American adults, the GEM survey percentages translate to about 470,000 Americans making an investment in a stranger’s business every year.

The number of Americans who make angel investments is of similar magnitude. The Center for Venture Research at the University of New Hampshire, which conducts quarterly surveys of angel investors, estimates that there were 268,160 active angels in this country in 2012.

Entrepreneurship advocates hope that equity crowd funding will help to boost these numbers. The Jump Start Our Businesses Startup (JOBS) Act, passed by Congress and signed into law by President Obama in April 2012, allows non-accredited investors to buy equity stakes in private companies through online crowd funding portals, once the SEC writes the rules governing such transactions.

Whether the outcome will be as advocates hope remains to be seen, however. As of the date this column was written, the SEC has still not yet finished writing the crowd funding rules, despite a December 2012 deadline imposed by Congress.

Money Photo via Shutterstock




Twitter accounts created to spread spam, malware are easy to create and sell

A handful of researchers have published a study (PDF) exploring the seedy, underground world of Twitter spam.

The study was conducted over a 10-month period, during which time the researchers from University of California, Berkeley, and George Mason University - Chris Grier, Damon McCoy, Vern Paxson and Kurt Thomas, with help from others - made bi-weekly purchases from 27 sellers of Twitter accounts.

By the end of the study, the researchers had purchased more than 120,000 'dummy' Twitter accounts for just under $5,000. In addition, they reported their findings to Twitter, which suspended more than 95 per cent of the suspect accounts, including the ones under the researcher's control.

“The thing I found a little shocking is that these sellers were responsible for between 10 and 20 per cent of spam accounts,” McCoy, who helped present the findings this week at the USENIX Security Symposium in Washington, D.C., told SCMagazine.com.

The market is fairly above ground too, according to McCoy, so the researchers were able to discover sellers through simple Google searches. When asked, the merchants were able to provide thousands of accounts within 24 hours, with accounts priced anywhere from two to ten cents each.

The fraudsters were able to acquire many accounts in a relatively short period of time, largely through automated processes that circumvent Twitter's authentication features, McCoy said. This includes programs that solve CAPTCHAs and verify Twitter accounts with email addresses.

Twitter flags as suspicious when too many accounts are created from a single IP address, and McCoy said the sellers likely rented IP addresses as proxies, which allow them to evade network blacklisting.

Twitter accounts are easier to create and require users to jump through fewer hoops than those for other similar services, such as Google. The going rate for a bundle of a thousand Twitter accounts is about $20, McCoy said, while a package of a thousand Gmail accounts sell in the hundreds of dollars.

To help put a damper on spam account creation, the researchers offered suggestions to Twitter, such as requiring reauthorisation via email and verification via phone.

Twitter, and many other social media organisations, traditionally detect spam accounts by analysing users' behaviour. Spammers typically have a high distribution of posts, include URLs in their posts and have phony looking profiles. Twitter recently integrated a 'report abuse' feature, partly to battle spammers.

The purpose for users obtaining these accounts is typically malicious in nature, McCoy said, explaining the accounts are used predominately to distribute scams, malware and phishing attacks.

Twitter did not respond to an inquiry from SCMagazine.com, and although he could not speak on its behalf, McCoy said Twitter “wants to reduce the level of spam and give users a better experience. They were great at collaborating with us. Internally, they're making use of [our] data to find fraudulent accounts”.

McCoy could not comment specifically on the legality of creating Twitter accounts meant for malicious purposes, but said that selling them appears to be only a minor infraction per Twitter's terms of service, and that many sellers remain in this business.

“I think where they would run afoul is where they get their IP addresses,” McCoy said, adding that that would have nothing to do with Twitter.



Fake Adobe Flash Player update extension serves salacious spam ads

Security researchers are warning of a fake Adobe Flash Player update extension whose goal is to serve spam ads to victims.

The malicious plug-in, dubbed FlashPlayer11.safariextz, is being distributed from mostly pornographic websites, according to Jerome Segura of security firm Malwarebytes. Unsuspecting users are told they need to “install this update for Flash to view this video", but it is actually a malicious file.

The threat is "widespread", according to a spokeswoman for the company, which is monitoring the outbreak.

Once the bogus software is installed, it displays racy ads.

"For example, I visited PBSKids.org, a site for children to play games and watch their favourite characters, when all of a sudden a pornographic advertisement was displayed," Segura wrote in a blog post.

It's not just lewd ads being served, either. The malware - which does not affect Internet Explorer, but was spotted in Chrome, Safari and Firefox - is also capable of superimposing spam ads over legitimate ones.

"Online advertising is a billion-dollar industry, and everybody wants to have a piece of it," Segura wrote. "With such invasive adverts, cyber crooks are likely to generate a lot of views and even pay-per-clicks. If you believe you are seeing strange or inappropriate ads on the websites you regularly visit, it wouldn't hurt checking the extensions installed in your browser and removing the offending ones."