Explore the New Twitter Features for Smartphone Users

new twitter features smartphone

Many of us may skip our meals, but never forget to keep ourselves on top of social media - be it Facebook or Twitter.  As you know, Twitter is one such platform that plays an important role in facilitating conversations, sharing your thoughts and delivering news and information. Therefore, Twitter performs updates, modifications and adds new Twitter features every now and then designed to make your tweeting experience more enjoyable.

If you are one of the fans who use this powerful medium via your Smartphone, then there is indeed great news for you with the recent Twitter announcement of an update for its iOS and Android apps.  Twitter has added multiple new Twitter features such as photo galleries and a completely new form of two way authentication. Not only this, Twitter has made an effort to improve its list as well as search management.

But before you download the latest version from the Google Play and Apple’s App store, stay ahead of this recent update.

Today’s Twitter for Android and iOS allows you to enroll in login verification and also supports login requests directly from your mobile applications. There has been a growing complaint against twitter accounts being compromised by a breach of password data on the Web or through email phishing schemes. To address this problem, Twitter introduced a new security feature to effectively protect your Twitter account.

How is the Login Verification Approach Formed?

Once you login to your Twitter account, there is a security check to ensure that it is really you attempting to login. Next you will be asked to verify your email address and phone number. You have to go through these following steps to get into your account:

  • Login to your account setting page.
  • Choose “require a verification code when I sign in.”
  • Click on the link to “add a phone” and then follow the instruction.
  • Once you enroll in login verification, you will be prompted to enter a six-digit code that is sent to your phone via an SMS.

Don’t worry; your existing application will work with this new login verification. You may wonder, “What if I login to my Twitter account on other apps and devices?” Yes, it is possible by visiting your application page to create a temporary password to log in and authorize that application.

Instead of just relying on a password, login verification keeps your account secured. However, even if it assures tight security, you must ensure that the following factors are properly checked:

  • Use login verification.
  • Use a strong password.
  • Be careful of suspicious links.
  • Make sure the operating system is up-to-date.

What are the Advantages of this Approach?

Added Context:

You can see browser details and location in the app, once a login request is made.

Extensive Support Internationally:

Login verification via SMS is mainly available through supported mobile carriers across the globe. All that’s required is Twitter’s supported apps and an Internet connection to enroll in login verification.

No Need of a Phone Number:

You can avoid giving your phone number by using in-application approvals and push messaging. This is especially required when you create multiple Twitter accounts but only have one phone number.

No Worries, When You Lose Your Phone:

If you lose your phone, the backup code in the apps can be written down in a secured place to access your Twitter account.

How are the New Search Engine and List Management Approaches Formed?

Twitter’s improved search engine is more in line with Google Universal Search. Coupled with displaying tweets and people, the new search also includes videos, social context and photos. From now on, when you start searching for something, the results will be widely classified into three segments:

  • Photos
  • Social Context
  • People

Searches will auto-fill, providing the context of how you are connected to certain people on your account. It will also feature photos in an Instagram-like type of gallery. It enables you to view all the pictures a person has posted to Twitter. You can also request to “view more photos” which provides a gallery view of images.

The list has been successfully managed to enable you to create a new list, edit the existing lists, add or remove members or manage titles and descriptions.

It is quite interesting to see how Twitter is taking the time to put more effort into evolving its new Twitter features. While it has focused on iOS and Android, we hope that it brings the same functionality in the app to all devices.

Blue Bird Photo via Shutterstock




IRS Claims Small Businesses Underreporting Cash Payments

underreporting cash

If you’ve been receiving more credit card payments in your small business lately, you may soon be getting a notice from the Internal Revenue Service.

Media reports suggest the IRS has sent out 20,000 of these 1099-K notices since fall 2012 mostly to small businesses.

Form 1099-K is the return on which small businesses must report “payment card and third party network transactions” including credit card payments.

The official IRS website explains the reason for the 1099-K notice this way:

You received one or more of these letters and notices because you may have underreported your gross receipts. This is based on your tax return and Form(s) 1099-K, Payment/Merchant Cards and Third Party Network Transactions that show an unusually high portion of receipts from card payments and other Form 1099-K reportable transactions.

Specifically, the IRS is targeting businesses whose ratio of credit card to cash seems unusual for their industry, a CNN report suggests. The agency seems to believe these higher than average credit card reportings mean businesses are underreporting cash receipts.

Trends Show Credit Card Payments Increasing

It’s certainly important for small businesses to accurately report their earnings and pay their fair share. But it’s also possible a simpler explanation exists for high credit card receipts.

Customers in the U.S. are increasingly choosing plastic to make their purchases and small businesses here are eager to accommodate.

According to recent data, point of sale cash payments are expected to decline to just 23 percent by 2017. Over the same period, credit card purchases are expected to climb to 33 percent. They were only 29 percent of point of sales purchases in 2011.

What’s more, 68 percent of consumers between ages 18 and 33 will only shop at businesses that accept multiple forms of payment including credit cards. So this trend is likely to continue.

Tips for Dealing with an IRS Notice

If you receive a notice from the IRS about your 1099-K reporting, don’t panic.

1.) Your income tax return should already include the earnings reported on your 1099-K as part of your business’s gross receipts. So the IRS recommends checking all your tax records to determine whether the agency’s assessment is correct.

2.) The IRS also suggests you talk with your tax professional if necessary for some assistance and to decide how to proceed.

Hiding Cash Photo via Shutterstock




Which Types of Tech Buyer Are You? Your Type Could Determine Your Success.

Last week, Infusionsoft, all in one sales and marketing CRM software for small businesses released survey data which showed that there are four types of technology buyers in the world of small business. Depending on what type YOU are could determine your success (or not) in leveraging technology.

I find there are many business owners who are SMART but know nothing about technology and need a lot of help in how to run a successful business - you need to educate yourself.

Other business owners, are pretty business savvy but they don’t know much about technology. You must also educate yourself, not be afraid of technology and be will to see how much more productive it can make your business.

Infusionsoft’s study found that there are Strivers, Customizers, Maximizers and Supporters. Infusionsoft’s blog post reads

Strivers
Strivers struggle with sales and marketing concepts and are reaching for solutions that will help them both develop a strategy for success and implement the solution with confidence. To be successful, Strivers need education on the sales and marketing strategies that will work best for their businesses as well as help selecting and implementing new technologies. 

Customizers
Customizers already have proven, systemized processes for sales and marketing in place, but are unsure of how to use technology to organize and automate their businesses. They are skeptical about using technology to automate the personal touch they’ve used to build their businesses but also recognize that their current manual processes won’t scale for growth.

Maximizers
Maximizers have already organized their business around technologies that help them automate their sales and marketing to be more efficient and get results. That said, they recognize the value of software and are continually looking for new solutions that can give them a competitive advantage. They are more likely than other groups to invest the time to research and implement new systems.

Supporters
More than any other group, Supporters are proud of their small business identity and actively support small business interests in their community. They prefer to purchase technology from vendors that demonstrate support for the small business community and connect with them as entrepreneurs.



Which Types of Tech Buyer Are You? Your Type Could Determine Your Success.

Last week, Infusionsoft, all in one sales and marketing CRM software for small businesses released survey data which showed that there are four types of technology buyers in the world of small business. Depending on what type YOU are could determine your success (or not) in leveraging technology.

I find there are many business owners who are SMART but know nothing about technology and need a lot of help in how to run a successful business - you need to educate yourself.

Other business owners, are pretty business savvy but they don’t know much about technology. You must also educate yourself, not be afraid of technology and be will to see how much more productive it can make your business.

Infusionsoft’s study found that there are Strivers, Customizers, Maximizers and Supporters. Infusionsoft’s blog post reads

Strivers
Strivers struggle with sales and marketing concepts and are reaching for solutions that will help them both develop a strategy for success and implement the solution with confidence. To be successful, Strivers need education on the sales and marketing strategies that will work best for their businesses as well as help selecting and implementing new technologies. 

Customizers
Customizers already have proven, systemized processes for sales and marketing in place, but are unsure of how to use technology to organize and automate their businesses. They are skeptical about using technology to automate the personal touch they’ve used to build their businesses but also recognize that their current manual processes won’t scale for growth.

Maximizers
Maximizers have already organized their business around technologies that help them automate their sales and marketing to be more efficient and get results. That said, they recognize the value of software and are continually looking for new solutions that can give them a competitive advantage. They are more likely than other groups to invest the time to research and implement new systems.

Supporters
More than any other group, Supporters are proud of their small business identity and actively support small business interests in their community. They prefer to purchase technology from vendors that demonstrate support for the small business community and connect with them as entrepreneurs.



How You Can Make App Store Optimization (ASO) Digestible

app store optimization

As the app ecosystem continues its breakneck pace of growth - something to expected to accelerate as Google Play will start begins to offer textbooks in the fall - businesses would be crazy not to consider the app store part of their marketing strategy.

However, as App Store Optimization (ASO) is still in its nascent stages, it’s important that marketers understand what they can and can’t control before devising a strategy to market their app. Additionally, those looking to break into the marketing field may want to consider this a skill worth picking up.

Factors That Influence App Purchases

Before launching an app and beginning to market it, it would behoove the developer to understand the market - and how people make their decisions. These factors, according to Nielsen’s, demonstrate the importance of ASO pretty clearly:

1.  App Store Search:  63% of consumers use this channel to find apps.

2.  Friends and family recommendations:  50% of consumers use this channel to find apps.

3.  Editor’s Picks and Top Lists:  34% of consumers use this channel to find apps.

However, many analysts predict that top lists will soon become a tool of marketers as more apps are developed which will diminish their value over time.

The Basics of App Store Optimization

ASO is still very new, as are the algorithms that control the rankings, so there will be many changes still to come and this will influence the ways companies can market their apps. In the appstore, marketers can really only control the appearance of the app’s page. These factors include:

1. App Title

A good name is important regardless of what you’re marketing, so it’s important to pick an app title that is short and punchy - something that people will remember. Additionally, it’s best to include a few keywords that describe what the app does. For example:  Zeebox - TV’s sidekick.

Be sure to avoid keyword stuffing as it is also important that the app title read in a natural manner.

2. Description

As Patrick Haig, Vice President of MobileDevHQ, an ASO company, says, app descriptions consist of two blurbs - one above the fold and posted one below the fold. What goes above the fold should be concise and to the point - 1-2 sentences that outline the primary use of the app.

Below the fold can be a lengthier discussion of how the app works and should include screenshots. Though it sounds petty, screenshots will be one of the most important part of your app page. They make the app tangible and easy to explain to the consumer.

Once again, always include screenshots of the app, this is extremely important.

3. Keywords

This is something that is only available to those on the Apple iOS ecosystem, Google Play only uses descriptions. This field is only 100 characters - so be sure to be very specific and choose your keywords wisely.

4. Logo

Customers are going to be drawn to what they think is most beautiful, so the more appealing your logo is, the most likely you are to succeed. Pick a bright color as it will catch a shopper’s eye and keep the size of the logo in mind. It will be a very small thumbnail most of the time, so too much detail will make it blurry and hard to see.

App Marketing

ASO will likely go through many change before there is a real system in place. In the meantime, a great way to market your app is to get it traditional SEO (search engine optimization) exposure and do things like press releases, reviews and build links to the page.

Additionally, be sure to listen to your customers. App ecosystems tend to be rife with reviews which are important influences for consumers. Be sure to respond to these concerns as a means to prevent bad reviews.

Launching an app can be a scary. However, as the mobile market continues to explode and app ecosystems continue to grow and improve, a well down launch is likely to be a profitable experience.

App Store Photo via Shutterstock




3 Reasons One Page Websites Work For Businesses - Video Interview with Eric Tarn, co-founder of OnePager

There are still so many business owners who do not have ANY websites. Eric Tarn, co-founder of simple website design company OnePager is out to change this. I challenged Eric, that with all the great do it yourself website services on the market - why do we need yet ANOTHER ONE?

In this video interview he says that even DIY services (Wix, Squarespace) are too complex.

Eric speaks about how websites, even a one page website, should be the foundation for all your online activity.

He also touches on local directories and why sometimes these do not work in favor of a local business owners website.

Check out our discussion below or here - https://www.youtube.com/watch?v=JxQpwr3uUCE



Facebook Posts Get Most Engagement in First Five Hours

facebook post engagement

That post you just left on Facebook won’t interest your followers for long. In fact, several studies suggest most engagement for your post occurs in the first 5 hours after you create it.

Engagement, by the way, at least as defined by Facebook, means actions likes, shares, clicks or comments taken by a user when he or she sees your post.

That’s an incredibly short time to get your audience’s attention. Let’s face it. Some may go much Read More

The post Facebook Posts Get Most Engagement in First Five Hours appeared first on Small Business Trends.



3 Reasons One Page Websites Work For Businesses - Video Interview with Eric Tarn, co-founder of OnePager

There are still so many business owners who do not have ANY websites. Eric Tarn, co-founder of simple website design company OnePager is out to change this. I challenged Eric, that with all the great do it yourself website services on the market - why do we need yet ANOTHER ONE?

In this video interview he says that even DIY services (Wix, Squarespace) are too complex.

Eric speaks about how websites, even a one page website, should be the foundation for all your online activity.

He also touches on local directories and why sometimes these do not work in favor of a local business owners website.

Check out our discussion below or here - https://www.youtube.com/watch?v=JxQpwr3uUCE



Beyond Hot Chicks: GoDaddy Is Going Beyond Domain Names To Service Your Small Business

For several years, we’ve come to know GoDaddy as doing two things very well: a) selling cheap domain names and b) advertising those domain names through scantly clad women. The strategy looks like it’s paid off.

However, there has been an audience turned off by GoDaddy’s advertising as well. Godaddy is a new company - from what I can tell.

I’m impressed to see that over the past several years (maybe it’s been months) GoDaddy has toned down and even done away with its racy advertising and has been more focused on events, advertising its awesome products and services and investing in services to help small businesses succeed.

It recently announced the purchase of Locu, a San Francisco-based company that helps local merchants ‘get found’ online. Competing in some ways with Yext, Yodle and ReachLocal, Locu ensures your company’s local listing is right on a variety of locally focused web sites.

I’m happy to see GoDaddy continue to provide a staggering tool kit of powerful online services for small business owners.

From domain names, to web hosting, to web site creation, GoDaddy offers a complete suite of small business offerings.

Competing head to head with GoDaddy is Yahoo, Webs.com, Network Solutions, Intuit, Google (to some degree) and others.



Beyond Hot Chicks: GoDaddy Is Going Beyond Domain Names To Service Your Small Business

For several years, we’ve come to know GoDaddy as doing two things very well: a) selling cheap domain names and b) advertising those domain names through scantly clad women. The strategy looks like it’s paid off.

However, there has been an audience turned off by GoDaddy’s advertising as well. Godaddy is a new company - from what I can tell.

I’m impressed to see that over the past several years (maybe it’s been months) GoDaddy has toned down and even done away with its racy advertising and has been more focused on events, advertising its awesome products and services and investing in services to help small businesses succeed.

It recently announced the purchase of Locu, a San Francisco-based company that helps local merchants ‘get found’ online. Competing in some ways with Yext, Yodle and ReachLocal, Locu ensures your company’s local listing is right on a variety of locally focused web sites.

I’m happy to see GoDaddy continue to provide a staggering tool kit of powerful online services for small business owners.

From domain names, to web hosting, to web site creation, GoDaddy offers a complete suite of small business offerings.

Competing head to head with GoDaddy is Yahoo, Webs.com, Network Solutions, Intuit, Google (to some degree) and others.



11 Tips for Avoiding Startup Legal Battles

legal battles

When starting a new business, planning for potential legal issues is essential. The last thing you need to be focusing on is damage control, particularly if you have a brilliant, game-changing idea that could be a thriving business otherwise.

To find out how to make sure your crazy startup idea isn’t going to get you into hot water, we asked members of the Young Entrepreneur Council, an invitation-only organization comprised of the country’s most promising young entrepreneurs, the following:

“What’s one valuable tip you’d give an entrepreneur with a disruptive technology/service to prepare for legal problems down the road? “

Here’s what YEC community members had to say:

1. Consult With an Attorney

“Entrepreneurs should consider consulting with an intellectual property attorney while they are developing their products to avoid potential legal disputes. By doing so, they can possibly navigate around intellectual property battles instead of having to fight them.” ~ Doug Bend, Bend Law Group, PC

2. Build an Army of Engaged Users

“If you’re small, the existing institutions will fight you on their turf with lawyers and lobbyists. The easiest way to disrupt entrenched interests, such as unions and trade associations, is to bring the battle out into the open. Acquire and engage a passionate user base, and it will take on the old industries for you.” ~ Neil Thanedar, LabDoor

3. Put Together a Legal Team

“Get a high-quality legal team in place. Traditional industries are fighting back hard against new innovations, and if you don’t legally prepare in advance, you might struggle before you ever make it out of the starting blocks.” ~ Andrew Schrage, Money Crashers Personal Finance

4. Don’t Over Plan Around Legal

“Disrupting old industries is inevitably going to cause some type of legal or regulatory challenges. You can’t avoid it, and you can’t plan around it. But don’t let the future threats of legal issues prevent you from building your company at the start. If you build something awesome, then you’ll have a reason to fight, but start with the building something awesome first.” ~ Eric Koester, DCI

5. Invest in Legal Support

“If you’re going to disrupt the status quo, it’s critical to know your rights, legal precedence and regulations that you may need to fight. Don’t go into this blind â€" even if you have legal training. Focus on the growth of your business, and hire a legal team that can research and fight for you. “ ~ Kelly Azevedo, She’s Got Systems

6. Invest in Liability Insurance

“Although it may not keep you out of court in our litigious society, a general business liability insurance policy may mitigate your exposure when you end up there. Even though most people know that insurance can protect them from personal injury and property damage claims, it can also cover claims of false or misleading advertising for startups, including libel, slander and copyright infringement.” ~ Peter Minton, Minton Law Group, P.C.

7. Include Board Members

“If you know you are gearing up for a fight, I would look to include board members who are either lawyers or have been closely associated with other companies that have had similar legal situations.” ~ Sam Saxton, Salter Spiral Stair and Mylen Stairs

8. Use Patent Lawyers to Protect Technology

“Disruptive technology from a small company attracts attention from larger companies with confidence in their legal budgets. Expect patent infringement and appeals to your patents as larger companies try to outlast your legal resources. Choose a patent attorney who is well versed in every legal protection possible and will apply for every patent you need before the technology is publicly known.” ~ Jay Wu, A Forever Recovery

9. Hide Under the Radar and Make Allies

“Incumbent companies will do whatever it takes to protect their market shares and interests to the point where they’ll find ways to sue you just to throw a wrench in your wheel. It’s best to stay below the radar while you’re getting your business in order, gathering funding, etc. During that time, look for large strategic partners that might benefit from your entry, and get them on your side. “ ~ Andy Karuza, brandbuddee

10. Be Prepared

“All entrepreneurs should assume that they will encounter some sort of legal issues once they start showing success. To combat these legal issues, start preparing immediately. Before you launch, you should perform your due diligence and create a list of all foreseeable legal situations. Review these with your lawyers to develop strategies to defend against or prevent these issues. “ ~ Kevin Tighe II, WeBRAND

11. Build a Relationship With Your Lawyer Now

“Begin building a great relationship with your lawyer before the legal issues arise. You need to be comfortable with their communication styles, confident that they won’t run up the clock unnecessarily and assured they understand that ultimately they are the advisors, and you call the shots. “ ~ Michael Simpson, DJZ

Legal Concept Photo via Shutterstock




11 Tips for Avoiding Startup Legal Battles

legal battles

When starting a new business, planning for potential legal issues is essential. The last thing you need to be focusing on is damage control, particularly if you have a brilliant, game-changing idea that could be a thriving business otherwise.

To find out how to make sure your crazy startup idea isn’t going to get you into hot water, we asked members of the Young Entrepreneur Council, an invitation-only organization comprised of the country’s most promising young entrepreneurs, the following:

“What’s one valuable tip you’d give an entrepreneur with a disruptive technology/service to prepare for legal problems down the road? “

Here’s what YEC community members had to say:

1. Consult With an Attorney

“Entrepreneurs should consider consulting with an intellectual property attorney while they are developing their products to avoid potential legal disputes. By doing so, they can possibly navigate around intellectual property battles instead of having to fight them.” ~ Doug Bend, Bend Law Group, PC

2. Build an Army of Engaged Users

“If you’re small, the existing institutions will fight you on their turf with lawyers and lobbyists. The easiest way to disrupt entrenched interests, such as unions and trade associations, is to bring the battle out into the open. Acquire and engage a passionate user base, and it will take on the old industries for you.” ~ Neil Thanedar, LabDoor

3. Put Together a Legal Team

“Get a high-quality legal team in place. Traditional industries are fighting back hard against new innovations, and if you don’t legally prepare in advance, you might struggle before you ever make it out of the starting blocks.” ~ Andrew Schrage, Money Crashers Personal Finance

4. Don’t Over Plan Around Legal

“Disrupting old industries is inevitably going to cause some type of legal or regulatory challenges. You can’t avoid it, and you can’t plan around it. But don’t let the future threats of legal issues prevent you from building your company at the start. If you build something awesome, then you’ll have a reason to fight, but start with the building something awesome first.” ~ Eric Koester, DCI

5. Invest in Legal Support

“If you’re going to disrupt the status quo, it’s critical to know your rights, legal precedence and regulations that you may need to fight. Don’t go into this blind â€" even if you have legal training. Focus on the growth of your business, and hire a legal team that can research and fight for you. “ ~ Kelly Azevedo, She’s Got Systems

6. Invest in Liability Insurance

“Although it may not keep you out of court in our litigious society, a general business liability insurance policy may mitigate your exposure when you end up there. Even though most people know that insurance can protect them from personal injury and property damage claims, it can also cover claims of false or misleading advertising for startups, including libel, slander and copyright infringement.” ~ Peter Minton, Minton Law Group, P.C.

7. Include Board Members

“If you know you are gearing up for a fight, I would look to include board members who are either lawyers or have been closely associated with other companies that have had similar legal situations.” ~ Sam Saxton, Salter Spiral Stair and Mylen Stairs

8. Use Patent Lawyers to Protect Technology

“Disruptive technology from a small company attracts attention from larger companies with confidence in their legal budgets. Expect patent infringement and appeals to your patents as larger companies try to outlast your legal resources. Choose a patent attorney who is well versed in every legal protection possible and will apply for every patent you need before the technology is publicly known.” ~ Jay Wu, A Forever Recovery

9. Hide Under the Radar and Make Allies

“Incumbent companies will do whatever it takes to protect their market shares and interests to the point where they’ll find ways to sue you just to throw a wrench in your wheel. It’s best to stay below the radar while you’re getting your business in order, gathering funding, etc. During that time, look for large strategic partners that might benefit from your entry, and get them on your side. “ ~ Andy Karuza, brandbuddee

10. Be Prepared

“All entrepreneurs should assume that they will encounter some sort of legal issues once they start showing success. To combat these legal issues, start preparing immediately. Before you launch, you should perform your due diligence and create a list of all foreseeable legal situations. Review these with your lawyers to develop strategies to defend against or prevent these issues. “ ~ Kevin Tighe II, WeBRAND

11. Build a Relationship With Your Lawyer Now

“Begin building a great relationship with your lawyer before the legal issues arise. You need to be comfortable with their communication styles, confident that they won’t run up the clock unnecessarily and assured they understand that ultimately they are the advisors, and you call the shots. “ ~ Michael Simpson, DJZ

Legal Concept Photo via Shutterstock




Phishing email grants hackers access to DNS records of major websites

Interest in a major summit attended by the world's economic and political leaders is being manipulated to further the schemes of an accomplished cyber espionage group, researchers warn.

Security firm Rapid7 discovered an intensifying phishing campaign being carried out by APT12, the collective believed to be backed by China's People's Liberation Army, which carried out months-long breach on The New York Times earlier this year.

According to Claudio Guarnieri, a researcher at FireEye, who blogged about the campaign on Monday, a “swarm” of malicious emails themed around the 2013 G20 Summit in Russia, due to commence next Thursday, indicates that the group is still actively targeting organisations for intellectual property and other sensitive data.

This year, G20 Summit leaders are convening in St. Petersburg, Russia, for the eighth summit since G20's formation.

After analysing several reports on VirusTotal, Guarnieri found that the mounting interest in the summit appears to present itself as the perfect opportunity for hackers aiming to gain a foothold in organisations.

In the blog post, he dissected three phishing attacks where hackers distributed malware using weaponised zip files. The malware consisted of backdoor Trojans capable of logging victims' keystrokes and downloading additional, and more sophisticated, malware on compromised machines.

According to the blog post, a Canadian user reported a suspicious file to VirusTotal on 31st May, which was meant to look like a PDF detailing agenda notes for the G20 Summit. On 16th August, a user in France also reported another spurious zip file, which was designed to appear like informational materials about the forum. Also, last week, an individual in Hungary made note of a similar executable being sent to their organisation.

In some cases, malicious attachments contained in the phishing emails copied word-for-word the real materials and press releases being distributed to groups about the event.

Based on the activity, Guarnieri concluded that the adversary behind the attacks was APT12, primarily because instructions dispatched to the malware were sent from the same IP address that FireEye also linked to APT12 activity two weeks ago.

No vulnerabilities were leveraged in any of the G20-themed ruses, according to Rapid7's research.



Phishing email grants hackers access to DNS records of major websites

"Media is going down..." The Syrian Electronic Army (SEA) tweeted on Tuesday, as the pro-Assad hacker collective announced domains belonging to The New York Times, Huffington Post UK and Twitter were compromised. It appears the hackers were able to change registry information and modify the DNS records for the companies, according to Whois records.

Security researchers studying the attack believe it was directed at Melbourne IT, an Australian web and email hosting company that provides services for the media sites, in addition to other big-name companies such as Microsoft and Yahoo.

HD Moore, chief research officer at vulnerability management company Rapid7 and chief architect of the Metasploit framework, told SCMagazine on Tuesday that Melbourne IT is the "one common factor" that ties all of these sites together.

There are a couple of ways the attackers could have compromised Melbourne IT's servers to pull off the DNS hacks, Moore said, but it's most likely they registered their own domain with the registrar and "found a way to reset passwords or jump over and take over other accounts".

The ability to redirect the domains to any site of their choosing is just one of the things Moore said an attacker could do with these kinds of privileges, so he recommended that people "don't use [Melbourne IT] sites for a couple of hours" and await direction from officials as more information becomes available.

Christina Thiry, a spokeswoman at Twitter, emailed SCMagazine.com on Tuesday and said that the company was investigating the incident.

The company is now confirming the incident was malicious in nature, according to a statement posted online.

A New York Times spokesperson did not immediately respond to SCMagazine.com for comment, but a story posted on the Times website indicates that Melbourne IT has been affected and acknowledges that SEA is taking responsibility for the attack.

Melbourne IT is an Australia-based domain name registrar that also offers a host of services, including website design, hosting, email, cloud computing and online marketing, according to its website. Founded in 1996, the company has six locations throughout Australia, New Zealand and the US and earned more than $170 million in revenue last year. Melbourne IT's customer base consists of more than 400,000 clients.

Representatives at Melbourne IT and Huffington Post UK did not immediately respond to SCMagazine.com for comment.

Everything started coming to a head some point after 4pm EST, when users who visited the Times site saw a message that read, "Hacked by SEA". The website seemed to be back up before long, but has been experiencing sporadic downtime.



Phishing email grants hackers access to DNS records of major websites

A phishing attack, one of the most common and oldest cyber tricks in the book, enabled hackers to hijack and modify the DNS records for several domains on Tuesday, including The New York Times, Twitter and the Huffington Post UK on Tuesday.

Representatives of the impacted entities have said their systems are now operating normally, and there are no lingering or long-term effects. In fact, the companies were not even the ones targeted by the attackers, who claimed to be the Syrian Electronic Army, a band of pro-Assad hacktivists responsible for a number of IT takedowns in recent months.

The intruders responsible for Tuesday's incidents actually compromised a reseller account that had access to the IT systems of Australian registrar, Melbourne IT. An employee for one of the resellers responded to a spear phishing attack, which allowed the hackers to steal their account login credentials.

Bruce Tonkin, chief technology officer with Melbourne IT, told SCMagazine.com on Wednesday that he would not reveal the identity of the reseller or the details of the phishing email, but he admitted to being surprised by how authentic the email appeared and explained that he “could see how people could be caught by it”, even “people in the IT industry”.

The New York Times website was defaced and experienced sporadic downtime, while several images hosted on Twitter would not display correctly and all the while the pro-Assad hacker collective took to its Twitter account to post messages about the attacks and images of Whois records displaying registry alterations.

When Melbourne IT received word of the incident, technicians were up bright and early in Australia to change the target reseller's credentials to prevent further changes, change affected DNS records back to previous values and lock affected records from further changes at the .com domain name registry, said Tony Smith, a spokesman for Melbourne IT.

“We are currently reviewing our logs to see if we can obtain information on the identity of the party that has used the reseller credentials, and we will share this information with the reseller and any relevant law enforcement body,” he said.

Tonkin said that the incident should reinforce the application of domain locking functionality known commonly as a registry lock.

A registry lock is a status code applied to a web domain name that is designed to prevent incidental or unauthorised changes, including modifications, transfers or deletion of domain names and alterations to domain contacts details, without first authenticating to the top-level domain operator. For .com domains, that is VeriSign.

Registry locks are what protected Twitter.com during the attack. The same could not be said for its image hosting server, twimg.com, which did not have the added protection - hence why images on Twitter were not displaying properly throughout the incident.

HD Moore, chief research officer at vulnerability management company Rapid7 and chief architect of the Metasploit framework, stressed the importance of registry locks.

Moore explained in an email sent on Wednesday that several entities have added the protection to their websites in the wake of the incident, including Huffington Post, Starbucks and Vine, and pointed to a few other big names that were not protected at the time of the incident, including AOL, Barnes & Noble and IBM.

In a blog post that explained the relationship among registries, registrars and DNS providers, Matthew Prince, co-founder and CEO of web security and performance company CloudFlare, agreed about the importance of registry locks.

"Registrars generally do not make it easy to request registry locks because they make processes like automatic renewals more difficult," he wrote. "However, if you have a domain that may be at risk, you should insist that your registrar put a registry lock in place."

Meanwhile, experts said that while the attack was simple in nature, it was creative.

Ken Westin, a researcher with security software company Tripwire, said he believes “media attacks seem to be escalating and moving away from annoying, simple denial-of-service attacks and toward full domain compromise".

CloudLock enterprise solutions architect Kevin O'Brien was able to look at the bright side of things, saying, “If there is any consolation to be had, it is that this is an incredibly unsophisticated form of attack” and adding that it can be addressed through training.



APT12 group uses G20 Summit buzz to infiltrate organisations

"Media is going down..." The Syrian Electronic Army (SEA) tweeted on Tuesday, as the pro-Assad hacker collective announced domains belonging to The New York Times, Huffington Post UK and Twitter were compromised. It appears the hackers were able to change registry information and modify the DNS records for the companies, according to Whois records.

Security researchers studying the attack believe it was directed at Melbourne IT, an Australian web and email hosting company that provides services for the media sites, in addition to other big-name companies such as Microsoft and Yahoo.

HD Moore, chief research officer at vulnerability management company Rapid7 and chief architect of the Metasploit framework, told SCMagazine on Tuesday that Melbourne IT is the "one common factor" that ties all of these sites together.

There are a couple of ways the attackers could have compromised Melbourne IT's servers to pull off the DNS hacks, Moore said, but it's most likely they registered their own domain with the registrar and "found a way to reset passwords or jump over and take over other accounts".

The ability to redirect the domains to any site of their choosing is just one of the things Moore said an attacker could do with these kinds of privileges, so he recommended that people "don't use [Melbourne IT] sites for a couple of hours" and await direction from officials as more information becomes available.

Christina Thiry, a spokeswoman at Twitter, emailed SCMagazine.com on Tuesday and said that the company was investigating the incident.

The company is now confirming the incident was malicious in nature, according to a statement posted online.

A New York Times spokesperson did not immediately respond to SCMagazine.com for comment, but a story posted on the Times website indicates that Melbourne IT has been affected and acknowledges that SEA is taking responsibility for the attack.

Melbourne IT is an Australia-based domain name registrar that also offers a host of services, including website design, hosting, email, cloud computing and online marketing, according to its website. Founded in 1996, the company has six locations throughout Australia, New Zealand and the US and earned more than $170 million in revenue last year. Melbourne IT's customer base consists of more than 400,000 clients.

Representatives at Melbourne IT and Huffington Post UK did not immediately respond to SCMagazine.com for comment.

Everything started coming to a head some point after 4pm EST, when users who visited the Times site saw a message that read, "Hacked by SEA". The website seemed to be back up before long, but has been experiencing sporadic downtime.



APT12 group uses G20 Summit buzz to infiltrate organisations

Interest in a major summit attended by the world's economic and political leaders is being manipulated to further the schemes of an accomplished cyber espionage group, researchers warn.

Security firm Rapid7 discovered an intensifying phishing campaign being carried out by APT12, the collective believed to be backed by China's People's Liberation Army, which carried out months-long breach on The New York Times earlier this year.

According to Claudio Guarnieri, a researcher at FireEye, who blogged about the campaign on Monday, a “swarm” of malicious emails themed around the 2013 G20 Summit in Russia, due to commence next Thursday, indicates that the group is still actively targeting organisations for intellectual property and other sensitive data.

This year, G20 Summit leaders are convening in St. Petersburg, Russia, for the eighth summit since G20's formation.

After analysing several reports on VirusTotal, Guarnieri found that the mounting interest in the summit appears to present itself as the perfect opportunity for hackers aiming to gain a foothold in organisations.

In the blog post, he dissected three phishing attacks where hackers distributed malware using weaponised zip files. The malware consisted of backdoor Trojans capable of logging victims' keystrokes and downloading additional, and more sophisticated, malware on compromised machines.

According to the blog post, a Canadian user reported a suspicious file to VirusTotal on 31st May, which was meant to look like a PDF detailing agenda notes for the G20 Summit. On 16th August, a user in France also reported another spurious zip file, which was designed to appear like informational materials about the forum. Also, last week, an individual in Hungary made note of a similar executable being sent to their organisation.

In some cases, malicious attachments contained in the phishing emails copied word-for-word the real materials and press releases being distributed to groups about the event.

Based on the activity, Guarnieri concluded that the adversary behind the attacks was APT12, primarily because instructions dispatched to the malware were sent from the same IP address that FireEye also linked to APT12 activity two weeks ago.

No vulnerabilities were leveraged in any of the G20-themed ruses, according to Rapid7's research.