Google selling Motorola phone business to Lenovo

Google is selling Motorola's smartphone business to Lenovo for $2.9 billion, a price that makes Google's biggest acquisition look like its most expensive mistake.

The deal announced today will rid Google of a financial headache that has plagued the internet company since buying Motorola Mobility for $12.4 billion in 2012. Motorola has lost nearly $2 billion since Google took over, while trimming its workforce from 20,000 to 3,800.

Google had previously recovered some of the money that it spent on Motorola by selling the company's set-top operations last year to Arris Group Inc. for $2.35 billion. Google is also keeping most of the patents that came with the Motorola purchase.

It's unclear if Google will have to absorb a charge to account for the difference between what it paid for Motorola Mobility and what it is getting back. The Mountain View, California, company may address the issue later this week when it announces its fourth-quarter earnings after the market closes.

Mostinvestors viewed Motorola as an unnecessary drain on Google's profit, a perspective that was reflected by Wall Street's reaction to the sale. Google's stock gained $28.08, or 2.5 per cent, to $1,135 in extended trading.

While Google is backpedalling, Lenovo Group is gearing up for a major expansion. Already the world's largest maker of personal computers, Lenovo now appears determined to become a bigger player in smartphones as more people rely on them instead of laptop and desktop computers to go online.

Lenovo already is among the smartphone leaders in its home country of China, but it has been looking for ways to expand its presence in other markets, especially the US and Latin America. The company had been rumoured to be among the prospective buyers for BlackBerry when that troubled smartphone maker was mulling a sale last year.

This marks Lenovo's second high-profile deal this month. The company announced plans last week to buy a major piece of IBM's computer server business! for $2.3 billion.

Buying Motorola will enable Lenovo to join Apple as the only major technology companies with global product lines in PCs, smartphones and tablets, putting Lenovo in a better position to become a one-stop shop for companies to buy all their devices from the same vendor, said Forrester Research analyst Frank Gillett.

"This makes Lenovo a company to watch," Gillett said in an email. "The personal device manufacturer business is consolidating and manufacturers must compete in all three device markets, plus emerging wearable categories, or get left out of the next market shift."

After it takes over, Lenovo plans to retain a Motorola management team led by Dennis Woodside. Google had reassigned Woodside, one of its top executive, to run Motorola Mobility in hopes he could engineer a turnaround. Under Woodside, Motorola released two new smartphones last year, the Moto X and Moto G. The phones attracted lots of headlines, but didn't sell as well as anticipated, analysts say.

Lenovo executives also said they aren't planning to lay off any more Motorola employees and that the subsidiary would remain based in its current headquarters in Libertyville, Illinois.

"We buy this business, we buy this team as our treasure," Lenovo CEO Yang Yuanqing said during a conference call.

Google is retaining most of Motorola's portfolio of mobile patents, providing the company with legal protection for its widely used Android software for smartphones and tablet computers. Gaining control of Motorola's patents was the main reason Google CEO Larry Page decided to pay so much for Motorola Mobility at a time the smartphone maker was already losing money and market share.

Most analysts thought Page had paid too much money for Motorola and questioned why Google wanted to own a smartphone maker at the risk of alienating other mobile device makers that rely on Android.

Selling Motorola's smartphone operations will "enable Google to devote our energy to driving inno! vation ac! ross the Android ecosystem," Page said in a statement.

Lenovo is picking up about 2,000 Motorola patents in addition to the phone manufacturing operations.

Dip Into a New Pool of Talent by Employing Seniors

Are you racking your brains looking for a way to hire employees on a tight budget? Perhaps you’ve even put out want ads for jobs but haven’t found any candidates with the right experience and attitude.

Maybe the problem is that you’re overlooking a huge pool of potential employees: Seniors. (Seriously, we need to come up with a better name for this generation of Americans.)

A study (PDF) from the University of Michigan found that these days, more “mature” Americans are taking “partial retirement.” Already 20 percent of workers aged 65 to 67 and 15 percent of those aged 60 to 62 are partially retired.

Partial retirement itself is a relatively new trend. In 1960, the study reports, only about 5 percent of workers in the 65 to 67 age range were partially retired and among people age 60 to 62, the concept was virtually nonexistent.

What’s Behind the Growth of Partial Retirement?

The study points to several factors. During tough economic times, older workers are more likely to be laid off or choose to exit the work force. However, many either can’t afford to take full retirement, or don’t want to because they enjoy working. As a result, more and more workers over 60 are taking what the study calls “bridge jobs” - lower-paying jobs intended to tide them over until full retirement as opposed to continuing in, or searching for, “career jobs.”

The growth of partial retirement is good news for small business owners, as it’s creating a new pool of potential workers who have lots of experience but are willing to work for less.

The Pros and Cons of Employing Seniors

Below are some of the issues mentioned in a survey (PDF) of hiring managers by the Society for Human Resource Management (SHRM).

Pro: Seniors Tend to Be Good With People

Often, they want to keep working because they enjoy socializing and don’t want to be isolated at home. This makes them natural “relators” who are likely to be patient and friendly. This type of person can be great as a retail employee, customer service rep, greeter (think Wal-Mart) or in another type of role that involves lots of hand-holding.

Pro: Seniors Have Valuable Experience You Couldn’t Afford to Hire Full-Time

I recently needed new carpet in my home and was trying to match old carpet installed 10 years ago. A senior (partially retired) salesman at the company I worked with was able to identify the brand and find a near-perfect match in a matter of minutes due to his decades of industry knowledge. He was also more efficient than many younger, less experienced people might have been.

Pro: Seniors Can Share Their Knowledge with Junior Employees

Having a senior mentor train younger employees is a great way to bring them up to speed on your industry.

Pro: Seniors Possess Useful Networks

Seniors who have spent a long time in the workforce typically have networks of contacts that can be useful to your business.

Pro: Seniors Have More Dedication

Because their children are grown and they may be widows or widowers, seniors are likely to have more dedication to your business than employees who are juggling marriage, children and family life with the demands of their jobs.

Con: Possibly Less Tech Savvy

Seniors are likely to be less tech-savvy than younger generations who’ve grown up with technology. That said, they are typically very willing to learn, and with a majority of people over 65 now online according to Pew data, they have at least some familiarity with social media, email and other essential tools.

Con: Potential Physical Limitations

Seniors will most likely have physical limitations that younger employees won’t. So if the job requires a lot of walking, standing, lifting or other physical labor, it’s probably not ideal for an older individual. The good news is, as part-timers, they won’t need to be on your company’s health insurance so their health issues won’t raise your rates.

How Can You Find Qualified Seniors?

Tap into senior-related resources in your community, let your connections know you’re looking for senior employees, or advertise on senior job boards such as Senior Job Bank or Workforce 50.

Employee Photo via Shutterstock

ThinkHR Acquires HR That Works to Expand Employee Management Services

ThinkHR has acquired HR That Works.

The cloud-based human resource companies both describe the move as a merger. In an official announcement, ThinkHR touts resources both offer for small and large businesses wishing to hire the best employees. But the companies say they also offer resources to improve productivity and reduce workplace conflicts. Each company says it provides its own specialty  services to businesses that can’t dedicate, but need, a full-time HR person.

ThinkHR CEO Pete Yozzo said in a prepared statement that combining his company with HR That Works provides a single source for businesses in need of human resource services. He adds:

“With HRTW’s risk management expertise and legal perspective, its best-in-class platform will be an excellent complement to our existing platform and team of HR professionals and content contributors. This acquisition is another example of how ThinkHR is always looking for ways to deliver more value to our customers, creating an experience that is as simple and easy to use as it is elegant.”

In the deal, HR That Works Founder Steve Phin will join the team at ThinkHR as its vice president of Strategic Solutions. Phin started HR That Works in 2001. The purpose was to provide services to employers and insurance brokers managing human capital risks not insurable through traditional programs.

Today, the company has grown to offer a wide array of Web-based HR services to businesses. The company’s website says these include a database of HR-related videos, assistance with training of employees, employee performance and retention, leadership webinars and advice on ever-changing compliance issues.

ThinkHR say they feature live assistance that connects businesses with an HR professional who can work with them to resolve employee issues quickly. The company posts on its site that it has compiled a database of answers to common HR questions its members can access as needed. ThinkHR notes in its release:

“This strategic merger will enable ThinkHR to expand its expertise into the property and casualty market and broaden its online resource library with video content and additional valuable reference material.”

Speedzone Performance: Owner’s Passion and $700 Loan Leads to a Business

Speedzone Performance focuses on a part of the automotive industry most car buyers and owners probably never even think about.

Founder Vishal Mathur says he has a passion for high quality aftermarket auto parts (parts built by companies other than a car’s original manufacturer) sourced specifically from companies in the U.S. or vetted Japanese partners. And this means parts he sells often cost a bit more.

Mathur says the reason he tries to trace the origins of his parts so carefully is that he wants to be able to stand behind what he sells. And he wants to know that his suppliers will do the same.

As it happens, this isn’t something Mathur dreamed up to put into a marketing message or so he could charge a little more for his parts on eBay.

In fact, he says, it’s the reason he started his business in the first place, 15 years ago and right out of college:

“I know what it’s like to be on the other side of the counter.”

First of all, Mathur didn’t have any experience as an auto mechanic or in selling auto parts before starting his business.

Instead, he graduated college with a degree in business administration and a minor in marketing.

Today, Mathur’s business not only sells automotive parts but also does race car fabrication, including building custom racing engines. They do custom auto work, too. That includes transforming, say, a 1991 Nissan or other vehicle into a 1000 horsepower track car for “weekend warriors” and other race enthusiasts. They also build roll cages and do other specialty work.

All of this happens at the company’s 2,500 square foot auto body shop in Kissimmee, FL.

So how did a guy with no particular background as a mechanic or in the auto parts industry get involved in this business?

Well, even if Mathur didn’t know all that much about fixing up or modifying cars, he did have entrepreneurship in his blood.

Mathur’s father had, for years, owned and operated a bookstore. So in addition to his education, he had learned a lot about running a business…and about spotting an opportunity.

While incapacitated for a short while with a hand injury, Mathur used the time to read auto magazines from his parents’ store. He intended to modify his existing car and spent a lot of time at a local auto paint shop drinking in all he could learn about the process.

When a local auto parts dealer refused to stand behind some faulty parts he’d bought or even go to bat for him with the manufacturer, Mathur decided he could do better.

With a $700 business loan from his parents and use of their business license and a room behind the store, Mathur started selling auto parts.

When he enlisted the help of some part-time workers from a local car club, the group began doing modifications on each others’ cars in the parking area out back.

Before long, local code enforcement required him to move to a facility that allowed more automotive work. Mathur brought in a lift and other necessary equipment and continued to build his business.

Today, Mathur has six employees, including certified mechanics. He also operates a website SpeedzoneWeb.com where he offers auto parts for sale. However, he admits the site is a much smaller part of his business and serves mainly to promote his physical location.

Mathur says online sales of auto parts is dominated by sellers marketing mass produced parts from China, Malaysia and other overseas sources. Their emphasis is on low prices Speedzone Performance cannot meet due to its sourcing standards.

Instead, Mathur will deal only with primarily domestic and some Japanese manufacturers who he has researched thoroughly or been referred to by other trusted industry sources.

Mathur estimates only about 30 percent of the auto part industry focuses on this approach, avoiding mass produced lower quality parts.

The next step is the research and development and then manufacture of his company’s own brand of parts, something already done by others in the industry, he says.

* * * * *

iCIMS, a leading provider of talent acquisition solutions for growing businesses, is proud to be the official sponsor of Small Business Trend’s first inaugural “Small Biz Spotlight” of Speedzone Performance. Like iCIMS, Speedzone Performance has become a leader in their industry by providing the highest quality products and superior service to their customers. iCIMS is delighted to have the opportunity to support the passionate drive and entrepreneurial spirit of companies like Speedzone Performance through the sponsorship of the “Small Biz Spotlight.” (Visit the “Small Biz Spotlight” series archives and stay tuned for more small business stories there.) 

Image: speedzoneweb.com

More in: Spotlight

GCHQ accused of monitoring Facebook Likes and YouTube views

January 29, 2014

Is GCHQ sifting through everyone's UK Internet usage metadata?

The revealing white light of former NSA analyst Edward Snowden's stream of revelations swung away from the NSA (National Security Agency) in the US - and over to GCHQ here in the UK this week - amidst claims that that the UK's security agency is sifting through citizen's Facebook `likes', YouTube viewing habits, Twitter `follows' and even which Google blogging sites we all visit.

With a snappy moniker of `Squeaky Dolphin,' the GCHQ operation is reportedly harvesting the terabytes of metadata that Internet users generate every day as they visit some of the most popular sites and services on the Internet.

According to NBC News, which broke the story late yesterday, GCHQ showed off its Squeaky Dolphin capabilities back in 2012, since when Facebook has since started encrypting its data transmissions, although Google's YouTube and Blogger services are unencrypted.

NBC's revelations follow hard on the heels of news about how the NSA and GCHQ are working on plans to surveil the data streams of smartphone apps.

According to the New York Times  this week data generated from a variety of gaming and social media apps - including Facebook and Angry Birds - is already being sniffed by the security agencies.

News that data streams from Facebook and Google's users are being snooped upon has reportedly sent the Internet giants into a quiet fury - amidst further claims that they are not cooperating with the security agencies in breaching their users' privacy rights.

SCMagazineUK.com notes that GCHQ's Squeaky Dolphin programme seems to add credence to earlier claims that the UK security agency has been tapping international fibre optic connections.

In those claims - published by the Guardian newspaper - the fibre optic tapping, known as Operation Tempora, has been going on since 2011.

Back at NBC, meanwhile, and the news station claims its reports are based on an Edward Snowden document called `Psychology: A New Kind of Sigdev' - something that also adds credence to reports that GCHQ is building psychological profiles up on its surveillance targets, drawing on Internet usage metadata.

Whilst Facebook and Google told NBC News that they have not given GCHQ permission to collate the data, leading pen tester Peter Wood, CEO of First Base Technologies, said the clear analogy here is with the river of data that the Internet creates.

"If you imagine that GCHQ has the ability to divert this river, then fishing out information of interest to them, then you'd be pretty surprised if they weren't doing this," he said.

"I think the issue is not with GCHQ's actions in this regard, however, as whilst I have every confidence in the integrity of GCHQ's staff and their actions, the same clearly cannot be said for the NSA's activities. It seems that some agency staff have been over-enthusiastic in their actions, especially when it comes to employing third parties to carry out their surveillance. This is clearly demonstrated by the actions of Edward Snowden himself," he added.

Rob Bamforth, a Principal Analyst with business and research analysis house Quocirca, was equally sanguine about the actions of GCHQ.

"These reports do not surprise me, quite frankly. I think the key question that need to be asked, however, is who knew about these surveillance actions - and what and where they are being carried out," he said.

"Okay. The corporate entities [such as Facebook and Google] are not happy. But what are they unhappy about? Is it that they are displeased about being found out - or that there are security weaknesses in their products and services?," he added.

Bamforth went on to pour cold water on some observations that suggest a highly joined-up approach being carried out by the likes of the NSA, the CIA and GCHQ, telling SCMagazineUK.com that he tends to come down on the side of cock-ups, rather than conspiracies, when surveillance revelations - like the ones that Edward Snowden is constantly revealing - come out.

Yes, he said, the security agencies are monitoring us all, but are they all operating in concert in their actions? I have my doubts about this," he said.

Twitter Plans eCommerce Function, May Use Payment Startup Stripe

It’s being reported that Twitter is planning to launch an eCommerce feature. The service could be patterned roughly on Square Market and would integrate the technology of a startup payment solution called Stripe.

Twitter chairman Jack Dorsey is also the CEO at Square.  But TechCrunch reports the newly proposed Twitter eCommerce feature does not sound as if it would be any real competition for the credit card reader.

Stripe Founders Patrick and John Collison’s hometown paper recently reported that the two are deep in negotiations with Twitter over the deal - but the pair are not keen on selling their company. Another company being considered, according to Techcrunch, is Paypal.

Stripe is a payment system which enables you to collect credit card information from your customers on your website. But no information is stored on your servers - everything is sent to Stripe for processing. That way, you don’t have to worry about encrypting credit card or other information on your servers. For this service, Stripe charges 2.9% and 30 cents per transaction.

Below is a short video description of how Stripe works:

Stripe also raised $80 million in funding recently to expand its services, putting the total valuation of the company at $1.75 billion.

Up to this point, Twitter has made several efforts to monetize their platform. They have included “hashtag commerce” with Chirpify, promoted tweets, targeted tweets, and purchase hashtags and credit card syncing, with American Express. But now Twitter seems to be on the cusp of developing a standalone storefront platform where brands can sell to Twitter users, with hopefully Stripe covering the back end, processing the payments.

However, even if Twitter’s eCommerce efforts do come to fruition, advertising may be the main source of revenue for Twitter for some time to come.

Twitter’s main rival, Facebook, has gone down the eCommerce route themselves. Despite their considerable online clout and financial resources, the revenues from their eCommerce efforts only amounts to 11% of their total revenues.
Images: Stripe

More in: Twitter

Facebook\'s Android app wants access to your text messages

January 29, 2014

Facebook's updated Android application is under fire with the latest iteration requiring user permission to read SMS messages.

The world's largest social network rolled out the app update at the end of last year, but users have since discovered that the app requires permission to not only read SMS and MMS messages, but also to modify calendar events and send emails to guests without the owner's' knowledge.

Such has been the furore around this - which is perhaps not surprising considering the leaks of Edward Snowden and yesterday's Data Privacy Day, Facebook outlined their reasons for the access on the Facebook Mobile Apps.

“We realise that some of these permissions sound scary, so we'd like to provide more info about how we use them,” says a spokesperson. The web page goes onto detail what exactly Facebook does with owner data. The company reveals that adding a phone number to an account can allow them to confirm phone numbers automatically by sending the confirmation code via text message.

Reacting to the news, Kaspersky Lab senior security researcher David Emm said that it is clear that Facebook wants to go down this route to employ two-factor authentication but said that the timing couldn't have been much worse.

 “It would seem that this is needed to implement two-factor authentication on the device - in the words of one of their engineers, 'so we can automatically intercept login approvals SMS messages for people that have turned two factor authentication for their accounts, or for phone confirmation messages when you add a phone number to your Facebook account'”, Emm told SCMagazineUK.com.

“The logic is clear, but the key, it seems to me, lies in the word 'automatically'.  Surely the app doesn't need to do this automatically,” he added. “Facebook could simply prompt me to type in the code manually.  Or, at the very least, provide this option. 

“This may be a perfectly innocent feature but in the light of growing concerns about online privacy, such an option would help to allay people's fears.”

Java drives new cross-platform DDoS bot malware

January 29, 2014

"This is more proof that the Apple Mac is nowhere near as resilient to attacks as people think it is" - Nigel Stanley, Incoming Thought analyst

Although relatively commonplace these days, most DDoS attack malware tends be platform-specific in nature. Now a researcher has discovered a new nasty - a DDoS botnet that can infect Windows and Mac OS-X environments, as well as Linux systems that have the Java software framework installed.

The common factor to this attack vector is, of course, that old security chestnut, Java - and according to Anton Ivanov, a researcher with Kaspersky Lab, the cross-platform malware - known as a cross-platform java-bot - exploits a critical Java exploit (CVE-2013-2465) which Oracle patched last summer.

Ivanov says that the botnet is fully remote controlled using Internet Relay Chat (IRC) channels, allowing cybercriminals to launch DDoS attacks from an infected machine or server - and controlling the IP addresses to be attacked, their port numbers and code being inserted.

Ironically, the botnet even uses PIRCBot, the Java-based IRC programming interface, suggesting that the hackers have a good understanding of the Java programming language.

Nigel Stanley, CEO and analyst with Incoming Thought told SCMagazineUK.com that the multi-platform aspect of the malware is interesting from a technical perspective, but the key takeout is that computer users should not be running Java on their machines without some degree of lockdown or control.

"It's very revealing that this exploit was patched last June - this raises the question as to how many companies patch their Java implementation. Not that many, I'll wager," he said, adding that the additional take-out is that it is more proof that the Apple Mac is nowhere near as resilient to attacks as people think it is.

Graham Cluley, another veteran security researcher, said that the arrival of the Java-driven attack vector in the cybercriminal weapons arsenal is a timely reminder - for all computer users - that they need to think carefully about whether they should have Java enabled in their Web browser.

"Java has been so bedevilled with vulnerabilities and security holes - it's become the Swiss Cheese of the security world," he said, adding that if you do not need the facility on your desktop - and most people do not - it should disabled in your browser.

"If you do really need Java in your browser, for goodness sake make sure that you keep it up to date with the latest patches," he concluded.

Barry Shteiman, Director of Security Strategy with security vendor Imperva, meanwhile, said that, whilst DDoS attacks coming from botnets have been around for a while now, the choice of Java in this malware makes it more modern and trendy.

“Over the past year we have seen many samples of malware with different capabilities - some with DDoS abilities and automation through an IRC command and control," he explained, adding that the choice of Java in this case does make the malware piece more modern.

"Java is multi-platform and therefore will allow the malware to run on more platforms. It may also use the fact that hackers are very focused on Java now for vulnerability research, so there is a likelihood that the malware can evolve with new ways to exploit and onboard a system," he said.

“DDoS attacks coming from botnets have been around for a while now. They are the weapon of choice, as they are both easy to construct - and also very effective," he added. 

Facebook\'s Android app wants access to your text messages

January 29, 2014

Facebook's updated Android application is under fire with the latest iteration requiring user permission to read SMS messages.

The world's largest social network rolled out the app update at the end of last year, but users have since discovered that the app requires permission to not only read SMS and MMS messages, but also to modify calendar events and send emails to guests without the owner's' knowledge.

Such has been the furore around this - which is perhaps not surprising considering the leaks of Edward Snowden and yesterday's Data Privacy Day, Facebook outlined their reasons for the access on the Facebook Mobile Apps.

“We realise that some of these permissions sound scary, so we'd like to provide more info about how we use them,” says a spokesperson. The web page goes onto detail what exactly Facebook does with owner data. The company reveals that adding a phone number to an account can allow them to confirm phone numbers automatically by sending the confirmation code via text message.

Reacting to the news, Kaspersky Lab senior security researcher David Emm said that it is clear that Facebook wants to go down this route to employ two-factor authentication but said that the timing couldn't have been much worse.

 “It would seem that this is needed to implement two-factor authentication on the device - in the words of one of their engineers, 'so we can automatically intercept login approvals SMS messages for people that have turned two factor authentication for their accounts, or for phone confirmation messages when you add a phone number to your Facebook account'”, Emm told SCMagazineUK.com.

“The logic is clear, but the key, it seems to me, lies in the word 'automatically'.  Surely the app doesn't need to do this automatically,” he added. “Facebook could simply prompt me to type in the code manually.  Or, at the very least, provide this option. 

“This may be a perfectly innocent feature but in the light of growing concerns about online privacy, such an option would help to allay people's fears.”

Java drives new cross-platform DDoS bot malware

January 29, 2014

"This is more proof that the Apple Mac is nowhere near as resilient to attacks as people think it is" - Nigel Stanley, Incoming Thought analyst

Although relatively commonplace these days, most DDoS attack malware tends be platform-specific in nature. Now a researcher has discovered a new nasty - a DDoS botnet that can infect Windows and Mac OS-X environments, as well as Linux systems that have the Java software framework installed.

The common factor to this attack vector is, of course, that old security chestnut, Java - and according to Anton Ivanov, a researcher with Kaspersky Lab, the cross-platform malware - known as a cross-platform java-bot - exploits a critical Java exploit (CVE-2013-2465) which Oracle patched last summer.

Ivanov says that the botnet is fully remote controlled using Internet Relay Chat (IRC) channels, allowing cybercriminals to launch DDoS attacks from an infected machine or server - and controlling the IP addresses to be attacked, their port numbers and code being inserted.

Ironically, the botnet even uses PIRCBot, the Java-based IRC programming interface, suggesting that the hackers have a good understanding of the Java programming language.

Nigel Stanley, CEO and analyst with Incoming Thought told SCMagazineUK.com that the multi-platform aspect of the malware is interesting from a technical perspective, but the key takeout is that computer users should not be running Java on their machines without some degree of lockdown or control.

"It's very revealing that this exploit was patched last June - this raises the question as to how many companies patch their Java implementation. Not that many, I'll wager," he said, adding that the additional take-out is that it is more proof that the Apple Mac is nowhere near as resilient to attacks as people think it is.

Graham Cluley, another veteran security researcher, said that the arrival of the Java-driven attack vector in the cybercriminal weapons arsenal is a timely reminder - for all computer users - that they need to think carefully about whether they should have Java enabled in their Web browser.

"Java has been so bedevilled with vulnerabilities and security holes - it's become the Swiss Cheese of the security world," he said, adding that if you do not need the facility on your desktop - and most people do not - it should disabled in your browser.

"If you do really need Java in your browser, for goodness sake make sure that you keep it up to date with the latest patches," he concluded.

Barry Shteiman, Director of Security Strategy with security vendor Imperva, meanwhile, said that, whilst DDoS attacks coming from botnets have been around for a while now, the choice of Java in this malware makes it more modern and trendy.

“Over the past year we have seen many samples of malware with different capabilities - some with DDoS abilities and automation through an IRC command and control," he explained, adding that the choice of Java in this case does make the malware piece more modern.

"Java is multi-platform and therefore will allow the malware to run on more platforms. It may also use the fact that hackers are very focused on Java now for vulnerability research, so there is a likelihood that the malware can evolve with new ways to exploit and onboard a system," he said.

“DDoS attacks coming from botnets have been around for a while now. They are the weapon of choice, as they are both easy to construct - and also very effective," he added. 

Lancope CTO sees \'clear disconnect\' between board and security

January 29, 2014

"There is a clear disconnect between the people who have to deal with an attack, and the rest of the staff" says the Lancope CTO.

Research just published by the Ponemon Institute suggests that there is a disconnect between IT security professionals and their CEOs/board members.

The report, entitled `Cyber Security Incident Response: Are we as prepared as we think?', was commissioned by Lancope and also concludes that many organisations are poorly prepared for dealing with cyber-attacks and their aftermath.

SCMagazineUK.com caught up with Tim Keanini, Lancope's CTO, to discuss the report's findings and he said that C-level executives are beginning to realise that modern cyber crime goes significantly beyond what most organisations have security systems in place for.

Keanini says that even the largest organisations can be caught out. As just one example, he says that Sony was "run over" on the data breach front some eight or nine times in various shapes and forms over the years.

At the company level, the Lancope CTO says that Computer Security Incident Response Teams (CSIRTs) in major enterprises also frequently lack the security resources necessary to fend off the steady stream of advanced threats facing their organisations.

"We also have a perfect storm developing in that you no longer need to be an advanced cyber criminal to plan and carry out these attacks. You can now rent this knowledge - and attack services - online for as little as $20 an hour," he said, adding that a growing number of business being targeted are operating on increasingly narrow profit margins, meaning they lack the budget to secure their systems against a breach.

This situation, he explained, is turning the security threat into a business continuity issue - and an issue that does not just involve the IT security department, or the board of company in isolation.

"It's an entire company issue," he told SCMagazineUK.com, "and one that involves all departments from HR, all the way to accounts.”

Keanini adds that the CEO disconnect issue is that organisations must counter not least because security communication is becoming a very serious issue. Indeed, the Ponemon study found that 80 per cent of the 670-plus survey respondents did not frequently communicate with executive management about potential cyber-attacks against their organisation.

The report also notes that 68 per cent of respondents say their organisation experienced a security breach or incident in the past 24 months.

And with 46 per cent reporting that another incident is imminent, Keanini says there is a clear disconnect between the people who have to deal with defending against - and dealing with the aftermath of - an attack, and the rest of the staff in a given company.

Delving into the report reveals that some data breaches are remaining unresolved for as long as a month and whilst most organisations said they could identify a security incident within a matter of hours, they revealed that it takes an entire month on average to work through the process of incident investigation, service restoration and verification.

Keanini says those security budgets are a major challenge in most companies. The report backs this up, as half of the study respondents said that fewer than 10 per cent of their security budgets are used for incident response activities. Furthermore, the majority of respondents added that their incident response budgets have not increased in the past 24 months.

Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, was also damning in his observations, although he said that companies are not always making the right investments in incident response.

One recommendation, he suggests, is for organisations to elevate the importance of incident response and make it a critical component of their overall business strategy.

How to Avoid IRS Trouble Due to Identity Theft

In September 21, 2012, an Arizona woman was sentenced to 3 years in prison for identity theft, and ordered to pay nearly $400,000 in restitution.  She had used stolen identities to file 180 tax returns.   She tried to hide her tracks by filing the tax returns electronically using the unsecured wireless networks of her neighbors.  Then she recruited her friends and had the refunds (in the form of prepaid debit cards) sent to their addresses.

And that, my friends, is the anatomy of an identity theft.

The above example was provided in testimony by an IRS official before the House Oversight and Government Reform Committee.

As you complete your tax returns this tax season, identity theft may be the last thing on your mind â€" but you should be aware of the potential risks.

It’s bad enough if someone steals your identify or your business’s identity, and racks up charges on your credit cards or takes out loans in your name.  But you could find yourself in a pickle with the IRS, too, potentially incurring unnecessary tax liability. Then you’d have a tax mess to clean up, including  extra expenses to pay an attorney to represent your interests.

You see, income you didn’t earn could be reported to the IRS.  Who’s going to pay the taxes on that income you never received, but the fraudster got?

Or a second (incorrect) tax return could be filed for you and your business.  If you are due a tax refund, it could be delayed or never get to you, because it ends up somewhere else.

And if you and your family receive any Federal benefits, those could be reduced, because another government agency may get information from the IRS suggesting your income went up (when it really didn’t).

The IRS says it has 3,000 employees working on identity theft cases.

It’s easy to hate the IRS, but the agency is required to be a watchdog of taxpayer funds.  If refunds are paid out in error due to fraud, ultimately those are losses the American taxpayer may have to eat.  So if the IRS can cut down on losses from identity theft, it benefits everyone (except the criminals!).

Take these steps to protect yourself and your business from identity theft â€" before or after the fact:

Protect and Avoid

• Perform a credit check on yourself and your business at least once a year to see if unauthorized loans or credit cards have been taken out.
• Protect your financial information, especially your social security number or EIN number.  Don’t give it out over the phone or in an email unless you are absolutely sure there’s a legitimate reason.
• Protect your computers and mobile devices (personal and company-issued) from phishing and malware. Otherwise, the financial information on your devices could end up in the wrong hands.

Scrutinize and Report

• Scrutinize every 1099, W-2 or other information filing you receive from third parties.  Don’t just file them away or hand them to your tax preparer. Don’t recognize the payer?  It could be a sign of fraud.  Here at Small Business Trends a few years ago, we received a false 1099 -and narrowly avoided another fraud situation.  Fraud has been dogging affiliate marketing.  Fraudsters will set up affiliate accounts (from offshore) under the name of legitimate websites in the U.S., and siphon off the income.  The company having the  affiliate program reports the income to the IRS under the victim-business’s name.
• If you receive a tax form from anyone you don’t recognize, immediately write to the payer, via certified mail.  Tell the payer you believe you were a victim of identity fraud and did not receive the income attributed to you.  Ask them to investigate and correct their records.  Also, consider attaching an explanation to your tax return as to why you did not include the “income” on your return.
• Call the IRS identity theft hotline at  800-908-4490, extension 245.  The IRS says it will take steps to “secure your tax account and match your SSN or ITIN.”  The IRS has been piloting a program to match taxpayers with their tax ID numbers, to prevent fraudulent returns from being filed.
• Fill out the IRS Identity Theft Affidavit, Form 14039 (PDF).
• Report it to the FTC’s identity fraud hotline: 877-438-4338
• Report it to local police.
• Report it to the 3 main credit reporting agencies:
  • Equifax - 800-525-6285
  • Experian - 888-397-3742
  • TransUnion - 800-680-7289
• For your business, add to that list Dun and Bradstreet.  The iUpdate feature allows you to update information about your business credit.
• Talk with your attorney and/or tax preparer - before reporting to anyone.   They can advise you on what to do and how to communicate so that you are perceived as blameless as possible (how we communicate in legal situations can avoid unnecessary grief later).

The IRS offers additional tips here.

Fraud Photo via Shutterstock