XYRM Innovation: 02/12/14

LinkedIn Will Acquire Bright, a Job-Matching Site for $120 Million

linkedin bright

LinkedIn will acquire Bright, another site for job seekers and recruiters, for $120 million.

Bright is a job-seeking site that uses its unique scoring system to match employers with people looking for a job. Brightâ€™s technology reviews the resume of a job seeker and assigns it a score. The idea behind Bright, according to its website, is to eliminate clutter for those hiring new employees. Rather than comb through countless applications and resumes, a company can use a personâ€™s Bright score to whittle down the field of prospective hires.

Recode reports that the $120 million sale price includes $32.4 million in cash and the remainder in Bright stock. The report also notes that this is LinkedInâ€™s largest purchase of another company since it launched. This could be an example of the bigger company absorbing its fastest-growing competition.

There are about 277 million users on LinkedIn. LinkedIn already has a similar job-matching service for companies in its Talent Solutions feature. On the siteâ€™s blog, Vice President of Product Parker Barille writes that buying Bright allows LinkedIn to grow and its job-matching ability to improve:

â€œAs we add more job listings over the next several years, Brightâ€™s powerful matching technology will be integral to ensuring that the prospects we suggest to employers and opportunities we surface for prospects are increasingly relevant.â€

Bright has been a popular destination since it launched the scoring system in June 2012. Since then, it has received more than 62 million unique visitors and nearly 63 million jobs have been posted there. The company has already raised more than $20 million in funding from Passport Capital, Toba Capital and angel investors, the companyâ€™s website says.

Eduardo Vivas, founder of Bright, said his company decided to join LinkedIn so it could apply the technology it created to a larger market. On his companyâ€™s blog, Vivas writes:

â€œWe decided to join LinkedIn because of what we lacked - the ability to apply this technology across the entire economy. We share LinkedInâ€™s passion for connecting talent with opportunity at massive scale.â€

Bright members and Hiring Solutions customers will still be able to access their information on the original Bright site until the end of February. When the sale is complete, â€œseveral membersâ€ of the Bright staff will join LinkedIn, according to the buyerâ€™s announcement.

Image: Bright

AT&T Wants to Charge Extra for Certain Kinds of Internet Use

Itâ€™s only been several weeks since an appeals court ruled against the FCCâ€™s net neutrality rules, and already AT&T is maneuvering itself to take full advantage.

Net neutrality is basically the principal that all data on the Web should be treated equally. From an Internet providerâ€™s perspective, it means not charging differently for different users, content, sites, platforms or applications.

But AT&T has reportedly filed a new patent which, if implemented, would monitor customersâ€™ Internet bandwidth and charge depending upon the type of use.

Called the â€œPrevention of Bandwidth Abuse of a Communications System,â€ the patent lays out some ideas for how Internet access should be handled that worry net neutrality and small business supporters. Deal News has a good summary of what the patent entails:

â€œThe user is provided an initial number of credits. As the user consumes the credits, the data being downloaded is checked to determine if it is permissible or non-permissible. Non-permissible data includes file-sharing, movie downloads, and downloading/uploading large files, the patent states. So what happens when users consume too many non-permissible credits? The patent suggests restriction policies be applied including â€œlevying additional fees and/or terminating the userâ€™s access to the channel.â€

Yes, you read that right.

What you do online could now be viewed, monitored and assessed by the telecom company, and any unapproved activity could result in extra bills, or even losing your Internet connection completely.

However, for small businesses, the problem is less about the prying eyes of your Internet provider, and more about the extra business overhead you could unintentionally incur. From your perspective, you could be looking at higher charges if, for example you upload a file to your website that AT&T thinks is too large, or if you try to share too many files with a customer or client.

This could really affect you if you rely on say, cloud storage services to move large files and images around. The possible implications came out recently in a post by blogger David Raphael when he noticed a slowdown of access to Amazon Web Services.

In this case, the carrier in question was Verizon, but the company denies it has limited usersâ€™ access.

After the federal appeals court made its ruling, the Senate introduced legislation to keep net neutrality in place temporarily, until a more permanent fix can be found.

Back when net neutrality was just starting to be an issue, Small Business Trends Founder and publisher Anita Campbell identified the central concern for small businesses:

â€œâ€¦can certain providers block our access to lawful Internet content or services â€" or force us to pay a variety of extra gatekeepers in order to use features of the Internet or get preferred treatment.Â Any of these moves would put small businesses at a distinct disadvantage. Without an open-architecture Internet, we small businesses would not have a level playing field to compete with larger and better funded competitors.â€

Net Neutrality Photo via Shutterstock

AT&T Wants to Charge Extra for Certain Kinds of Internet Use

Itâ€™s only been several weeks since an appeals court ruled against the FCCâ€™s net neutrality rules, and already AT&T is maneuvering itself to take full advantage.

But AT&T has reportedly filed a new patent which, if implemented, would monitor customersâ€™ Internet bandwidth and charge depending upon the type of use.

â€œThe user is provided an initial number of credits. As the user consumes the credits, the data being downloaded is checked to determine if it is permissible or non-permissible. Non-permissible data includes file-sharing, movie downloads, and downloading/uploading large files, the patent states. So what happens when users consume too many non-permissible credits? The patent suggests restriction policies be applied including â€œlevying additional fees and/or terminating the userâ€™s access to the channel.â€

Yes, you read that right.

What you do online could now be viewed, monitored and assessed by the telecom company, and any unapproved activity could result in extra bills, or even losing your Internet connection completely.

In this case, the carrier in question was Verizon, but the company denies it has limited usersâ€™ access.

After the federal appeals court made its ruling, the Senate introduced legislation to keep net neutrality in place temporarily, until a more permanent fix can be found.

Back when net neutrality was just starting to be an issue, Small Business Trends Founder and publisher Anita Campbell identified the central concern for small businesses:

â€œâ€¦can certain providers block our access to lawful Internet content or services â€" or force us to pay a variety of extra gatekeepers in order to use features of the Internet or get preferred treatment.Â Any of these moves would put small businesses at a distinct disadvantage. Without an open-architecture Internet, we small businesses would not have a level playing field to compete with larger and better funded competitors.â€

Net Neutrality Photo via Shutterstock

Should Your LLC Elect S Corp Status?

Two of the most popular legal structures for small businesses are the LLC (Limited Liability Company) and the S corporation. Many small business owners have struggled over which is best for them.

However, you may not realize that the two arenâ€™t mutually exclusive. Itâ€™s possible to have your cake and eat it too by forming an LLC and then electing S corporation status.

This is a particularly sound strategy if you have an LLC and the payroll taxes (self-employment taxes) on the owner(s) are high. Here weâ€™ll break down some of the key details on why you should consider an LLC with S corporation election, and how you go about doing it.

An Intro to the LLC and S Corporation: Key Differences

Both the LLC and S corporation are well liked among accountants and small businesses because of their â€œpass-throughâ€ tax treatment. Unlike a regular C corporation, both of these structures do not pay taxes on the businessâ€™s profits. Rather, profits are passed along to the owner(s) and reported on their individual tax returns. In addition, both structures also help to separate the owners from the business and provide liability protection.

But there are some key differences as well. An LLC is typically much easier to run from an administrative standpoint. There are fewer state filings and forms, lower start-up costs, fewer formal meetings and documentation than with the C or S corporation. Thatâ€™s usually a big advantage for small business owners who donâ€™t want to be burdened by paperwork.

In addition, the LLC offers more flexibility in how owners can allocate the percentage of profits and losses among the owners. Letâ€™s say you started a business with a friend and you each own 50% of the business. One year, your friend had something come up in his personal life and didnâ€™t spend as much time on the business as you did. You both decided that the fair thing to do would be to give you 75% of the profits for the year.

However, if you had formed an S corporation, you would both still be taxed based on the percentage of ownership (i.e. you would be taxed on 50% of the profits; your partner on 50%â€¦even though you had your own arrangement). However, the LLC does give you the flexibility to determine how you want to allocate the businessâ€™ profits and each owner will be taxed accordingly.

It may sound like the LLC is coming out miles ahead, but thereâ€™s one key advantage of the S corporation, and thatâ€™s with taxes. The S corporation gives you more flexibility in how earnings are paid to the owners. For example, with an LLC, the entire net earnings are passed along to the owner(s) in the form of self-employment income and are, therefore, subject to self-employment tax for social security and Medicare.

But with the S corporation, you have the option of dividing up earnings into wages/salaries and then passive income in the form of distributions. Only the wages/salaries are subject to the FICA tax for social security and Medicare. The distributions are not. However, keep in mind, as an owner working in the business, you have to pay yourself a reasonable salary for the job you do.

Donâ€™t think you can get away with giving yourself a $20,000 annual salary and taking $150,000 in distributions.

Combining the LLC and S Corporation

Now, the interesting twist is that you can set up your business as an LLC and then make the election to have it treated as an S corporation by the IRS. From a legal perspective, your company is an LLC, not a corporation. That means you still get all the advantages of the LLC in terms of fewer filings with the state, as well as less paperwork and lower costs all around.

But then, in the IRSâ€™s eyes, your business is an S corporation. You get the pass-through of income just like a sole proprietorship or partnership, and you get the added flexibility of distributing some of the companyâ€™s income as distributions not salary.

Therefore, potentially saving on social security/Medicare (i.e. SECA/FICA) taxes.

How to Set Up an S Corporation

If youâ€™re interested in electing S corporation tax treatment for your LLC, there are a few other things to keep in mind. There are certain restrictions for who can form an S Corporation.

For example, shareholders need to be legal residents of the U.S. and they need to be individuals (i.e. not partnerships or corporations).

To file for S corporation treatment, youâ€™ll need to file Form 2553 with the IRS. Itâ€™s relatively simple paperwork, but there are strict deadlines for when it needs to be filed. A brand new company has 75 days from the date of its incorporation (or LLC formation) to file.

If youâ€™ve got an existing LLC and want S corporation status, itâ€™s too late for your 2013 taxes. But you can qualify for the 2014 tax year as long as you get your paperwork in by March 17.

Question Photo via Shutterstock

Zeus and Citadel the biggest banking botnets of 2013

February 12, 2014

A new report from Dell SecureWorks' Counter Threat Unit (CTU) research team breaks down the biggest banking botnets from last year, and reveals that 900 financial institutions from around the globe have been targeted.

The report, which was released today, finds that Gameover Zeus (accounting for 38 percent of banking malware last year), Citadel (33 percent), Zeus (13 percent) and Shylock Â (7 percent) are the most widely-used banking malware, and suggests that most of this activity is directed at financial institutions in the US.

As is to be expected, more than half of these Trojans focused on the 25 largest financial institutions, not only in the US but also in other mature markets like the UK, Germany, Spain, Italy, Canada and France.

However, what was arguably of greater interest was that these botnets are growing more complex, and are increasingly being used to target other financial groups.

Researchers said that there is increased activity from botnets like Zeus, IceIX and Citadel - the last of which are based on Zeus source code - sold on underground markets and added that most of these are increasingly complex, with many moving parts and different attack techniques. Zeus, for example, has been successful in the past after attackers used spam campaigns and drive-by-download attacks via different exploit kits.

From a detection point of view, many of these botnets are also taking different form. Dell SecureWorks says that some have sophisticated plugin-based engines, and others are described as â€œprimitive yet effectiveâ€. Analysts continued that they can also vary in infrastructure from those that are built upon single command and control (C2) servers to those that rely on a decentralised peer-to-peer (P2P) network.

In addition to these increasingly sophisticated botnets, the report adds that many attackers are looking to attack banks and other financial institutions from unorthodox channels.Â

For example, the firm says that targets have included commercial banks, credit unions, corporate finance and providers of corporate payroll services and stock trading. Attackers have even looked to breach social networks and dating portals.

UK lags behind US in cyber security stakes

February 12, 2014

Only 17 percent of UK business leaders see cyber security as a major priority, compared to 41 percent in the US - and 52 percent in Brazil, the most alert to the problem according to new research from BT.

According to the report Only 17 percent of UK business leaders see cyber security as a major priority, compared to 41 percent in the US - and 52 percent in Brazil, the country most alert to the problem according to new research from BT.

By surveying attitudes to cyber security and levels of preparedness among IT decision makers the research found that just one in five (21 percent) respondents in the UK are able to measure the return on investment (ROI) of their cyber security measures compared to nine in ten (90 percent) US companies. Similarly, 86 percent of US directors and senior decision makers are given IT security training, compared to just 37 percent in the UK.

More than half (58 percent) of IT decision-makers globally stated that their boards underestimate the importance of cyber security. This figure increases to 74 percent in the US but drops to 55 percent in the UK.

The difference in levels of preparedness correlates with attitudes to threats. Non-malicious insider threats (eg accidental loss of data) are currently the most commonly cited security concernÂ globally, being reported as a serious threat by 65 percent of IT decision makers. In the UK this falls to 60 percent and is followed by malicious insider threats (51 percent), hacktivism (37 percent) organised crime (32 percent), nation states (15 percent) and terrorism (12 per cent).

In the US the proportion of IT decision makers who see non-malicious insider threats as a severe threat increases to 85 percent and is followed by malicious insider threats (79 percent), hacktivism (77 percent), organised crime (75 percent), terrorism (72 percent) and nation states (70 percent).

More than half of global IT decision makers believe that hacktivism (54 percent) and malicious insider threats (53 percent) will pose a greater risk over the next 12 months. In the US this increases to 73 percent and 74 percent respectively. This compares to 29 percent and 23 percent in the UK. Globally, terrorism is seen as the threat least likely to pose more risk over the next 12 months.

Mark Hughes, CEO of BT Security, said: â€œThe massive expansion of employee-owned devices, cloud computing and extranets, have multiplied the risk of abuse and attack, leaving organisations exposed to a myriad of internal and external threats - malicious and accidental.

â€œUS businesses should be celebrated for putting cyber security on the front foot. The risks to business are moving too fast for a purely reactive security approach to be successful. Nor should cyber security be seen as an issue for the IT department alone.â€

In response to emerging threats, three quarters (75 percent) of IT decision makers globally say they would like to overhaul their infrastructure and design them with security features from the ground up. 74 percent would like to train all staff in cyber security best practice. Similarly, just over half (54 percent) say they would like to engage an external vendor to monitor the system and prevent attacks.

ICO fines Northern Ireland Govt Agency Â£185,000

February 12, 2014

The Department of Justice of Northern Ireland has been hit with a Â£185,000 fine from the ICO after leaking the physical personal information relating to victims of a terrorist incident.

On this occasion it wasn't a laptop, pen drive or phone, but a filing cabinet that was sold at an auction, emphasising the need to secure confidential information in whatever format it is held, whether physical or electronic, through properly understood security procedures.

The information belonging to Northern Ireland Compensation Agency included data on the victims of a terrorist attack, the injuries they suffered and the amount of compensation offered, as well as private ministerial advice.

The Information Commissioner's Office (ICO) says that there was an expectation within the agency that personal data would be handled securely, yet its investigation found limited instructions to staff on what that principle meant in practice - despite the highly sensitive information the office held.

Commenting on the case, Len Macdonald, the ICO's Assistant Commissioner for Northern Ireland, said: â€œThis is clearly a very serious case. The nature of the information typically held by this organisation made the error all the more concerning."

â€œThe distress that could have been caused to victims and their families had this fallen into the wrong hands is self-evident,â€ he added.

Kevin Bailey, a former IDC security analyst and now head of strategy at Clearswift, told SCMagazineUK.com that news of the case drew his interest, as he worked in Northern Ireland during the period the agency's papers relate to.

"This is very embarrassing for the Department of Justice, as there are emotive materials involved," he said, adding that it is clear - from the scale of the fine - that the ICO has found some sensitive information was lost.

Under the current Data Protection Act, he says, the ICO Is limited to a maximum penalty of Â£250,000, but you do wonder how much greater the fine could be under the new European Privacy Directive rules.

And, he went on say, the political ramifications if the information had leaked out to the general public and the media, could be very severe, as the data clearly relates to the period of Bobby Sands and the hunger strikes in Northern Ireland.

"Let's be clear here. The information refers to compensation paid to civilians involved in the Northern Ireland troubles. This was very sensitive data and it should not have been handled in this way," he added.Â Â Â Â Â Â Â

Steve Smith, MD of security consultancy Pentura, was equally scathing. "It's often easy to forget that information in paper files and documents can be just as sensitive, and prone to mishandling, as electronic data. Of course, it's far easier to mislay a memory stick than a filing cabinet, but the consequences could be identical."

â€œAs with the recently-reported theft and misuse of detailed customer records from a closed subsidiary of a high-street bank, this incident shows that all information, irrespective of format, needs to be considered in data security audits. It also needs to covered by policies that govern its access, usage, storage and disposal," he added.

Phishing attacks soar by 20 percent

February 12, 2014

"Phishing attacks will continue to rise until it becomes more expensive for these cybercriminals to operate."

The number of phishing attacks soared by more than 20 percent in the third quarter of 2013, says a just-issuedÂ report from the APWG (Anti-Phishing Working Group), noting that the bulk of the increase is due to a surge of attacks against money-transfer, retail and e-commerce websites.

The report also says that the number of unique phishing Web sites jumped between June and July - then stayed at relatively elevated levels throughout Q3 2013.

Whilst the number of hijacked brands declined slightly - as phishers stopped targeting less lucrative options - the APWG says that Trojans remained the most popular form of Â malware - and a record number of new malware strains were detected during the quarter.

Commenting on the figures, Ihab Shraim, CISO and VP of anti-fraud engineering and operations with MarkMonitor - and a contributing analyst to the report - said that fraudsters look for profit and zeroed in on the brands that deliver the highest returns.

The AWPG says its report shows that over 31 percent of computers around the world were infected by some sort of malware during the third quarter - slightly down on a quarterly basis.

The good news, however, is that Europe continues to have the lowest infection rates - with the UK clocking in at 20.35 percent of computers infected, just behind Germany with 20.6 and the Netherlands with 19.19 percent.

Troy Gill, a senior security analyst with email and web security specialist AppRiver, says that malware distributors, phishers and scammers have long used brand recognition to add legitimacy to their malware and phishing campaigns - but over the last few months his team has seen an uptick in both spam activity and an even greater increase in emails activity distributing malware.

"Both of these categories rely heavily on posing as certain brands to trick users into opening their messages and following links. Some of the more popularly used are UPS/Fedex, Facebook/LinkedIn/Twitter, major banks and credit card providers," he said.

Dana Tamir, director of enterprise security with web security specialist Trusteer, said that phishing and spear-phishing messages continue to be an effective way to draw users to phishing and exploit sites.

"As the sophistication of phishing campaigns increases, it's become more difficult for users to differentiate between legitimate messages and phishing messages. As a result, users fall for these schemes, which lead to credentials theft and malware infections," she said.

Organisations should be especially concerned about phishing, she added,Â because they are the main method used by cyber-criminals and adversaries to infiltrate the organisation.

Tamir told SCMagazineUK.com that she and her team are also seeing rising levels of attacks against money-transfer and retail sites because cyber criminals know these sites' defences are lagging.

Tim Keanini, CTO of network security specialist Lancope, meanwhile, stressed that the increase in phishing levels should be no surprise to anyone.

"It's a near perfect time to become a cyber-criminal because conditions are exceptional," he explained, adding that a lack of authentication, ransomware and cryptocurrency are all contributing factors.

"These trends will continue to rise until it becomes more expensive for these cyber-criminals to operate.Â We need to disrupt their economics.Â We have done a good job so far with the preventative measures on the technical front, now we need to improve on the social as these trends clearly show a weakness on the social vectors being exploited," he said.

"But even with that said, we need toÂ get faster with the incident response feedback loop - this will change the economics of the criminal operations drastically because the minute they are detected and details disclosed both socially and technically, they have to go back and retool and innovate. Incident response as a part of the business or your daily life is the reality because again, it is a great time to make money in cyber crime unfortunately," he added.

8 Ways Obamacare Will Motivate Health-Tech Startups

What is one way that you think Obamacare will motivate health-tech startups to be more innovative with their products in the years to come?

TheÂ Young Entrepreneur Council (YEC)Â is an invite-only organization comprised of the worldâ€™s most promising young entrepreneurs. In partnership with Citi, YEC recently launchedÂ StartupCollective, a free virtual mentorship program that helps millions of entrepreneurs start and grow businesses.

1. New â€˜Patient-Centricâ€™ Model

Health care is becoming more â€œpatient-centric,â€ and that has only increased with Obamaâ€™s health care reform. New technologies are not only looking to serve the new â€œconsumer patient,â€ but are also calling on these patients to help improve health care. This creates a tremendous opportunity for health-tech startups â€" and perhaps a missed opportunity for those who donâ€™t innovate.
- Bobby Grajewski, Edison Nation Medical

2. Readmission Rates

Health-tech startups will have to introduce products that can help hospitals reduce readmission rates because that affects a hospitalâ€™s reimbursement rate. One such technology already on the market is called Aidin, which streamlines and improves the discharge process.
- Andrew Schrage, Money Crashers Personal Finance

3. Employee Health Care

Obamacare provides some nice tax breaks for small businesses. Thatâ€™s a good thing. It can be hard for a small startup to offer health care to its employees. The financial burden can be huge for a growing company with a small number of employees. Obamacare makes providing health care easier. That means happier, healthier employees, and more innovative startups will emerge, survive and thrive.
- Mitch Gordon, Go Overseas

4. Cost-Cutting Tech

The U.S. spends twice as much on health care as other developed countries. But higher costs donâ€™t necessarily translate to better outcomes. Using emerging technologies, medical providers can and will want to use is the only way to lower the costs of our countryâ€™s health care delivery model. Providers are getting squeezed in their payments, but they should welcome innovations to lower cost.
- Robby Hill, HillSouth

5. Preventative Care

Along with Obamacare, preventative care has been getting more focus from both the private and public health systems. With increased access to preventative care and encouragement to participate more proactively in health, we will see more startups able to help get in front of disease and focus on preventing illness before it becomes a problem.
- Alec Bowers, Abraxas Dynamics

6. Outpatient Monitoring

Health-tech startups will be more motivated by the Affordable Care Act to innovate outpatient health monitoring devices. The new law is causing a shift from a volume-based health care system, where health care providers are paid for the number of treatments they perform, to a value-based system targeting quality. Measuring treatment success will be vital given this shift.
- Phil Chen, Givit

7. Transparent Information

With a growing focus on health care costs and results and a whole new group of consumers entering the market, Obamacare creates an opportunity for those who can provide transparent information and decision-making tools to assist consumers and health care providers in making smart, cost-effective decisions.
- Marcos Cordero, GradSave, LLC

8. Better Insurance Matches

The marketplace nature of Obamacare will drive health-tech startups to help health insurance companies determine how to attract the healthiest participants and those living with chronic conditions find the best plans to manage their conditions. This will introduce a way for patients to confer with peers who can vouch for the best plans.
- Mary Ray, MyHealthTeams

Bitcoin exchanges hit by malformed code DDoS attacks

February 12, 2014

"Using this means of attack on an Internet-connected exchange is a no-brainer from the cyber criminal's perspective" - Professor John Walker, Nottingham-Trent University

A number of Bitcoin exchanges around the world are effectively being downed by a complex set of DDoS (Distributed Denial of Service) attacks.

The attacks are highly sophisticated, as they use a malformed code structure that triggers a standard response from the exchange servers and since large numbers of IP transactions are involved, the exchange's computers simply cannot keep up with the flood of data.

So far, three Bitcoin exchanges have been hit by the attacks in recent days, forcing them to temporarily halt or delay digital wallet transactions from clients.

The Bitcoin Foundation says it is investigating the attacks. Jinyoung Lee Englund, a spokesperson for the Bitcoin trading organisation, is quoted by Reuters as saying that whoever is behind the attacks is not stealing coins, "but is succeeding in preventing some transactions from confirming."

"It's important to note that denial-of-service attacks do not affect people's Bitcoin wallets or funds," she told the newswire, adding that: "The Foundation's development team are working on a fix, but until that is carried out, some users would not be able to use their coins."

Interestingly, Englund says that only users who make multiple transactions in a short period of time will be affected by the attacks.

The attacks first started late last week on Japan's Mt. Gox, perhaps the best known of Bitcoin exchanges, which temporarily halted withdrawals over the weekend. On Tuesday, Slovenia's Bitstamp also placed a halt on withdrawals, blaming "inconsistent results" stemming from the DDoS attacks while also noting that balance checks were being disrupted.

Bulgaria's BTC-e, meanwhile, said on Twitter that the DDoS attack could cause delays in crediting transactions posted over the last few days.

Mt. Gox reported a weight average price of just Â£332 (US$ 550) per coin this lunchtime - way down on its price over the last three months.

The attacks may not be the only concern for Bitcoin users, as US and Canadian regulators are planning to treat the currency like any other, formalising controls on exchanges and other parties who trade in the electronic currency. The New York Department of Financial Services is expected to announce capital requirements and formal disclosure rules on those parties that trade in Bitcoins later this month.

Canada's financial regulators, meanwhile, are also expected to tighten their rules on exchanges and other interested parties, bring them into line with financial exchanges and dealers.

Professor John Walker of Nottingham-Trent University's Faculty of Engineering told SCMagazineUK.com that, as a technology concept, Bitcoin is an excellent transaction process with high levels of encryption and lengthy transaction chains, which generates confidence in what is a de-centralised method of payment.

"Thanks to these features it has a high level of security continuity," he said.

"However, like all systems that rely on the Internet to complete a given process, if the Internet has problems, then the system has problems," he added.

Professor Walker, who is also CTO of IT security consultancy Integral Security Xssurance, said that problems with Bitcoin can occur when someone comes at an exchange with an effective security attack vector.

"Using this means of attack on an Internet-connected exchange is a no-brainer from the cyber criminal's perspective, since any mechanism that depends on the Internet cannot be considered to wholly secure," he explained.

"We, as a society, are totally dependent on the Internet. If it disappeared tomorrow, many elements of business and society would simply grind to a halt.â€

Why is the Metro Ethernet Forum Important to Your Business?

Sam Cooke once sang, â€œA Change is Gonna Comeâ€. . .well Sam, your words always ring true, and its coming fast!

We have discussed a lot about Metro Ethernet/Carrier Ethernet connections and the great impact it can have on your business financially because of its ability to cut hardware, support and labor costs while leaving the networking to professionals who perform nothing but those tasks for a living.

These great advantages also come with their own challenges. Those being education and a need for a set of standard rules and guidelines/guidance to make sure that implementation and support has a consistent and logical manner. With the roll-out of carrier Ethernet services by major Internet Service providers, telephone service providers, cable providers and more, the Metro Ethernet Forum provides the fundamental blueprint to make it all work.

As changes in the business networking platform change from the standard Local Area Networks of the past to Managed Ethernet Networks, the process of how to implement in a fashion that takes into consideration the latest technologies, current hardware platforms, the network infrastructure already in place for service providers and the education required for the task, had to be reviewed.

And so the MEF was created to put this all together.

What Does the Metro Ethernet Forum Do?

They promote practical deployment of Carrier Ethernet across the world by developing architectural, service and management technical specifications and implementation agreements to be followed.

They have created a certification committee that oversees programs for equipment, services and professionals based on test suites developed by a technical committee.

They have a marketing committee that raises awareness and educates the industry on the work of the Metro Ethernet Forum, including the development of business, technical and implementation white papers, use cases, presentations and videos.

And lastly, a service operations committee streamlines & standardizes the buying, selling, delivering and operating processes of Carrier Ethernet services.

The goal here is to create a consensus between providers on services and specification.

What Impact Does the Metro Ethernet Forum Have on My Business?

Implementing new technologies can have a great impact on your business, from both a fiscal and operational point of view. Using a partner without the right skill-set to implement these technologies, can be disastrous however. Turning over responsibility of your network infrastructure to a partner is an important decision, many of us donâ€™t like the idea of losing a sense of control. So while doing so has great benefits, the Metro Ethernet Forum provides your business a path to be sure that you have information.

You can learn about the Key specifications, if you happen to be techie, but most importantly you can see on their website, information that MEF partners use. You can learn if a partner you are considering is a MEF Carrier Ethernet Certified Professional. Its largest impact is to assure you that your money is well spent on a team ready to implement the new technology in a safe and affordable manner.

Youâ€™re job is easy, once you make the decision on Metro Ethernet services, use the Forum as your guide in choosing a partner.

Ethernet Photo via Shutterstock

Why is the Metro Ethernet Forum Important to Your Business?

Sam Cooke once sang, â€œA Change is Gonna Comeâ€. . .well Sam, your words always ring true, and its coming fast!

And so the MEF was created to put this all together.

What Does the Metro Ethernet Forum Do?

They promote practical deployment of Carrier Ethernet across the world by developing architectural, service and management technical specifications and implementation agreements to be followed.

They have created a certification committee that oversees programs for equipment, services and professionals based on test suites developed by a technical committee.

And lastly, a service operations committee streamlines & standardizes the buying, selling, delivering and operating processes of Carrier Ethernet services.

The goal here is to create a consensus between providers on services and specification.

What Impact Does the Metro Ethernet Forum Have on My Business?

Youâ€™re job is easy, once you make the decision on Metro Ethernet services, use the Forum as your guide in choosing a partner.

Ethernet Photo via Shutterstock

Tim Ash on Conversion Optimization and Mobile for Affiliate Managers #AMDays

Meet Tim Ash,Â a highly-regarded presenter and keynote speaker, conversion rate optimization expert and host of the Landing Page Optimization podcast on WebmasterRadio.fm and CEO of SiteTuners. At Affiliate Management Days SF 2014 (March 19-20), Tim will hold his traditional â€œLive Affiliate Landing Page Critiquesâ€ session.

* * * * *

Question: If you were to emphasize one important area or issue that every affiliate manager should be paying more attention to, what would it be and why?

Tim Ash: Conversion. Unless you actually have an absolutely unique product or service that people are willing to walk on broken glass to get to, the reality is that you are probably peddling something that has lots of competition in the minds of your audience.

Since you are reaching the ultimate buyers through an affiliate intermediary, you must influence and attract these middle-men. Since affiliates are all very practical mercenaries, you must have the best performing offers and pages.

The best way to lock in the loyalty of super affiliates is to relentlessly focus on your conversion rates and put more money in their pockets.

Question: What do you see as the main areas of opportunity for online (and especially affiliate) marketers in 2014?

Tim Ash: Mobile. For many businesses this already represents 25-50% of leads or sales. If you only have affiliates that are hitting email lists hard, you will miss out on this opportunity.

Do everything you can to attract mobile-savvy affiliates.

Question: Not too long ago, you released the 2nd edition of Landing Page Optimization. How is this book different from other tomes on conversion rate optimization?

Tim Ash: Actually there are no other tomes. Most of them are light-weight tactical guides. My book is significantly updated for the second edition. We have done massive reorganization, as well as added 150 pages of solid new content.

You can think of it as a college textbook that covers the theory and practice of conversion rate optimization.

Question: At AM Days SF 2014, you will be speaking on conversion optimization techniques for affiliate landing pages. I know it isnâ€™t easy to fit your sessionâ€™s content into a paragraph, but can you give Small Business Trends readers a few quick tips on how they can improve the performance/conversion of their online landing pages today?

Tim Ash: Less is more. Get rid of text, unnecessary visual distractions and conceptual complexity on your landing pages. Donâ€™t expect people to actively engage with your content and wrestle the meaning out of your landing page.

Assume that they are busy and design your pages for maximum clarity and focus.

Question: If you were to leave online advertisers, merchants and affiliate managers with one piece of advice for 2014, what would it be?

Tim Ash: Go do mobile versions of your top-performing offers. By the way, that does not simply mean making a stretchable â€œresponsiveâ€ version of your page. It should involve a fundamental rethink of what people want from you in a mobile context.

* * * * *

The upcoming Affiliate Management Days conferenceÂ takes place March 19-20, 2014 in San Francisco, CA. Follow @AMDays or #AMDays on Twitter as well as Facebook.com/AMDays. When registering, make sure to use the code SMBTRENDS to receive $500.00 off your two-day (or all-access) pass.

See the rest of the interview series here.

What security level is appropriate in the cloud?

February 10, 2014

The adoption of cloud computing continues to grow across the board, and we are beginning to see more and more services moving over to digital.Â Â However, with data breach incidents continuing to be all too common, it's perhaps unsurprising that most organisations' primary concern when moving to a cloud environment is how secure their data will be.

In the case of the UK public sector, which has traditionally been more reliant on legacy IT, significant progress has been made in encouraging a wide variety of organisations to realise the many potential benefits of the cloud.Â Take, for instance, the Government's G-Cloud programme, which has undoubtedly changed the way that the 30,000 public sector organisations in the UK approach the use and procurement of their IT services.Â However, there is still much work to be done to tackle the understandable, but excessively risk-averse culture that is embedded in this sector.Â

The fact is that not all data is the same, and as a result, different data sets may require different levels of security assurance to be securely placed in the cloud.Â Cloud providers should therefore be offering different environments with appropriate controls, which align with actual risks rather than purely perceived ones.Â In the case of the public sector, there are several measures in place that assess the level of risk on behalf of public sector organisations, and which aim to make the process of selecting an appropriate solution simple and transparent for the buying community.Â

An example of this is CESG's (the UK Government's National Technical Authority for Information Assurance) Pan Government Accreditation (PGA) service, which effectively manages the combined risks associated with the cloud, with the grading system set out in an Impact Level (IL) table, which ranges from IL0 up to IL6.Â The established Government Protective Marking Scheme (GPMS) also sets out to ensure that transparency and consistency of the classification and protection of data can be achieved.Â Furthermore, the Public Services Network (PSN) also provides an assured network over which Government can safely share services and collaborate in new ways, more effectively and efficiently.Â

However, the situation is entirely different in the private sector. Â There is no one mandate to follow for the assessment and classification of data, and there is a diverse range of risk appetites that exist within similar organisations within the same sectors, resulting in little collaboration or consistency from business to business.Â I would argue that this leads to the assessment of risk becoming dangerously subjective and inevitably influenced by an organisation's financial budgets; the often limited knowledge of executives and different business cultures, which can lead to an inappropriate classification - and therefore protection - of a company's data.Â Worryingly, this often leads to valuable or confidential information being exposed to unacceptable levels of risk, which is something that should be urgently addressed within the private sector.Â

The first question any cloud buyer should be asking when considering a supplier is - what is its accreditation status and, crucially, is it appropriate to our needs?Â By way of example, a public sector organisation looking to place highly sensitive data in the cloud must be certain that its chosen provider has achieved a PGA status of at least IL3.Â On the other hand, relatively low-risk data can be adequately served by an IL0-2 level cloud service offering.Â Â Currently, there are relatively few providers that offer services at the higher impact levels - IL3 and above - however, Government initiatives such as G-Cloud are steadily succeeding in increasing competition and we hope to see this end of the market become more vibrant throughout the course of 2014.Â

With the right solutions in place, organisations can be sure they will realise the benefits of a move to the cloud, without compromising on performance or crucially, security.Â

Contributed by John Godwin, Head of Compliance, IA & Operations at Skyscape Cloud Services

Can I play with Madness?

February 12, 2014

Jason Jones at ASERT, which discovered the Madness Pro DDoS bot, explains why this malware posses such an ongoing threat

Madness Pro is a recently discovered DDoS bot, which looks at using standard methods to achieve persistence on a system and evade detection.

Madness uses many standard DDoS attack techniques and it has the ability to attack multiple sites at the same time or launch many different attacks on the same site. The ability to attack a site in multiple ways is what sets it apart from other DDoS malware and puts it in the league of malware like the DirtJumper family of DDoS malware. In October 2013, Charlie Hurel an independentÂ securityÂ researcher based in France, observed the now defunct Cool Exploit Kit installing Madness on compromised PCs. In the space of a few days, a botnet of over 10,000 PCs was built and being used to launch attacks. For Madness to be used as the payload in something like CoolEK - which was known to use 0-days before dying off with the arrest of its author - makes it a considerable threat and something we take notice of very quickly.

By monitoring attacks launched by the different botnets that have been built by cybercriminals who have purchased the malware, it is apparent that targeted sites have mostly been competing underground forums, â€œcardingâ€ sites, and sites engaging in illegal activity. Legitimate sites have been targeted, but that does not seem to be the norm. A blog post profile by Kafeine provides a good insight into one method of infection and how quickly a potent DDoS botnet can be built.

Given the breadth of the DDoS attacks available in Madness and the ability to attack large numbers of targets at the same time, it does not appear that Madness will be going away anytime soon in the DDoS space.

Contributed by Jason Jones, ASERT research analyst, Arbor Networks

(http://www.arbornetworks.com/asert/2014/01/can-i-play-with-madness/)