Organic SEO Blog

231-922-9460 • Contact UsFree SEO Site Audit

Thursday, April 16, 2009

Yahoo Planning New Round Of Layoffs
Story from the Los Angeles Times

April 15, 2009

Internet search giant Yahoo Inc. is planning a new round of job cuts that could affect several hundred employees, according to a person with knowledge of the matter.

The staff reductions at Yahoo could be announced within a few weeks, according to the person, who declined to be identified. A spokesman for Yahoo also declined to comment.

The job cuts would be the first under Carol Bartz, who became Yahoo's CEO in January 2009. The last round of staff cuts at Yahoo, affecting about 1,600 workers, came at the end of 2008.

Yahoo, which is due to report first-quarter 2009 results in the coming days, is cutting costs as it grapples with a sagging online advertising market.

In March of 2009, the Sunnyvale, Calif. internet portal shut its bargain-travel site FareChase and online-storage service Briefcase.

Yahoo reports that it intends to freeze salaries for many employees.

Yahoo CEO Carol Bartz, who became CEO after co-founder Jerry Yang stepped down, announced a broad reorganization in February 2009 aimed at making Yahoo more nimble in a bid to revive growth and challenge search-engine leader Google Inc. Insiders also report that Yahoo is realigning and downsizing in preparation of a merger with or acquisition by Microsoft in the coming year.

Many technical systems at Yahoo are being updated and modified to align and integrate with the Microsoft system and the MSN Live search portal.

Wednesday, April 15, 2009

Who's Taking Your Data? The Mob
Story from the Washington Post

A string of data breaches orchestrated principally by a handful of organized cyber-crime gangs translated into the loss of hundreds of millions of consumer records last year, security experts say.

The size and scope of the breaches, some of which have previously not been disclosed, illustrate the extent that organized cyber thieves are methodically targeting computer systems connected to the global financial network.

Forensics investigators at Verizon Business, a firm hired by major companies to investigate breaches, responded to roughly 100 confirmed data breaches last year involving roughly 285 million consumer records. That staggering number -- nearly one breached record for every American -- exceeds the combined total breached from break-ins the company investigated from 2004 to 2007.

In all, breaches at financial institutions were responsible for 93 percent of all such records compromised last year, Verizon reported. Unlike attacks studied between 2004 and 2007 -- which were characterized by hackers seeking out companies that used computer software and hardware that harbored known security flaws -- more than 90 percent of the records compromised in the breaches Verizon investigated in 2008 came from targeted attacks where the hackers carefully picked their targets first and then figured out a way to exploit them later.

Bryan Sartin, director of investigative response at Verizon Business, said criminals in Eastern Europe played a major role in breaches throughout 2008.

"About 50 percent of the confirmed breach cases we investigated shared perpetrators," Sartin said. "Organized crime is playing a much larger part of the caseload we're seeing. We've seen that both [the FBI] and the Secret Service have initiatives underway to go back through their cyber crime case histories over the past several years, to start tying together all of the common characteristics of the attacks to individuals, to really try and get a firm handle on the individuals responsible for these attacks."

For example, a single organized criminal group based in Eastern Europe is believed to have hacked Web sites and databases belonging to hundreds of banks, payment processors, prepaid card vendors and retailers over the last year. Most of the activity from this group occurred in the first five months of 2008. But some of that activity persisted throughout the year at specific targets, according to experts who helped law enforcement officials respond to the attacks, but asked not to be identified because they are not authorized to speak on the record.

Shawn Henry, assistant director of the FBI's cyber division, said the bureau is making real progress in working with foreign law enforcement to track down the major sources of cyber crime.

"The sophistication of these attacks has gone up, the bravado has gone up, and our commitment is steadfast," Henry said. "We're working very closely with foreign law enforcement and with some of the victims, and we certainly recognize how significant these threats are coming from all over Eastern Europe."

One hacking group, which security experts say is based in Russia, attacked and infiltrated more than 300 companies -- mainly financial institutions -- in the United States and elsewhere, using a sophisticated Web-based exploitation service that the hackers accessed remotely. In an 18-page alert published to retail and banking partners in November, VISA described this hacker service in intricate detail, listing the names of the Web sites and malicious software used in the attack, as well as the Internet addresses of dozens of sites that were used to offload stolen data.

"This information was recently used by several entities to discover security breaches that were otherwise undetected," VISA wrote.

The Washington Post obtained a partial list of the companies targeted by the Russian hacking group from a security researcher, which was left behind on one of the Web servers the attackers used. More than a dozen companies on that list acknowledged first learning about intrusions after being contacted by law enforcement agencies tracking the activities of the cyber gang.

This group's most high profile and lucrative haul last year came from Atlanta-based payment processor and payroll card giant RBS WorldPay. In that attack, which the company disclosed on Dec. 23, 2008, the hackers siphoned nearly $10 million from the U.S. banking system by artificially inflating the balances on prepaid credit or cash cards. The thieves extracted money from the system by distributing the cards to dozens of so-called "money mules," who used them to withdraw millions in cash from ATMs in cities across the country in a coordinated heist that took less than 24 hours.

The same hacking group also was responsible for a breach last year at Okemo Mountain Ski Resort in Ludlow, Vermont. In that attack, which Okemo disclosed on April 1, 2008, the criminals stole payment data encoded on more than 28,000 credit and debit card that the company processed from skiers during a 16-day period in early February.

A month prior to that, this hacker group broke into OmniAmerican Bank, based in Fort Worth, Texas. As a result, criminals were able to fabricate debit cards and PINs, and then withdraw an undisclosed amount of cash from ATMs in Russia and Ukraine

Other breaches attributed to this group has not been disclosed until now. The Web site for Euronet Worldwide, a Leawood, Kan., based electronic payment processor that operates a major ATM network in Europe, Asia and the Middle East, also was included on the hacker group's hit list. Euronet spokeswoman Shruthi Fielder confirmed that the company learned in March 2008 that "a portion of its Indian subsystem was attacked by a sophisticated cyber-crime group through a Web-facing program." Data concerning 38,000 bankcards was compromised in the breach. The company said it did not previously disclose the breach until contacted by a Washington Post reporter because the victims resided outside of the United States and beyond the reach of domestic data breach disclosure laws.

The attackers weren't always able to make off with cash or bank account data after successfully breaching a financial institution last year. The same group of attackers also broke into TSYS, currently the world's second largest credit and debit card processor on March 8, 2008.

TSYS spokesman Cyle Mims said the break-in was quickly detected and contained by the company's security staff.

"We found out about it and corrected it within hours, and no proprietary data of any kind was taken," Mims said, adding that the FBI contacted the company several months later to inform them that TSYS systems may have been targeted.

Attackers in this group also went after FirstData ATM Services, a division of Greenwood Village, Colo., based payment processor First Data Corp., which provides technology-based ATM and POS solutions to financial institutions and independent sales organizations nationwide.

A spokeswoman for the FirstData declined to say whether the attackers were successful in breaking in. The company would say only that no personal data was stolen.

"As with many other commercial Web sites, firstdataatm.com experiences unauthorized attempts to access information contained within the site," the company said in a written statement. "Our security infrastructure has been able to detect and prevent the unauthorized access of any personal information from the site."

Experts say a different cyber-crime gang operating out of Eastern Europe was responsible for what may turn out to be last year's biggest cyber heist. Princeton, N.J., based credit card processor Heartland Payment Systems disclosed on Jan. 20 that hackers had breached its systems last summer, planting malicious software designed to capture and secretly siphon account numbers as they traversed the company's internal processing networks.

Heartland, which processes roughly 100 million credit and debit card transactions per month, hasn't disclosed how many accounts may have been compromised. Company officials declined to comment for this story, citing pending class-action litigation against Heartland by entities affected by the breach. But so far, more than 600 banks have reported cards compromised as a result of the Heartland breach, according to Bankinfosecurity.com.

Steve Santorelli, director of investigations at Team Cymru, a small group of researchers who work to discover who is behind Internet crime, said the hackers behind the Heartland breach and the other break-ins mentioned in this story appear to have been aware of one another and unofficially divided up targets.

"There seem, on the face of anecdotal observations, to be at least two main groups behind many of the major database compromises of recent years," Santorelli said. "Both groups appear to be giving each other a wide berth to not to step on each others' toes."

In Feb. 2009, the Secret Service and FBI issued a rare joint advisory through VISA's Web site, warning banks and retailers about the techniques the hackers were using and some of telltale signs that hackers may have broken in.

"Over the past year, there has been a considerable spike in cyber attacks against the financial services and the online retail industry," the advisory begins. It goes on to list a variety of methods online merchants can use to detect and block the most common types of attacks.

In all of specific attacks mentioned above, the methods used and tools used by the hackers were remarkably similar: The crooks scanned hundreds of financial company Web sites or partner sites for known security holes. Once they had exploited those holes and had made their way to the target's internal network, the attackers would install a variety of hacking tools and begin mapping the network.

According to the FBI and Secret Service, those tools usually included "sniffer" programs designed to capture credit and debit card information flowing across the bank or processor's internal networks. In addition, the crooks also installed "beacons" that allowed the attackers to connect back to the hacked sites in the future, as well as offload stolen data.

Verizon's Sartin, said hackers last year mostly went after entities that held large stores of debit card information and corresponding PINs, information that criminals could use to extract cash from ATMs once they had imprinted the stolen data on fabricated cards.

Unlike credit card fraud, debit card fraud often hits consumers directly in the pocketbook.

"ATM fraud is a much different story, because meanwhile your cash assets are missing and the burden is now on you to prove that it wasn't you who took all the money out of the account," Sartin said.

Nicholas Percoco, vice president of SpiderLabs, the incident response department at Chicago-based security vendor Trustwave, said that the methods described by federal investigators are consistent with a large number of the successful break-ins they examined.

Percoco said a majority of the breaches at financial institutions last year show strong signs of being the work of organized criminal gangs in Russia and Eastern Europe.

In August 2008, the Justice Department announced its largest identity theft and hacking case ever prosecuted, against 11 members of what it called "international hacking rings" allegedly responsible for the theft and sale of more than 40 million debit and credit card numbers stolen from various retailers, including JX Companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW.

Sartin said that regardless of whether the criminals behind these attacks are apprehended, the breach reports from last year will be trickling in for some time, while other breaches may never be disclosed.

"About a third of the breaches investigated by our team last year are publicly disclosed. More, especially those toward the end of the year, are likely to follow. Others will likely remain unknown to the world as they do not fall under any legal disclosure requirements," he said.

Friday, April 10, 2009

Is Cisco Joining the Content Delivery Network?
Story from ZDNet

quote colo colocationCisco may be pondering a move into the content delivery network market.

According to a report in the Business of Online Video, it appears that Cisco has been acquiring colocation services at third party data centers for a content delivery network (CDN). Cisco has its own CDN, but it’s for internal use. CDNs move content closer to the user for faster delivery.

Cisco’s move into CDN market wouldn’t be all that surprising. After all, the jump toward offering CDN services is nothing compared to the leap of making servers.

When you consider how video is fueling Cisco’s future growth—sales of routers, switches and telepresence systems—it only makes sense that the company would toss in CDN services too. It’s unclear whether Cisco’s move would be a big threat to companies like Akamai and Limelight.

A few telecom providers are already offering CDN services. In February, Global Crossing announced that it would offer CDN services.
Google Ventures Looking Beyond Android
Story from the Wall Street Journal

“I’m sure I’ll be seeing some mobile deals,” Rich Miner allowed Tuesday at an Xconomy conference in Cambridge, Mass., where he talked about his latest assignment, running Google Inc.’s new venture capital group.

Miner is one of two managing directors for the new program, to which Google has committed $100 million in the first year. Google Ventures aims to invest in everything from consumer Internet technology to health care to cleantech, but Miner is best known for his mobile chops. In his prior assignment, he worked on Google’s mobile platform, known as Android, which grew out of a company that Miner co-founded and which Google acquired in 2005. Before that, he headed R&D in North America for Orange, the mobile brand of France Telecom Group.

How many mobile deals Google Ventures backs depends on how many good business plans and ideas it sees, Miner said. “The investment community has been a little bit jaded on mobile” because despite some wins much of the promise of mobile Internet and applications has failed to materialize so far. “We’re certainly at a point where app stores and other vehicles are enabling people to truly get apps in large numbers out to consumers…as well as always-on broadband. So there’s definitely a confluence of things that I think are making mobile a bit more exciting.”

Asked if he’d like to finance a start-up focused on building Android apps, Miner said plenty of start-ups are building applications for Android, with more than 3,000 apps in the market so far, but that it’s hard to build a strong, big business around a successful app. “I’d be thrilled if I found a start-up that I believed could be a big company, that had a big innovative idea on top of Android, and I’m sure I’ll see some. But as an investor, with the agreement that I have, I’m not biasing Android or mobile anymore than any other platform.

“In fact, frankly, if I was talking to somebody today and they had a great idea, I might encourage them to look at Android as a place where you can quickly prototype and test out capabilities that you probably can’t on some of the other platforms, but if you want to have a mass-market successful business then you probably need to think about supporting some of those devices that have much more penetration.”

Miner also said he was surprised by how little he’s seen in the way of mobile business software, calling enterprise apps “another big and compelling opportunity.” He said Research In Motion Ltd. hasn’t done much beyond basic email despite its business relationships with many large corporations and that the BlackBerry platform could provide an opportunity for enterprise software developers. Android presents a similar opportunity, Miner said, because it allows developers “to build a very purposeful, work-flow oriented device right from the home screen for a particular company, a particular vertical.”

Thursday, April 09, 2009

Tips For Choosing a Video Platform
Story from Streaming Media

Let’s assume that you’re a small to mid-size non-media company seeking to use video to acquire or retain customers, train your employees, and, perhaps, communicate with investors, and you’re considering inexpensive alternatives for distributing the video. You have three basic approaches.

health videosFirst, you can encode the video files yourself, create the necessary player and all the links, and upload the files to your own website, similarly to the medical videos posted by Video MD. As long as viewing numbers stay fairly modest, this approach should work from a technology standpoint, though it may not be the optimal approach for accomplishing the goals that you have for your videos.

The second alternative is to host your videos on a free, user-generated content (UGC) website such as Vimeo or YouTube or even on a social networking site such as Facebook. These UGC sites relieve you of the encoding and player-creation chores and assume the task of hosting and distributing the video for you. You can still embed the video on your own website, but by offering your video on a UGC site, you also expand the number of potential viewers, which can help from a marketing perspective. However, there are some negatives to consider, as well as some benefits that are only possible via the third alternative.

That alternative is to use a fee-based service to host and distribute your videos for you. Multiple software-as-a-service (SaaS) online video platform vendors offer hosting, encoding, customizable players, and detailed statistics to help you maximize the effectiveness of your video. They help distribute your video to other sites to acquire more viewers and provide interactivity that lets viewers click the video to advance to the next step in the sales cycle, as well as other features. Even a few short months ago, these types of features would have cost hundreds of dollars per month. Today, however, depending upon the amount of video you distribute, you can sign on for less than $20 a month, with one service offering unlimited video views for less than $50 a month.

This article will review the costs and the benefits of all three alternatives. While there is no one-size-fits-all solution, any business seeking to truly leverage the value of its video should at least be familiar with the benefits of the second and third alternatives. Many businesses will find that an amalgam of these two is the best option of all.

We've also created a list of the nearly 50 UGC and SaaS online video platforms on the market today. Click here to download the Online Video Platforms PDF. (If you are an online video platform that wishes to be included on this list, please contact Eric Schumacher-Rasmussen.)

Hosting Your Own
Let’s start with hosting your own distribution site. Here, the primary benefits are cost and control. You control the quality of the videos and who sees them. And since you’re posting the videos to your own website, adding more videos won’t cost you a thing. Or will it?

Let’s examine that “free” concept. Most small companies don’t have video production capabilities in-house, but if you’re using a third-party videographer, it’s relatively simple to encode your video into a streaming format—just another export option from the software video editor. However, you probably don’t have the expertise to choose a codec (H.264, VP6, or VC-1), select a player (Flash, QuickTime, Windows Media, or Silverlight), or specify general encoding parameters such as resolution, data rate, or frame rate, not to mention advanced parameters such as variable bitrate encoding, B-frame interface, and CABAC versus CAVLC.

Depending upon your choice of technologies, you may have to create a player (Flash or Silverlight), which will likely require programming resources, and you’ll have to create the HTML links to embed the video into your webpage. None of this stuff is rocket science, but it will either take time, money, or both to acquire this knowledge and expertise. And all of these tasks will be fully assumed by any of the companies available in the second and third categories. So unless you’re a streaming guru or you play one on TV, hosting your own videos isn’t free.

In addition, consider what you’re giving up by hosting your own videos. At a very high level, UGC sites deliver two benefits: content delivery and community. UGC sites are in charge of making sure that your video gets delivered to your target viewers at sufficient bitrates that ensure high-quality viewing, and they are almost certainly better equipped to handle that than your web-hosting provider or your own self-hosted site. Beyond that, UGC sites, if chosen correctly, can deliver community or, if you prefer, viewers, which is critical if your videos are designed to market your products and services.

The Advantages of UGC Sites
UGC sites deliver additional viewers in several ways. First, sites such as YouTube have morphed into ad hoc Yellow Pages for viewers searching for any number of things. If you’re unconvinced, I have an excellent example. If you had a potential medical malpractice claim in New York, where would you go to find a lawyer? A phone book? The bar association? That’s where I would look. But if you search for “medical malpractice New York” on YouTube, you’ll find a video from an attorney that was uploaded in July 2008. The video had been viewed 61,693 times when I wrote this article—obviously, it will have been viewed many more times by the time you read this (see Figure 1).

Figure 1. Think that YouTube is a waste of time? With 61,693 views in a matter of 7 months, attorney Robert Sullivan might disagree.Figure 1

Read Entire Article at Streaming Media

Wednesday, April 08, 2009

Spending on Internet Advertising Turns Cold
Story from the Wall Street Journal

The bright spot in the slumping advertising industry is dimming, as a report on Monday showed that U.S. online-ad spending grew 10.6% in 2008, its slowest rate since 2002.

The data suggest the recession is having a significant impact on one of the few drivers of robust growth in media and advertising.

The 2008 figure, $23.4 billion, compares with $21.2 billion in 2007, when online-ad revenue surged 26% from the year before. In the fourth quarter of 2008, growth from a year earlier slowed to a relative trickle, 2.6%, to $6.1 billion. In the same period in 2007, online-ad revenue had jumped 24%.

Pay-per-click rates are rising with no protection against click fraud, and Google Ad-Words advertisers are growing wary.

The report was conducted by PricewaterhouseCoopers on behalf of the Interactive Advertising Bureau, a trade group of media and technology companies.

The slowdown has sobering implications for the future. Research firm eMarketer halved its 2009 growth forecast based on the new data, estimating that online-ad spending will grow 4.5%, to $24.5 billion, compared with a previous prediction of 8.9%.

Nielsen Co. recently reported total U.S. ad spending in 2008 decreased 2.6%, to $136.8 billion. Still, industry executives had been hoping the digital sector would escape the recession more or less intact.

Some online-ad formats are faring better than others. Search advertising is holding up relatively well, at $10.5 billion for 2008, up 20%. Display ads, the second-largest category, are suffering slower growth -- up 8% to $7.6 billion in 2008 -- as marketers scale back branding dollars.

Monday, April 06, 2009

Aavid Thermalloy Introduces New Data Center Cooling Service
Aavid Thermalloy, LLC ("Aavid Thermalloy"), a world leader in thermal solutions for cooling electronics, has announced a new service that offers Data Center Cooling Analysis. The company has established a new Design Center at its Concord NH headquarters as a center of expertise for this service. The company will also offer this service globally through its design centers located in California, India, and Taiwan.

As Posted to PRWeb


Concord, NH (PRWEB) April 5, 2009 -- Aavid's new data center cooling service will help data center operators who are seeking to maximize computing capacity and/or reduce energy costs associated with cooling. "By identifying problematic or inefficient cooling areas, we can help existing data centers achieve a 10 to 15% reduction in cooling energy consumption without large investments in new capital equipment, extensive site renovation or new data center construction." according to David Miller, the design center's new director. "Our services will enable data centers to minimize the energy cost for cooling while maximizing space utilization and uptime of IT equipment."

This service will also help data center operators that are looking to upgrade their facilities and architectural firms that are designing new data centers, by providing guidance on the energy efficient layout and provisioning of cooling capacity in the data center. The company also intends to extend its service offering with innovative new air flow and cooling products developed specifically for use in data centers.

About Aavid Thermalloy:
Aavid Thermalloy is a global leader in thermal management products for the electronics industry and provides world class expertise in thermal design, analysis, and manufacturing solutions. The engineering staff at Aavid Thermalloy is highly skilled in the use of advanced analytical tools, such as computational fluid dynamics or CFD, to solve some of the industry's most challenging thermal problems. Aavid Thermalloy designs and manufactures the most reliable, practical, and cost effective thermal solutions for products from microchips to large scale telecommunications equipment.

For information about Data Center Cooling Services,
Visit us at: Aavid Thermalloy Data Center Cooling

Saturday, April 04, 2009

Facebook Searching For Data Center Money
As Posted at Data Center News

BusinessWeek reports that the popular online site Facebook is scouting for up to $100 million more in financing to build out its data center infrastructure.

The company reportedly has about 275 million users, almost triple last year's number. According to research from Alexa Internet Inc., it is the fifth most popular Web site in the world. Supporting all those users -- and their uploaded photos and videos takes a lot of servers and storage devices.

The company has at least four data centers in the U.S:. three on the West Coast and one on the East Coast. According to the BusinessWeek story, Facebook added 75 million new users in the past three months, more than its entire U.S. audience. So presumably it will look to start building data centers overseas.
Abusing The IRS For Google Bombing
Originally Posted to Fast Company

Tax season is here, and like many Americans I recently went online to download forms. Usually I'd head straight to the Internal Revenue Service Web site but I find Google a more efficient way of navigating big government sites. When I Googled "IRS form 1065," there was no direct link to it on the IRS Web site, just manuals and tax tips. I skimmed the page and the ninth result was:



Form 1065 B

IRS Form 1065-B (Schedule K-1) is the partner's share of income or loss from an electing large partnership. This form is to be filled out by each partner in ...

form-1065-b.bejegsugy.com/



Curious, I clicked on the link but a warning popped up, claiming the site contained malware, which meant the application, if downloaded, could cause serious harm to a PC--anything from surreptitiously installing adware, spyware, and malicious programs to turning it into a zombie that unleashes billions of spam emails, or even wipes out the hard drive. I wondered how a site like this ended up in the top 10 search results, with Google's much-vaunted claims of relevance and reliability. Indeed, Google boasts that it uses "more than 200 signals," including its patented PageRank algorithm, to rank sites.

Yet, here was a site that clearly shouldn't have been in the first 10 results. I entered other forms--1041s, K-1s--and found more suspicious sites appearing within the first 20 results, one of them listed as the fourth result.

For example:


1041-es.jpg

When I used Mozilla Firefox these bogus sites were blocked automatically, part of the security features built into the browser. This was not the case when I visited the sites on Safari. Nor was it so when I switched to a PC running Internet Explorer. Notably, Google's own Chrome browser didn't offer any protection either. I followed the link to a site that warned I had malware on my computer, urging me to click on a program to eradicate it from my hard drive and protect me from future incursions. The only way you can click away is to quit the browser. It won't let you close the window or move backward or forward to another page. If you own a PC (Macs are not affected) and download the promised cleansing agent (called Malware Defender 2009), you would be downloading spyware that has been traced to hackers from the Russian Federation. Pretty clever, offering an antivirus tool that is in itself a virus tool.

Over the years, the IRS has issued numerous warnings covering online scams (last updated nine months ago). Usually they are classic identity-theft phishing schemes that rely on official-looking email messages informing you that you are going to be audited, are due a big refund or government stimulus check, or offered $80 to participate in a survey. Another version attempts to lure you to a Web site offering free online tax-filing services. In each instance, the message advises you to click on a link that then takes you to a fake IRS site where you're asked for personal information such as social security and credit card numbers.

In this case, however, fraudsters manipulate Google search results to hijack a user's browser. The fact that these sites are lodged high in Google's search rankings give them the patina of authenticity. That's what makes them so dangerous. (The same didn't appear true for Yahoo or Microsoft's search, which, as far as I could tell, didn't display these bogus sites--at least not in the first several pages of results.)

This Google bomb tactic is not new. Black hat search engine optimization (SEO) has been going on for years. According to Dave Dittrich, a senior security engineer and researcher at the Information School at the University of Washington, a typical approach is to create thousands of web pages running on hundreds of servers that cross-link to one another. Each file contains text that includes a word and strings that result from doing a search for that word. It can then push a product or service on to the first page of results--and that is by far the most valuable search engine real estate, because most people don't bother to venture past the first page.

As far back as November 2007, cybercriminals have been borrowing black hat SEO techniques to target popular keywords on Google--everything from "how to teach a dog to play fetch" to recent ones that include terms relating to Easter, March Madness and Barack Obama. Their goal: to disseminate destructive payloads. By one count, more than 1 million links point to a single poisonous domain. A while back Google created a filter in response to this malware frenzy, which earlier this year went haywire, blocking every single site Google turned up for almost an hour and freaking out some users.

With April 15 approaching, it was perhaps inevitable the IRS would also become a prime target. The attackers appear to be taking advantage of a specific PageRank vulnerability that weighs a page's popularity by treating every inbound link as a "vote," with pages attracting lots of links given more weight than pages with just a few. Larry Page and Sergey Brin, Google's founders, view this as a form of democracy on the Web. (Apparently governing through democracy in search is as difficult as it is in the real world.) These digital ne'er-do-wells also found a way around Google's "hypertext-matching analysis" that claims to analyze "the full content of a page" and factors in "the precise location of each word." If a Google searcher clicks on the bogus link, he is either taken directly to a site hosting malicious software or redirected to one.

To see if this IRS Google bomb tactic adhered to this model, I googled "b.bejegsugy.com," which was the first bogus site I'd encountered.

The first four sites listed were:



schedulec.jpg

After clicking on them at different times I was transported to either a) a fake YouTube site (carelessly misspelled YuoTube), b) the same Malware Defender 2009 site, or a page that looked like this:

form1041schedd.jpg

That's the content the scamsters use to fool PageRank and push to the top of Google's search results.

On the bottom were links to links and more links, such as the ones on this page (which the page above linked to):

form4952.jpg

When I visted bejegsugy.com, I found a semi-legitimate search page with topics like "Film School," "Stock Photos," and "Car Insurance," which offered links to genuine sites. (Later it would morph into different-looking search site.)

And the search box? It was powered by Google. I found it a tad unnerving that it remembered many of my previous searches. For example, one I recently conducted on the economist Paul Krugman.


bejegsugy.jpg

The domain name Bejegsugy.com was registered to an individual affiliated with a company called Zitoclick on March 26--the day I first encountered the site as a malware host. The registrant information provided an email address: support@zitoclick.com.

Zitoclick.com is a barebones search site that claims to offer for download a toolset that "combines a richer, more intuitive internet search experience" and "works directly with Windows XP or Vista and either Internet Explorer or Firefox." A quick search indicated it was part of the extensive cross-linking network that characterizes a site used to help juice Google rankings, often appearing as a link on a page with no obvious connection. Plus, Zitoclick owns more than 13,438 other domains.

I contacted Google to ask about this latest twist on the IRS scam--namely, how was it possible to so badly fool PageRank? A Google spokesperson, via email, offered the usual corporate boilerplate response. (Below you'll find the entire statement.)

More to the point, it appeared that Google took immediate steps to clean up its search results, eradicating the bogus malware sites from IRS form-related searches, and reprogramming its Chrome browser to block the site that hosted the malware. When I checked later that day, none of the malware sites I'd stumbled on were there anymore.

And the next time I used the Chrome browser to visit the malware scanner Web site, Google had blocked it. The advisory listed the site as "suspicious," and warned that visiting it "could harm your computer." It also reported: "The last time Google visited this site was on 2009-03-26, and the last time suspicious content was found on this site was on 2009-03-26."

That was the day I contacted Google.

Now that Sergey and Larry's engineers were on the case, I figured these bogus IRS form malware sites wouldn't stand a chance.

I was wrong. Two days later I checked again by googling "IRS form 1065."


form1065.jpg

The 39th result was another malware site:


formk.jpg

I also tried other keywords, like "IRS Form 940 January 2009."


form940search.jpg

This time three bogus sites appeared on the first page. In other words, three of the top ten results were malware sites. Worse, Google didn't block any of them. As soon as it did, hackers would unleash another wave of malware sites, and the game will continue round and round.


940ez.jpg

Google has built its billion-dollar empire on search, yet hackers have learned to subvert the system at will. It makes you wonder what other keywords are tainted. If Google search isn't democracy incarnate, which is how the company advertises it, then what is it? In some instances a rigged system that rewards not the sites that have earned placement on the most valuable real estate--the first page or two of results--but one in which scammers can profit.

And what if these cybercriminals, like those behind the mysterious Conficker worm, which has been getting heaps of press lately, were to deploy more damaging payloads? For now, they have stuck with basic PC-busting malware that is often sniffed out by antivirus products. If these hackers switch to more damaging Microsoft PC "0days" (pronounced "oh-days" or "zero days," it generally refers to unknown, or zero-hour, software threats that are easily attained on the hacker black market ) Google could become a most inhospitable place to do your searching. And those responsible for Conficker are not the only ones worth worrying about. A recent report identified a vast cyberespionage campaign dubbed GhostNet that infected 1,295 infected computers in 103 countries, including embassies, international organizations, ministries of foreign affairs, news media and NGOs. It, too, relied on malware to disseminate an application called Gh0st Rat that transformed PCs into spy devices--pilfering confidential documents and turning on cameras and microphones without users' knowledge. And most antivirus products didn't provide protection.

As for those who plan to download IRS forms, it probably doesn't need to be said that you should skip Google and head straight to the IRS Web site, which will necessarily have "irs.gov" in its address. Accept no substitutes. If you do, you do so at your own peril.

Google Spokesperson response:

Hi Adam,

Thanks for getting in touch with us. Feel free to attribute the following information to a Google spokesperson:

Search is a complex problem and the heart of what we do. We use more than 200 signals, including our PageRank technology, to help us rank sites. At the same time, we work hard to protect our users from malware. We've removed many of these types of results from our search index. However, this issue affects more than just Google, as these sites are still part of the general web. In all cases, we actively work to detect and remove sites that serve malware from our index. To do this, we have manual and automated processes in place to enforce our policies. We also flag suspicious sites with malware warnings using our Safe Browsing tools. We'll continue to monitor for these bad results and will remove any as necessary. Additionally, we're always exploring new ways to identify and eliminate malicious sites from our index.

Please let me know if you have any other questions.

All the best,

XXXX

How Will Recession Affect IT Outsourcing?
Original Story Posted at Data Center News

The recession has left companies decidedly mixed when it comes to outsourcing IT operations.

According to a recent SearchDataCenter.com survey of 233 IT professionals, just over 28% said they are less likely to outsource in this economy than before; 23.4% are more likely to make the move; and 27.78% are as likely as before to outsource. The remainder weren't sure.

quote colo for data centersFor many, there is still a clear aversion to outsourcing, stemming from concerns over data security, quality of service, and fear of giving up control over data and applications.

One IT director with a New Brunswick, Canada-based health insurance company said some of his company's IT functions are outsourced, but management is careful with what it lets outside the four walls of the data center.

For this company, IT outsourcing only makes sense for commodity operations where economies of scale are necessary but turn around time is not a factor, he said. This company outsources the data center facilities -- space, security, power, and cooling -- but keeps control of data center operations, including server, network, and software management.
"Our organization requires quick and flexible response to market opportunities or software development projects, and we are leery of providing control to an outsourcer along the critical delivery path," the IT director said.

"We are very selective in what we choose to outsource. There is always a hesitation that an outsourcer will not provide quality services, will lack flexibility, and the long-term cost will be greater once they have you 'hooked,'" he added.

Some companies would rather hire more IT staff before outsourcing to keep sensitive data in-house, said a lead systems software engineer at a major U.S. hospital. "Other than in-house long term contractors [who augment IT staff], we do not do any outsourcing and are not planning to. For us, the cost is greater, and there's really no benefit that we couldn't get by adding real staff," he said.

Hosting providers often have to overcome fears surrounding security and quality of service, and a few bad apples make it all that more difficult for IT pros to trust their data to hosting providers, explained Aaron Sawchuk, CTO and co-founder of ColoSpace Inc., which operates six data centers in New England. "We speak to many customers who have been burned by outsourcing vendors and end up being hypersensitive as a result," he said. "The only way to overcome this challenge is, one, through striving to deliver the best service, and, two, backing it up with a strong service-level agreement."

He added, "In my experience, we often are only able to truly alleviate the giving-up-control and quality-of-service concerns over time, after a customer has come on board. We can address them to the point where they no longer become hurdles, but it can take years of working with a client until they are completely comfortable with the outsourced relationship," Sawchuk said.

Despite outsourcing concerns, the economic downturn sparked growth for some colocation services and managed hosting companies, including ColoSpace. The fourth quarter of 2008 was the company's best quarter in terms of new revenue and the first quarter of 2009 is looking strong as well, Sawchuk said.

Overall, the IT outsourcing market will see only moderate growth in 2009 and 2010, with about 2.1% growth this year and up to 6.8% in 2010, according to Forrester Research data released March 31 data released March 31.

Another colocation and hosting company, Opus Interactive Inc. saw a 15% jump in business since the economic downturn began, and continues to grow, said Jeremy Sherwood, an engineer and account manager at Opus Interactive. "More and more people are starting to see IT as a hosting utility -- business lifeblood, just like they have, for years, with power, water, sewer and telecom," Sherwood said. He said most applications and IT infrastructure can be hosted outside an organization better and cheaper than when run internally.

The biggest area of growth for the Portland, Ore.-based company is hosting company applications, such as websites, email, disaster recovery services, file storage, SharePoint, and customer relationship management and Software as a Service-based applications, Sherwood said. Other colocation areas include:

Atlanta Colocation
Chicago Colocation
Los Angeles Colocation
New York Colocation

Many of the companies outsourcing their IT operations have either downsized IT staff or need to grow their infrastructure but don't want to build a facility or pay for ongoing operating and staffing expenses, Sawchuk said.

Build-versus-buy decisions drive most colocation decisions. "Customers are severely restrained with their capital budgets for 2009 and 2010, so rather than build out new data centers in their offices they can rent space in a facility and shift the expense to an operating basis," Sawchuk said.

The cost of building a new data center space ranges from $1,000 to $1,400 per square foot, and ongoing operating expense runs between $15 to $20 per square foot per month, mostly due to energy costs, Sawchuk said. Equipment maintenance and underlying office rent are other major contributors, he said.

Sherwood said many of Opus Interactive's clients outsource to keep from buying hardware. "Renting servers is a heck of a lot less costly short term and long term than acquiring equipment," especially companies using virtualization to maximize server capacity. "[With virtualization], you'll be renting less equipment for significance savings without hurting performance."

Plus, many companies have downsized and need to outsource IT, so managed hosting helps them keep their IT head count low, Sawchuk said. "This is especially true for the small to medium-sized businesses. If a customer has fewer than 50 machines they rarely need a full-time server administration or network staff. Similarly, for a firm with fewer than 500 employees it rarely makes sense to hire a full time Exchange administrator," Sawchuk said.

Sherwood concurred. "A hosting provider is up to speed on the latest technologies, trained and certified to keep your business connectivity up and running at all times, which really means you don't have to worry about it and instead can focus on what you do best."

Wednesday, April 01, 2009

Google Improving SERP Presentation
As Posted to InformationWeek


The search market-share leader's latest improvements come in the form of better search-term association and longer search results snippets.

Sounding like a restaurateur defending Michelin stars against the whisperings of fickle critics, Google on Tuesday offered assurance that its search is of the highest quality and introduced two new improvements to the way it presents search results.

To most Internet users, if Google (NSDQ: GOOG)'s dominant search market share can be said to represent a yardstick of satisfaction, Google's search service works just fine. But Google nonetheless feels the heat from startups and competitors that claim to have built a better mousetrap. It can't afford to rest on its laurels.

So Google constantly strives to make its crown jewels -- its search algorithms -- shine more brightly. As Udi Manber, VP of engineering at Google in charge of search quality, explained in a blog post last year, Google maintains search teams that focus separately on core ranking, user experience improvements, new features and interfaces, fighting Web spam, and special projects.

In 2007, according to Manber, Google introduced more than 450 search improvements, an average of nine per week. A company spokesperson said Google hasn't released a comparable figure for 2008. Nonetheless, search research never sleeps at Google.

"We're improving Google all the time and most of the time you don't even hear about it," said Ori Allon, technical lead on Google's search quality team.

The latest improvements come in the form of better search-term association and longer search results snippets.

The search-term association improvement helps Google understand when search terms are related to other concepts that don't necessarily contain the same words. Google makes use of this knowledge by providing searches related to the keywords entered at the bottom of its search results page.

Allon said that Google's better understanding of how search terms relate isn't so much semantic technology -- systems for understanding meaning -- as it is a matter of data mining.

As an example of how this search improvement might work, someone searching for "principles of physics" would see related search query suggestions that use the words "physics special relativity," "physics angular momentum," and "quantum mechanics physics," among others.

While IAC's Ask, Microsoft (NSDQ: MSFT)'s Live Search, and Yahoo (NSDQ: YHOO) Search offer related search suggestions for the search "principles of physics," their suggestions cover less conceptual ground and, arguably, are less useful. Live, for example, offers as related search suggestions "laws of physics," "principles of science," "fundamentals of physics," "definition of physics," and "principles of chemistry," among others.

The lengthening of search results snippets for searches with lots of keywords represents an attempt by Google to provide searchers with more context. The goal is to help searchers understand what the pages at the end of search results links are about. Reducing visits to pages that don't really address a query means more satisfied users.

Allon said he couldn't discuss specific metrics that quantify how much these two search improvements affect user happiness, but he said they had indeed helped more Google users find what they're looking for. "We witnessed a significant increase in people who get to a page and stay on the page," he said.

Google was recently criticized by a departing designer, Douglas Bowman, who lamented the company's reliance on data to evaluate design decisions. While Google's dependence on data as a driver of product features may not lead to the most inspired aesthetics, data clearly plays an indispensable role in making Google's search responsive, effective, and innovative.

And Google is likely to keep relying on data as it continues to refine its search technology and other products. "We're doing a pretty good job [with search], but there's a really long way to go," said Allon.


HP Considering Android
As Posted at InformationWeek

The computer maker reportedly may be considering swapping out Microsoft Windows for the Android operating system in some PCs.

Hewlett-Packard (NYSE: HPQ) on Tuesday said it's studying Google (NSDQ: GOOG)'s Android operating system to determine whether it would be useful in PCs and other products, but didn't commit to using the software in any particular device.

HP's comments to InformationWeek came in response to a Wall Street Journal report that said the computer maker is considering swapping Microsoft (NSDQ: MSFT) Windows for Android in some HP mini-laptops, which the industry calls netbooks.

While acknowledging it's studying the OS, a company spokeswoman said HP hadn't committed to using the software in any computer.

"HP is acknowledging that we are studying the Android operating system," the spokeswoman said. "We want to assess the capability that Android may have for the computer and communications industry.

"As to how and when HP might produce any products using the Android OS, we don't comment on any speculation like that."

As the world's largest PC maker, HP's use of Android would be a major boost for the Google-developed OS that's used today in mobile phones. Because Android is open source, any company can download the software at no charge and use it without permission from Google.

Google confirmed that fact Tuesday in calling Android a "free, open source mobile platform" in an e-mail sent following a request for comment by InformationWeek.

"This means that anyone can take the Android platform and add code or download it to create a mobile device without restrictions," a Google spokeswoman said. "The Android smartphone platform was designed from the beginning to scale downward to feature phones and upward to MID [mobile Internet devices] and netbook-style devices."

The use of Android in a netbook isn't new. Asustek Computer said last month that it had dedicated engineers to create an Android mini-notebook, but had not decided whether it would sell it. The system could be completed by the end of the year.

In January, Matthaus Krzykowski and Daniel Hartmann, who run startup Mobile-Facts, compiled Android for an Asustek EEEPC 1000H netbook and got the system running with all the necessary hardware, including graphics, sound, and the wireless card for the Internet. They described their work in an article published by the site VentureBeat.

Netbooks, defined as having screens 10 inches or less and costing less than $500, with many models selling for as little as $300, are the fastest-selling segments of the PC market. While the rest of the market is expected to see a decline in unit sales, global sales of netbooks will grow nearly 80% this year to capture 8% of the total PC sales, according to the latest Gartner forecast.

New Mobile Apps From Yahoo!
As Posted to InformationWeek

Yahoo (NSDQ: YHOO) rolled out its new suite of mobile applications for the iPhone 3G and other handsets Wednesday at the CTIA Wireless trade show.

The Yahoo Messenger app can be downloaded from Apple's App Store, and it enables iPhone and iPod Touch users to send and receive messages, share photos, add contacts, and change status. The Yahoo Mobile app is available for more than 300 handsets with HTML-enabled browsers, and it offers a portal to online content like social networks, news, RSS, and Yahoo-based e-mail.

"Consumers around the globe are demanding compelling mobile Internet services that offer increased personalization," said David Ko, senior VP of Yahoo Mobile, in a statement. "To further capitalize on the market potential and continue our mobile leadership, we created Yahoo Mobile, a dynamic starting point enabling consumers to discover the world around them, stay connected through a variety of communication services, and customize content to define their Internet experience on mobile devices."

It's unclear how big a role the mobile division will play as the company is in the midst of a reorganization under new CEO Carol Bartz, and Microsoft (NSDQ: MSFT) continues to show interest in an acquisition. Marco Boerries, Yahoo's highly visible mobile leader, recently left for personal reasons, but many industry watchers expected the resignation once Bartz was brought on board.

The mobile division has been tough to monetize so far, but the new apps could help as they'll feature display advertising with rich media functions like click-to-call and location-based services. The company may extend this advertising to its Blueprint platform, which enables developers to write an app once and have it run on multiple phones, including Java, Windows Mobile, and Symbian.

Internet Fraud On Rise After 2 Years In Decline
Story Posted at BizNet

Internet crimes continue to steal millions of dollars every year from unsuspecting victims, and new data from the Internet Crime Complaint Center (IC3) shows that the number of complaints was up last year.

The IC3, which is made up of the FBI, the National White Collar Crime Center and the Bureau of Justice Assistance, saw a rise in the number of complaints of Internet fraud last year, after two years of declines.

The U.S. watchdog received 33% more complaints in 2008 than in the previous year. A new report shows a total of 275,284 complaints were received last year, amounting to losses of $265 million.

Non-delivery of goods was the most common complaint, comprising 33% of all received. Auction fraud accounted for just over a quarter of complaints, followed by credit/debit card fraud with 10%.

While the vast majority of complainants suffered financial loss to some degree, the highest dollar amounts lost were to check fraud ($3,000), confidence fraud ($2,000) and a variant of the Nigerian letter fraud scam ($1,650).

The primary channels via which Internet fraud was conducted were email (74%) and websites (28.9%).

These figures may already look grim, but some believe it's just the tip of the iceberg, with many cases of Internet fraud going unreported.

"Our own research suggests that as few as 15% of cases of cyber-fraud are being reported to crime control agencies," said John Kane, managing director of the National White Collar Crime Center and author of the report (.pdf).




Month Of March Sees Rise In Malicious Websites

Story Posted at BizNet
Add Image

Almost 3,000 potentially malicious websites were blocked each day by MessageLabs during March this year. That's almost three times the number blocked during February.


Cyber crooks are changing tactics and focusing their malevolence on web servers and SQL injection attacks, says MessageLabs' senior analyst, Paul Wood. However, the amount of email containing links to malicious sites in March reached the highest level since June last year, up 16.5%.

While the problem is a global concern, the worst affected areas were throughout Asia-Pacific with Australia, Hong Kong, China, India and Japan receiving the highest amount of spam.

Google is pulling and manually removing many .php urls from their index ... to learn more about why .php urls don't rank in google visit this page.

An iconic virus, Melissa, turns 10 years old this year. A decade ago, this virus was credited with being the first to make use of botnets and even today, MessageLabs still encounters about 10 occurrences of the virus each month.

"Melissa was the virus equivalent of the supermodels from the 90's, known by one name and iconic within the industry," said Alex Shipp, senior director at MessageLabs. "This was the first attack of this magnitude and I remember that when the numbers reached the hundreds within the first hour of stopping Melissa, which were significant levels in 1999, we knew the threat landscape had changed evermore."

Since intercepting the virus in March 1999, MessageLabs' Anti-Virus service has stopped 108 different strains and more than 100,000 copies of the virus, claims the company.

Google has also noticed the return to pre-McColo spam rates, saying that spammers have almost fully recovered from the shutdown of the notorious web-hosting firm.