Insight: US may face a ‘lost decade’

January 15th, 2009

Financial Times
By Stephen Roach
Published: January 13 2009 17:08 | Last updated: January 13 2009 17:08
No one in their right mind thinks the United States could fall victim to a Japanese-like lost decade. After all, the argument goes, US policymakers have the advantage of knowing what their counterparts in Japan did wrong.

If only it were that simple. For starters, the parallels between crises in the two economies are striking. Both suffered from the bursting of two major bubbles – property and equity in the case of Japan and property and credit in the US. Both had broken financial systems stemming from egregious risk management blunders. Both were victimised by a reckless lack of oversight – regulatory failures, misdirected rating agencies, and central banks that ignored asset bubbles. And the twin bubbles ended up infecting the real side of both economies – the corporate sector in Japan and the consumer sector in the US.

Tags: , ,
Posted in Uncategorized | No Comments »

Is your company keeping information secure?

January 15th, 2009

Federal Trade Commission

Are you taking steps to protect personal information? Safeguarding sensitive data in your files and on your computers is just plain good business. After all, if that information falls into the wrong hands, it can lead to fraud or identity theft. A sound data security plan is built on five key principles:

Take stock. Know what personal information you have in your files and on your computers.
Scale down. Keep only what you need for your business.
Lock it. Protect the information in your care.
Pitch it. Properly dispose of what you no longer need.
Plan ahead. Create a plan to respond to security incidents.

Tags: , ,
Posted in Uncategorized | No Comments »

Protect Your Computer

January 15th, 2009

Microsoft
Microsoft Security

4 steps to protect your computer

Step 1. Keep your firewall turned on
What is a firewall?

A firewall helps protect your computer from hackers who might try to delete information, crash your computer, or even steal your passwords or credit card numbers. Make sure your firewall is always turned on.

• How to turn on your firewall

• How to choose a firewall

• Learn more about firewalls for your operating system

——————————————————————————–

Step 2. Keep your operating system up-to-date
What are operating system updates?

High priority updates are critical to the security and reliability of your computer. They offer the latest protection against malicious online activities. Microsoft provides new updates, as necessary, on the second Tuesday of the month.

• How to update your operating system

• Microsoft security updates: Frequently asked questions

• Learn about using Microsoft Update

• Go to Microsoft Update

——————————————————————————–

Step 3. Use updated antivirus software
What is antivirus software?

Viruses and spyware are two kinds of usually malicious software that you need to protect your computer against. You need antivirus technology to help prevent viruses, and you need to keep it regularly updated.

• How to get antivirus software

• Get regular antivirus scanning with Windows Live OneCare

• Get a free safety scan

• Learn about viruses

• Learn more about virus protection for your operating system

——————————————————————————–

Step 4. Use updated antispyware technology
What is antispyware software?

Viruses and spyware are two kinds of usually malicious software that you need to protect your computer against. You need antispyware technology to help prevent spyware, and you need to keep it regularly updated.

• Get antispyware technology

• Use Windows Defender, free antispyware for Windows XP SP2

• Learn about spyware

• Learn more about spyware protection for your operating system

Tags: , , ,
Posted in Uncategorized | No Comments »

New in-session phishing attack could fool experienced users

January 14th, 2009

By Joel Hruska | Published: January 13, 2009 - 11:15AM CT

Another year, another form of phishing. This one, I have to admit, is pretty good in terms of potentially fooling a user. Unlike most phishing attack vectors, it doesn’t rely on the victim being ignorant and/or moronic. The new technique has been dubbed “in-session” phishing and it stays out of your e-mail altogether.

Related StoriesStudy: PEBKAC still a serious problem when it comes to PC security
Twishing attacks steal data in 140 characters or less
Report: Many evils lurk in the “dark corners” of the Internet
Google opens up malware blacklist API
Security researchers with Trusteer have published a report (PDF) on this new type of phishing along with a suitably vague description of how the attack works. As its name implies, in-session phishing requires that the victim first log into a secure website; Trusteer uses an online bank site as one example of a tasty target.

Here’s how the attack works: A user legitimately logs into his bank, authenticates, and then does whatever he logged in to do. Once finished, he opens another browser tab (or browser window) and leaves the bank website open. Shortly thereafter, he encounters a website that has been injected with the malicious code in question. Once run, the malware creates a pop-up (supposedly from the bank or secure site that’s still open in another tab or window. The “authentic” pop-up prompts the user to enter his login credentials again in order to resume the session. Trusteer notes that the attack could be used to present different types of lures including online surveys or mini-flash games (punch the Yeti, enter your personal data, and win a free Llama!).

In order for the attack to function, Trusteer states that two conditions must be met. First, a website must be compromised and infected—the higher traffic the better, obviously. Secondly, the downloaded malware must be able to identify whether or not the unknowing carrier is logged into a relevant website. Trusteer does not state how long the window of opportunity is open for this particular attack to execute, but does note that the malware infection is temporary.

Trusteer explains how the bug works. It is present in the JavaScript engine used by popular browsers like IE, Firefox, and Safari, as well as Chrome, and allows a site to determine whether a user is also logged into another site.

The source of the vulnerability is a specific JavaScript function. When this function is called it leaves a temporary footprint on the computer and any other website can identify this footprint. Websites that use this function in a certain way are traceable. Many websites, including financial institutions, online retailers, social networking websites, gaming, and gambling websites use this function and can be traced.

The researchers recommend that users and companies deploy appropriate web security tools (which the company happens to sell), immediately log out of any secure sites once you’ve finished your tasks (good advice), and to be extremely wary of pop-ups that randomly drop in if you haven’t clicked anything.

The JavaScript vulnerability that Trusteer has discovered obviously needs patching, but in-session phishing doesn’t appear to be a major threat. In order to function successfully, the malware requires that a user have simultaneous browser windows open to both a login/secure site and an infected site, and that the secure site is on the malware’s pregenerated list of targets. There are some rather simple ways for banks and other targeted institutions to fight back; options include rapid disconnects if a user becomes idle and prominent notifications of the company’s login policy.

Many companies (Blizzard and AOL come to mind) prominently and repeatedly inform customers that neither the company nor its representatives will ever, ever, ask a user to disclose their password. A similar warning against in-session phishing might state that the company will never ask users to log in via a pop-up or any third-party service. Between currently available solutions and inevitable patches, I think in-session phishing is going to find its nets mostly empty.

Tags: , , ,
Posted in Uncategorized | No Comments »

Business Week News Headlines

January 14th, 2009

What Yahoo Needs from Bartz Right Now
Nortel Files for Bankruptcy
Retail Sales Fall Off a Cliff
Citigroup: Let the Breakup Begin
Luxury Car Sales Keep Skidding

Tags: ,
Posted in Uncategorized | No Comments »

Online Verification: Who Can You Trust in the Virtual World?

January 14th, 2009

BusinessWeek reader and full-time law student Stephanie Dube writes that the Web offers free tools to help identify and thwart potential scammers
By Stephanie Dube

Plano (Tex.)-based BusinessWeek.com reader Stephanie Dube is full-time law student and freelance writer. You can find out more about her at www.StephanieDube.com/Twitter.

Kaylee was struggling. Diagnosed with a heart condition and cancer, she was scared. So she started a blog. Soon, people across the country answered her plea, writing notes of encouragement and even trying to mail her care packages. One night, she wrote a supporter. “I’m overwhelmed right now. I’m dying.”

Brief interactions evolved into late-night, long-hour conversations. But things only got worse. And that was the problem.

In early December 2008, Kaylee added a new blog entry titled, “Coming Clean.” She didn’t have cancer. She had never been sick. In a move eerily reminiscent of the fake “Kaycee Nicole” of 2001, “Kaylee” revealed to her numerous followers that she had been lying for two years.

The news was a blow, but there had been signs. In fact, whenever anyone is revealed as an imposter, you can almost always look back and find signs.

Are You Real?
How do you know if someone online is genuine? Sometimes it’s pretty transparent. We’ve all received messages about magic bank accounts filled with rivers of cash. One of my favorites was an e-mail from a supposed FBI agent. He requested that I send money to prove I wasn’t a terrorist. (I’ve got to admit, that was pretty creative.) I also fondly remember an e-mail from “David Palmer” of the show 24. He needed money, too, because apparently TV characters are real. I’m still waiting for a message from Jack Bauer.

Alfred Adler, a psychologist who collaborated with Sigmund Freud, said: “Trust only movement. Life happens at the level of events, not of words. Trust movement.” The philosophy transfers to the online world quite well. Don’t just trust words, authenticate them. This is especially vital when the communication involves your business. You can verify someone in two ways: through technology and observation. The technical side can often be faked, but a scammer will always give off a psychological “tell.”

Technical Authentication
Here are a few tools, available free on the Web, that will help you identify who’s for real and who’s surreal (and likely up to no good, at your expense):

Run Internet background checks. Google (GOOG) is your friend. Use the popular search engine to look up a contact’s e-mail address. Is the first part used as an alias? If your contact has a Web site, run a search on it. Visit Who Is Domain Tools to see who owns the site and when it was launched. Finally, plug your contact’s phone number into Who Called Us to see if he has been identified as a scammer.

Trace the e-mail. You can use an e-mail’s header to find the sender’s location. What Is My IP Address works great for this. You’d be amazed how many times I’ve found that an e-mail came from Nigeria! This method isn’t foolproof, though. Many scammers use proxies to hide their location.

Check Web statistics. Most people have a Web tracker on their blog or site (I like StatCounter.) If a new contact says he found your Web site through a search, check your Web stats to see if a visitor from his IP address really was referred in that way.

Psychological Tells
Identifying scammers is like calling a bluff in poker. Technical observation isn’t enough. Look for subtle behavior changes that give away a person’s real intentions.

Think about whether he or she is being consistent. Creating a fake persona takes a lot of work, so pay attention to details. If the contact should be in surgery, was she online instead? Also, is the tone a little too urgent, too desperate? Fake personas create situations that demand (your) immediate attention.

As your mom no doubt always told you, trust your gut instincts. Does your new contact sound too good to be true? Is her photo too perfect? Many scammers steal photos from modeling Web sites and stories from fairy tales.

The hallmark of many fake personas is drama. The craziest things keep happening—over and over and over. Sometimes, you’re the only person in the world who can help—or so you’re told.

Finally, emotional scammers crave attention. Does he come up with a new problem when you try to end a conversation? Scammers will not respect your boundaries. Watch for signs that he is keeping an eye on you, as if you’re a fish on a line that he doesn’t want to get away.

All of this was driven home to me during the first week of this new year, when a woman on Twitter learned the hard way that people online are quite unpredictable. After a particularly rough night putting her daughter to bed, the frustrated mom “tweeted” that she wanted to smother her child so she would fall asleep. Later that night, there was a knock on her door. One of her followers had reported her to the police.

It’s best to not just be authentic, but wisely authentic. Watch who you interact with and what you say online. You never know who’s listening.

Stephanie Dube is a full-time law student and freelance writer based in Plano, Tex. You can find out more about her at www.StephanieDube.com/Twitter.

Tags: , , ,
Posted in Uncategorized | No Comments »

Pennsylvania’s Energy Independence: Protecting Consumers, Growing the Economy, Strengthening National Security

January 14th, 2009

January 14, 2009

Harrisburg, PA — At a time when consumers are struggling to manage volatile energy costs and America’s national security is jeopardized by its continuing dependence on foreign oil, Pennsylvania is investing $665.9 million to spur the development of alternative and renewable energy sources and help families and small business conserve energy and use it more efficiently.

The $650 million Alternative Energy Investment Fund and the nearly $16 million Alternative Fuels Investment Fund include $237.5 million specifically targeted toward helping consumers conserve electricity and manage higher energy prices, and $428.4 million to spur the development of alternative energy resources and create good-paying, skilled jobs for Pennsylvania’s hard-working men and women.

The package includes incentives to help households and small businesses take advantage of solar energy technology – a key resource for reducing electricity demand during times of peak demand when rates are most expensive – and make improvements to their homes or buildings that conserve energy.

Tags: , ,
Posted in Uncategorized | No Comments »

NEW INVESTMENTS IN ENERGY EFFICIENCY WILL HELP SMALL BUSINESSES CONTROL ENERGY COSTS, SOLIDIFY FINANCIAL FOUNDATION

January 14th, 2009

January 12, 2009 — Harrisburg, PA
COMMONWEALTH OF PENNSYLVANIA Dept. of Environmental Protection

YORK HAVEN – Pennsylvania’s small businesses can cut costs by improving their energy efficiency through the state’s recently created Alternative Energy Investment Fund, acting Environmental Protection Secretary John Hanger said today.
Hanger announced the opening of the $3 million Small Business Energy Efficiency Grant Program—the first program available through the $650 million fund signed into law by Governor Edward G. Rendell last July.

Hanger noted that small businesses that work to improve energy efficiency today will be better positioned to compete down the road.

“Small businesses need to cut their costs now more than ever,” said Hanger. “Firms that commit to using energy wisely will be able to weather the current economic uncertainty, enhance their competitiveness, and be better prepared to manage rising electric rates.

“The Small Business Energy Efficiency Grants, and other programs through the Alternative Energy Investment Fund that will be announced in coming months, are part of Governor Rendell’s commitment to create good jobs, secure our energy independence, and foster a cleaner environment.”

Hanger unveiled the new grant program at Die-Tech Inc., a precision metal stamping company that is evaluating energy-efficiency upgrades to its heating and cooling system.

To qualify for a Small Business Energy Efficiency grant, projects must save at least 20 percent of the applicant’s annual energy costs and at least $1,000 a year in energy costs. The grants will provide up to 25 percent of project costs, with a maximum grant of $25,000.

Beginning today, applications are available at www.depweb.state.pa.us, keyword: Small Business Energy Efficiency Grant Program. Applications will also be available by contacting the Department of Environmental Protection, Office of Energy and Technology Deployment, 15th Floor, Rachel Carson State Office Building, 400 Market St., P. O. Box 8772, Harrisburg, PA 17105-8772. Applications can also be obtained by calling (717) 783-8411 or e-mailing ra-sbgrants@state.pa.us.

Applications must be received by May 1. Grants will be awarded to eligible applicants on a first-come, first-served basis until the $3 million in available funds are depleted.

Grants will apply to energy efficiency improvements on systems such as lighting, heating, cooling, refrigeration and process machinery, as well as building insulation and weatherization improvement projects.

Only project costs incurred today and in the future are eligible for funding.

An eligible applicant must be an independent, for-profit small business with 100 employees or fewer whose business or facility is located within Pennsylvania. Examples of small businesses in Pennsylvania that are eligible include manufacturers, retailers, service providers, mining businesses and agricultural operations. The Alternative Energy Investment Fund will make $650 million in new capital available to enable Pennsylvania to compete more effectively in the global clean energy economy, with more than $237 million targeted toward helping families and small businesses conserve electricity and manage higher energy prices.

Other Alternative Energy Investment Fund programs are now in development. Of the $650 million fund, $500 million will be provided through bond financing through the Commonwealth Financing Authority. The highly anticipated Pennsylvania Sunshine Program that will provide up to 35 percent of the costs for residential and small business solar energy projects will be available once the bond is issued.

A Residential Energy Efficiency Loan and Rebate Program is expected to be available in the near future. The residential and small business energy efficiency programs will work in conjunction with energy conservation measures that are part of Act 129, another cornerstone of Governor Rendell’s original Energy Independence Strategy.

Act 129, signed by Governor Rendell in October, requires utilities to adopt and implement cost-effective plans to cut electricity use 1 percent by 2011 and 3 percent by 2013. Utilities must also implement plans to cut energy use 4.5 percent during peak demand periods when market prices are highest — typically the hottest days of summer and the coldest days of winter— by 2013.

“By reducing demand for electricity through energy efficiency and conservation, and by increasing the supply of clean energy, we will be able to help hold down the market prices for electricity,” Hanger said. “Act 129 alone will save energy consumers $500 million over the next five years and up to $800 million annually beginning in 2013. These savings, along with recent declines in fuel costs, if sustained, will likely moderate the expected cost increases when rate caps expire statewide at the end of 2010. “However, we must do more to alleviate what will be a significant hardship for our businesses and families,” said Hanger. “Policies to mitigate further rate increases remain necessary and Governor Rendell has repeatedly urged members of the General Assembly to make this one of their first orders of business in 2009.”

For more information, visit www.state.pa.us, keyword: Small Business Energy Efficiency Grants Program.

Tags: , , ,
Posted in Uncategorized | No Comments »

Ambler Main Street Green Committee Seeks Input

January 14th, 2009

January 14, 2009 — Ambler, PA

Ambler is committed to green initiatives and earth-friendly practices.  In 2005, Mayors of the United States endorsed a climate protection agreement. Included in the agreement was a pledge to help educate the public on reducing global warming pollution. A website has been established to help fulfill the pledge at http://philanet.com/green/

Ambler’s Green Committee is looking for local feedback in two different areas:

1) Please contact us if you are familiar with any bike trails, preferred bicycling routes or location of bicycle racks in and around the borough.
http://philanet.com/green/bike_trails.html

2) Please nominate a business for a Green Ribbon & Gold Star award.  Nominations are considered for any commercial, municipal or educational facility that demonstrates earth friendly practices.
http://philanet.com/green/notes/green_award.html

Tags: , , ,
Posted in Uncategorized | No Comments »

The National Center for Complementary and Alternative Medicine

January 14th, 2009

http://nccam.nih.gov/
Delaware Valley Health And Wellness Network

The National Center for Complementary and Alternative Medicine (NCCAM) is the Federal Government’s lead agency for scientific research on complementary and alternative medicine (CAM). We are 1 of the 27 institutes and centers that make up the National Institutes of Health (NIH) within the U.S. Department of Health and Human Services.

Our Mission
The mission of NCCAM is to:

Explore complementary and alternative healing practices in the context of rigorous science.
Train complementary and alternative medicine researchers.
Disseminate authoritative information to the public and professionals.
What We Do
NCCAM sponsors and conducts research using scientific methods and advanced technologies to study CAM. CAM is a group of diverse medical and health care systems, practices, and products that are not presently considered to be part of conventional medicine.

NCCAM has four primary areas of focus:

Advancing scientific research
We have funded more than 1,200 research projects at scientific institutions across the United States and around the world.
Training CAM researchers
We support training for new researchers as well as encourage experienced researchers to study CAM.
Sharing news and information
We provide timely and accurate information about CAM research in many ways, such as through our Web site, our information clearinghouse, fact sheets, Distinguished Lecture Series, continuing medical education programs, and publication databases.
Supporting integration of proven CAM therapies
Our research helps the public and health professionals understand which CAM therapies have been proven to be safe and effective.

Tags: , ,
Posted in Uncategorized | No Comments »

« Older Entries
Newer Entries »