All posts by 007admin

AVG

Who Dares Wins in The Pitch, UK

On Thursday 18th September more than 40 intrepid small business entrepreneurs  – including one  17 year-old – from around the UK assembled in Manchester for the Northern semi-final of The Pitch 2014, the small business competition that this year has AVG as its lead sponsor.   As with the first semi-final in London the event took the form of a Boot Camp during which the competition’s main sponsors provided a series of mentoring workshops designed to help the contestants hone their pitches as they bid to land a coveted place in the Live Final taking place in Bristol on 23rd October.

The AVG workshop – appropriately held in a room called ‘dare’ – centred on overcoming sales objections.  Adapted from the classic objection-rebuttal cycle training that AVG provides to IT partners our workshop was based on the premise that entrepreneurs are great at dreaming up ideas for new products and services but are less confident when it comes to dealing with negative responses to their sales proposition.

Led by Mike Byrne, the workshop taught one or two simple techniques for overcoming common sales objections. People were then split into pairs for a role-playing exercise where they had the chance to practice what they’d learnt.  This format seemed to work very well, never failing to break the ice and fully engage the participants.  This was reflected in the numerous pieces of positive feedback that we received – a good example being this tweet from RecruitPacks.

Then it was time for the main event.  Everyone was given just 90 seconds to step up in front of a room full of judges and rivals, pitch their business idea and make the case why they should be selected to go through to the live final. There was a hugely diverse range of start-ups to choose from.

As lead sponsor and one of the judges AVG has the very difficult task choosing between such a high calibre of entries. Of course, AVG is always interested in eye-catching new ideas – especially in tech -Very occasionally, we take more than a passing interest as the recent acquisition of mobile monetization start-up Location Labs demonstrates.  If you would like to read more on this why not check out Mike Foreman’s recent interview with BusinessZone, published this week, where he talks more about what companies like AVG look for when weighing up prospective acquisitions and what entrepreneurs can expect.

The Boot Camp had a whole spectrum of businesses: everything from e-book stores and games for teaching numeracy; radon detectives and crime scene cleaners ; Twitter-driven advertising concepts and nano technology; and many more besides.  However in one thing Manchester was united. They all shared the same courage and determination. A willingness to push themselves well beyond their personal comfort zones in pursuit of making their business dreams come true.

For some the experience was plainly quite traumatic.  But in conquering their nerves they won the sympathy and support of the whole room.  A place in the live final awaits 30 of the top semi-finalists and a chance to present their pitch to a live audience, a panel of judges that will include Judy Bitterli, as well as investors and supporters.

One final word on Manchester to end on.  There cannot be many other business contests where people who are technically in fierce competition do so much bonding with their peers and provide so much emotional support for each other.  As Dan Martin editor of BusinessZone put it, “There was a lot of love in the room!”

Avast

How to identify the warning signs of work-from-home scams

howto2_enHome-based jobs are attractive to people who are looking to supplement their regular or retirement income, those who want part-time employment, or those who want to save money on child care or gas. Many people have dreams of being entrepreneurs and working independently of traditional businesses. Cybercrooks take advantage of this to create fake offers for work-from-home opportunities.

Sharp-eyed avast! Facebook fan, Timothy B., shared a post that he received for a work-from-home scam.

Facebook work from home scam 1

 

The post says,

Good morning Facebook ready to start my day and start looking for 9 people that are very serious in wanting to change their live around financially who want to be there own boss?who want to work when they want ?who wanna make an extra $500-$2000 every week from home ?who serious enough to take the risk of $40 to change there life around ?yes with $40 you can how? Inbox me for more information

Work-at-home and get-rich-quick schemes have been around for a long time, first appearing in people’s real mailboxes, on TV, and in magazine advertisements. Cybercrooks have created variations of this scam to harvest email addresses and contact lists from Facebook. Social networking makes it easy to create fake profiles and identities quickly.

The grammatically-challenged swindler from Timothy B.’s newsfeed entices potential victims with the ease and flexibility of working from home whenever they want. The message promises big earnings, and all you need to do is make a $40 investment to find out how. This scammer will most likely try to get you to wire money and then collect your personal information.

Warning signs of a work-from-home scam

  • No business name or contact address – No legitimate company will advertise for jobs without stating their name, brand identity and physical contact address.
  • You’re required to pay a fee for additional information. Legitimate employers don’t charge a fee to hire you or to get you started. Don’t send money for directories or start-up kits.
  • Promises of exceptional earnings.
  • Claims that no experience is necessary or resume is required.
  • Asks for personal information like a Social Security or bank account number over the Internet.

How to report a scam

File a report with the Internet Crime Complaint Center – In order to file a report, you’ll need to provide the following information:

  • Your name, mailing address, and telephone number.
  • The name, address, telephone number, and web address, if available, of the individual or organization you believe defrauded you.
  • Specific details on how, why, and when you believe you were defrauded.

Report the company to the Better Business Bureau (BBB) – If you have a company name or web address, use the BBB’s search tool to find out if there have been complaints filed. You can file your own complaint online.

Report spam on Facebook – The best way to report abusive content or spam on Facebook is by using the Report link that appears near the content itself. To report something someone posted on your Timeline:

  1. 1. In the top right of the post, click the down-pointing arrow
  2. 2. Select I don’t like this post
  3. 3. Select I think it shouldn’t be on Facebook and follow the on-screen instructions

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.

Security

TA14-268A: GNU Bourne Again Shell (Bash) ‘Shellshock’ Vulnerability (CVE-2014-6271, CVE-2014-7169)

Original release date: September 25, 2014

Systems Affected

  • GNU Bash through 4.3.
  • Linux, BSD, and UNIX distributions including but not limited to:
    • CentOS 5 through 7
    • Debian
    • Mac OS X
    • Red Hat Enterprise Linux 4 through 7
    • Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS

Overview

A critical vulnerability has been reported in the GNU Bourne Again Shell (Bash), the common command-line shell used in most Linux/UNIX operating systems and Apple’s Mac OS X. The flaw could allow an attacker to remotely execute shell commands by attaching malicious code in environment variables used by the operating system [1]. The United States Department of Homeland Security (DHS) is releasing this Technical Alert to provide further information about the GNU Bash vulnerability.

Description

GNU Bash versions 1.14 through 4.3 contain a flaw that processes commands placed after function definitions in the added environment variable, allowing remote attackers to execute arbitrary code via a crafted environment which enables network-based exploitation. [2, 3]

Critical instances where the vulnerability may be exposed include: [4, 5]

  • Apache HTTP Server using mod_cgi or mod_cgid scripts either written in bash, or spawn subshells.
  • Override or Bypass ForceCommand feature in OpenSSH sshd and limited protection for some Git and Subversion deployments used to restrict shells and allows arbitrary command execution capabilities.
  • Allow arbitrary commands to run on a DHCP client machine, various Daemons and SUID/privileged programs.
  • Exploit servers and other Unix and Linux devices via Web requests, secure shell, telnet sessions, or other programs that use Bash to execute scripts.

Impact

This vulnerability is classified by industry standards as “High” impact with CVSS Impact Subscore 10 and “Low” on complexity, which means it takes little skill to perform. This flaw allows attackers to provide specially crafted environment variables containing arbitrary commands that can be executed on vulnerable systems. It is especially dangerous because of the prevalent use of the Bash shell and its ability to be called by an application in numerous ways.

Solution

Patches have been released to fix this vulnerability by major Linux vendors for affected versions. Solutions for CVE-2014-6271 do not completely resolve the vulnerability. It is advised to install existing patches and pay attention for updated patches to address CVE-2014-7169.

Many UNIX-like operating systems, including Linux distributions, BSD variants, and Apple Mac OS X include Bash and are likely to be affected. Contact your vendor for updated information. A list of vendors can be found in CERT Vulnerability Note VU#252743 [6].

US-CERT recommends system administrators review the vendor patches and the NIST Vulnerability Summary for CVE-2014-7169, to mitigate damage caused by the exploit.

References

Revision History

  • September 25, 2014 – Initial Release

This product is provided subject to this Notification and this Privacy & Use policy.

Panda Security

Have you got an account with Viator? Change your password!

tripadvisor hacked

Viator has been hacked by cyber-crooks who have managed to access users’ bank details. Of the 1.4 million customers, it is still not known how many have been affected by the attack.

The company has confirmed that it has hired IT experts to discover what happened and how the criminals were able to hack the system. Although there are still not too many details about the incident, it has been confirmed that the attack took place between September 2 and 3.

It appears that Viator became aware of the attack through complaints from users about unauthorized payments with the cards they had used on its service.

To prevent further data theft, Viator is asking users to change their account passwords and keep a close eye on their credit card transactions.

More| How to create strong passwords

The post Have you got an account with Viator? Change your password! appeared first on MediaCenter Panda Security.

Security

TOR Virtual Network Tunneling Tool 0.2.4.24

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).