• Your 1st Merchant Account
    Already Have An Account?
    The Opportunity You Have Been Waiting For!

Homeland Security: Don’t Use Internet Explorer Due To Bug

The U.S. Department of Homeland security is advising Americans not to use the Internet Explorer Web browser until a fix is found for a serious security flaw that came to light over the weekend.

The bug was announced on Saturday by FireEye Research Labs, an Internet security software company based in Milpitas, Calif.

"We are currently unaware of a practical solution to this problem," the Department of Homeland Security's United States Computer Emergency Readiness Team said in a post Monday morning.

It recommended that users and administrators "consider employing an alternative Web browser until an official update is available."

Because the hack uses a corrupted Adobe Flash file to attack the victim's computer, users can avoid it by turning off Adobe Flash.

"The attack will not work without Adobe Flash," FireEye said. "Disabling the Flash plugin within IE will prevent the exploit from functioning."

FireEye said that the hackers exploiting the bug are calling their campaign "Operational Clandestine Fox."

Microsoft confirmed Saturday that it is working to fix the code that allows Internet Explorer versions six through 11 to be exploited by the vulnerability. As of Monday morning, no fix had been posted.

About 55% of PC computers run one of those versions of Internet Explorer, according to the technology research firm NetMarketShare.

The bug works by using Adobe Flash to attack a computers memory.

The victim is lured to a website that contains a Flash file that corrupts the victim's computer's memory. This allows the attacker to run a program within Internet Explorer that allows the attacker to take over the victim's computer.

Computer users who are running the Windows XP operating system are out of luck. Microsoft discontinued support of the system on April 8.

Source: USATODAY/Delaware Online

Comments closed

Cash Strapped Mobile Payments Starup Eyes Sale

With losses widening and cash shrinking, representatives of mobile-payments startup Square Inc. have discussed a possible sale to several deeper-pocketed rivals, according to people familiar with the matter.

Google Inc. discussed a possible acquisition of Square earlier this year, according to three people familiar with the matter. Those talks followed a meeting in 2012 between top Google and Square executives to discuss a possible takeover, according to two people familiar with the matter. It isn’t clear whether the talks are continuing.

Square also had informal discussions about a deal with Apple Inc.  and eBay Inc.’s PayPal in the past, according to people familiar with those situations. Those conversations never developed into serious talks.

Square recorded a loss of roughly $100 million in 2013, broader than its loss in 2012, according to two people familiar with the matter.

See also "Small Business Owner Says Square Screwed Him Over"

The five-year-old company paid out roughly $110 million more in cash last year than it took in, according to two people familiar with the matter. Over the past three years, the startup has consumed more than half of the roughly $340 million it has raised from at least four rounds of equity financing since 2009, two people familiar with the company’s performance said.

A spokesman for Square said, “We are not, nor have we ever been in acquisition talks with Google.”

He added, “While we appreciate that Square may be an attractive target for some companies, we have never seriously considered selling to anyone or been in any talks to do so.”

Downtown L.A. as you’ve never seen it

An influx of new residents is changing the face of an oft-overlooked and much-maligned downtown.

A spokesman for Paypal said, “We did not have acquisition talks with Square.”

Square would likely fetch billions of dollars in a sale.

Co-founder and Chief Executive Jack Dorsey is a well-known Silicon Valley entrepreneur with a flair for design. Dorsey also was a co-founder of Twitter Inc. , which conducted an initial public offering of stock in November.

Over the years, the rising profiles of its brand and of Dorsey have helped Square raise money at larger valuations. Square insiders sold shares earlier this year on the secondary market at a price that valued the company at roughly $5.2 billion, according to people familiar with the offering.

An expanded version of this report appears at WSJ.com.

Comments closed

‘Heartbleed bug’ discovered in 2/3 of all websites

A major global security flaw has been discovered in an encryption method used on about two-thirds of all websites, including Google, Amazon, Yahoo and Facebook, potentially exposing web traffic, user data and stored content to cyber criminals.

The “heartbleed bug” was found in the OpenSSL software by a team of security engineers last week, leaving technology companies scrambling to fix their systems before it was announced on Monday night.

There is so far no evidence that a hacker has exploited the flaw, which has made systems vulnerable for up to three years. However, it is paramount that we all take necessary measures in order to ensure the safety of confidential information.

OpenSSL has released an update to repair the flaw and companies must update their software to be safe.

Google said it had fixed the flaw in key Google services and Facebook said it had added protections before the issue was publicly disclosed. Amazon Web Services, whose clients include sites from Netflix to Unilever, said it had applied “mitigations” so customers did not need to act. Yahoo said it had “made the appropriate corrections” to its main properties and was working to fix its other sites.

But even those who fix the software cannot necessarily see if a hacker has already used the vulnerability to access their systems. Netcraft, which monitors what code is used in each site, said more than half a million trusted websites were vulnerable to the bug. Wondering if your favorite sites are vulnerable? Filippo Valsorda, a consultant who specializes in cryptography and security, has created a Heartbleed test tool that you can use to check your favorite websites.

Matthew Prince, chief executive at Cloudflare, a company that provides a security barrier for about 5 per cent of web requests, said it had fixed its encryption after being alerted last week.

“This is very bad and it may be extremely bad,” he said. “This is one of the really bad internet bugs ever.”

Mr Prince warned that the flaw could affect “almost everyone” as the software is used by more than 60 per cent of all websites. He said the flaw could have allowed hackers to read everything in a computer’s memory.

As a consumer, what can I do?


Web server administrators are frantically patching their systems to protect against this vulnerability. However, many are suggesting that it's still very critical that you change absolutely every username/password combo you use on the internet in order to better protect yourself and your information from being vulnerable to cybercriminals. Note that just changing your password does not mean you are now safe. Web server administrators must first correct the Heartbleed within the server to ensure no further information can be leaked.


Although it is unknown at the moment if information was actually taken as a result of this vulnerability, it is extremely important that consumers monitor their payment cards and report any suspicious activity to their banks immediately.


As a business owner, what can I do?


First and foremost get in contact with your IT department and ensure that your servers have not been affected by the Heartbleed or have been patched. Taking any other steps without stopping the bleed will do nothing to protect the confidential information that you have been trusted with by your customers.


Secondly, make your customers aware of the situation. If you maintain a username and password database of customers, require that they change passwords on their next login.


And finally, educate your employees and monitor business transactions to ensure that out of the ordinary transactions are not processed without further investigation. For example, if you usually do not receive orders over $2,000 and one comes in for $7,000 then you should contact the issuing bank of the card to ensure the funds are available and the cardholder is the one facilitating the transaction. If you are an e-commerce business and cannot view the back of the physical credit card, contact your merchant services provider and they will obtain the information for you.


Is there a bright side to all this?


For those service providers who are affected this is a good opportunity to upgrade security strength of the secret keys used. A lot of software gets updates which otherwise would have not been urgent. Although this is painful for the security community, we can be rest assured that infrastructure of the cyber criminals and their secrets have been exposed as well.



Comments closed
  • We’re Hiring!

    We're looking for agents all across the United States! If upfront and honest merchant services sales is where you want to be, let us take you there. We offer true residual splits, sales incentives, in-house customer service and true honesty. Contact our Sales Manager today at ext. 117!