RSS

Author Archives: steve@bayintegratedmarketing.com

About steve@bayintegratedmarketing.com

Steve Ulrich is a principal at Bay Integrated Marketing: www.bayintegratedmarketing.com. I have been working with people to maximize their use of social media and internet publishing, optimize their websites to turn prospects into customers, and establish their personal brand on the internet. We are also working with Eco Distribution, Inc. to find and implement practical solutions to help clean up our air and the environment. Eco Distribution, Inc. is a California based Distributor and Representative Firm dealing in environmentally friendly and Green solutions. We have leveraged 30 years experience in responsible construction management to provide solutions for some of the most impactful challenges facing our air, water, and land. We have an oil/hydrocarbon remediation system that is effective on everything from simple oil stains on a driveway, to complex oil disasters in the ocean. My approach to social media and internet marketing is simple. Instead of spending a fortune “buying” keywords and ads that don’t return anything we concentrate on three areas: I CAN GET YOU FOUND ON LINKEDIN - NUMBER ONE, PAGE ONE.

A Business World Massacre – What Can Happen When Government Needs a Scapegoat

subcommittee-oversight-and-investigations-committee-energy-aBy: Larry Katzen -
It remains one of the greatest travesties in the history of American business: In 2001, the 85,000 employees of one of the world’s largest accounting firms began losing their jobs in droves. Their employer had become tainted by its loose association with Enron Corp., a financial house of cards that was imploding and taking with it billions of dollars in employee pensions and shareholder investments.
In 2002, accounting firm Arthur Andersen was convicted of charges related to Enron’s fraudulent practices. The charges had nothing to do with the quality of their auditing – or any of Enron’s illicit practices. The conviction was appealed, and in 2005, the U.S. Supreme Court struck it down in a unanimous vote. But the damage had already been done.
To date, despite millions of records being subpoenaed, there is no evidence Arthur Andersen ever did anything wrong. Still, perceptions are everything: Most people are not aware that the accounting firm, which led the industry in establishing strict, high standards, became a government scapegoat.
When I speak to groups across the country, I ask the following questions. Below are the typical responses I receive – and the actual facts.
1. What do you remember about Arthur Andersen?
Typical Response: They were the ones that helped facilitate the Enron fraud. They deserved what they got.
Fact: Arthur Andersen was the largest and most prestigious firm in the country. It was considered the gold standard of the accounting profession by the business community.
2. For what was Arthur Andersen indicted?
Typical Response: They messed up the audit of Enron and signed off on false financial statements.
Fact: They were indicted for shredding documents. These documents were drafts and other items that do not support the final product. All accounting firms establish policies for routinely shredding such documents.
3. How long was it between the Enron blowup and when Arthur Andersen went out of business?
Typical Response: One to three years.
Fact: The largest accounting firm in the world was gone in 90 days.
4. Was the indictment upheld?
Typical Response: Yes, that is why they went out of business.
Fact: No. The Supreme Court overruled the lower court in a 9-0 decision, and came to the conclusion within weeks, making it one of their quickest decisions ever.
5. How many people lost their jobs as a result of the false accusations?
Typical Response: Have no idea, but the partners got what they deserved.
Fact: Eighty-five thousand people lost their jobs and only a few thousand were partners. Most were staff people and clericals who made modest sums of money.
6. Who benefited from Arthur Andersen going out of business?
Typical Response: Everyone – we finally got rid of those crooks and made a statement to the rest of business to operate ethically.
Facts: It was not the Arthur Andersen people; they lost their jobs. It was not the clients; they had to go through the stress and expense of finding a new auditing firm. It was not the business world in general: It now has fewer firms from which to choose and rates increased. It was their competitors who benefited– they got Andersen’s best people and clients and were able to increase their rates and profitability.
7. What accounting firms now have ex Arthur Andersen partners playing leadership roles in their firms?
Typical Response: None
Facts: The “big four,” all the large middle-tier firms and many small firms have former Arthur Andersen partners in leadership positions. Finally, many members of the new Public Accounting oversight Board (PCAOB), which oversees these firms, now have former Arthur Andersen people involved in reviewing the quality of these firms.
About Larry Katzen
Larry Katzen, author of “And You Thought Accountants were Boring – My Life Inside Arthur Andersen,” (www.LarryRKatzen.com), worked at Arthur Andersen from 1967 to 2002, quickly rising through the ranks to become a partner at age 30. His new memoir details the government’s unjust persecution of a company known for maintaining the highest standards.

 

Tags: , , , , , ,

I dare you to watch this without crying at least a few tears of joy!!!

 

Tags: , , , , , , , , , , , , , , , , , , , , , , ,

Mount Everest avalanche leaves at least 12 Nepalese climbers dead

Three others injured and seven missing after avalanche caught work party as they prepared route for fee-paying western climbers
Everest base camp, with Buddhist prayer flags in the foreground

Everest base camp, with Buddhist prayer flags in the foreground. Police officials said the group was 25-strong and only three had so far been rescued from the mountain. Photograph: Laurence Tan/Reuters

An avalanche on Mount Everest early on Friday has killed at least 12 local climbers and left several others injured in what is likely to prove one of the most lethal accidents in recent history on the world’s highest peak.

Officials said 12 bodies had so far been recovered and ferried to base camp, while a further three injured climbers were being taken to Kathmandu. As many as four climbers are still thought to be missing.

An injured survivor told his relatives that the path up the mountain was unstable just before the avalanche. As soon as the avalanche hit, rescuers and climbers rushed to help.

Reports suggest a massive avalanche low on the 29,000ft (8,848m) mountain caught a work party of local sherpas as they prepared the classic South Col route – followed by the peak’s first ascensionists in 1953 – for fee-paying western climbers.

Sherpa guides had gone early in the morning to fix the ropes which will guide and safeguard hundreds of climbers, when the avalanche hit them. Reports said the accident had occurred between base camp and Camp 1 in the chaotic and extremely dangerous ice fall. The ice fall is composed of a steep glacier which fractures as it slides over cliffs, forming massive crevasses, and sherpas have to find and maintain a new route through every year.

Tourism ministry spokesman Mohan Krishna Sapkota said the climbers were all Nepalese and were preparing the route to the summit ahead of the summer climbing season which kicks off later this month.

“The sherpa guides were carrying up equipment and other necessities for climbers, when the disaster happened,” Sapkota said.

Base camp is currently crowded as peak climbing season on Everest approaches. A weather window in May allows the greatest chance of success on the mountain.

In recent years there has been growing controversy over the pay, conditions and safety of the local men hired for the risky job of securing the route on the mountain to allow largely western climbers on commercial expeditions charging up to $50,000 (£30,000) to reach the upper slopes of the mountain in relative security.

The Kathmandu-based climbing company Himalayan Climbing GuidesNepal confirmed that two of its guides were among the dead and four were missing.

“Six climbing guides from our company were taking up tents and supplies … two have been found dead and rescue teams are searching for the remaining four,” manager Umid Bhandari told AFP.

Eight people died on Everest last year, including one of the best-known and experienced local sherpa guides who was killed in the ice fall.

The accident will once again raise fears that the mountain is too crowded. Nepalese authorities have introduced a series of measures to reduce the number of climbers on the peak.

Last year more than 500 climbers reached the summit of Everest. On 19 May around 150 climbed the last 915m to the peak within hours of each other, causing lengthy delays as mountaineers queued to descend or ascend harder sections.

Officials have cut mountaineering fees for many other peaks while requiring each climber scaling Everest to bring back 8kg (17.6lbs) of rubbish in an attempt to clean up the “roof of the world”.

Last year officials floated the idea of installing a ladder on the famous Hillary Step, a crucial stretch of technical climbing at nearly 8,840m (29,000ft) on Everest, named after its first climber, Sir Edmund Hillary.

Though such innovations are anathema to many purist climbers, some sherpas welcome them. Entire communities in the otherwise poor Khumbu region of Nepal depend on the mountaineering industry for their livelihoods.

Relations between international climbers and sherpa guides working on the mountain are not always good. Authorities have also stationed soldiers and police at Everest base camp following a brawl between commercial climbers and Nepalese guides last year.

 

Tags: , , , , , ,

Microsoft Abandons Windows 8.1: Take Immediate Action Or Be Cut Off Like Windows XP

P Photo/RichaHit: Windows XP (2001)

Microsoft MSFT +0.43% has been on a roll lately. Office for iOS (and soon Android), free Windows licenses for small devices, universal Windows and Windows Phone apps, Siri rival Cortana, even a promise to eventually return the start menu before Windows 9. But when it comes to Windows 8, it seems the company has a permanently loaded pistol aimed squarely at its feet.

So it fits that just one week on from the launch of ‘Windows 8.1 Update 1’ (the smart upgrade mouse and keyboard users have long awaited) stupidity would strike once again.

“Windows 8.1 Update is a cumulative update to Windows 8.1,” said Microsoft Senior Product Marketing Manager Ben Hunter in an apparently innocuous blog post aimed at IT professionals. Then came the clanger: “It also becomes the new servicing baseline for Windows 8.1, so next month’s security updates (on May 13th, the next ‘Patch Tuesday’) will be dependent on Windows 8.1 Update.”

In English: Windows 8.1 will no longer receive security updates after 13 May. This is your 4 week countdown warning.

1

For many it is no big deal. Just update and be quick about it. But for anyone who chooses not to install every Microsoft update the moment it appears, like mainstream users or – let me think – most businesses around the world… it is another matter entirely.

So come 13 May Microsoft will issue security patches that detail flaws they are fixing and those flaws will be left unpatched for all Windows 8.1 users. A nightmare scenario. It is also the same scenario Windows XP users now face after Microsoft cut off security updates this month, a generous 13 years after its initial release. Come 13 May Windows 8.1 will be 8 months old.

An argument could be made that Microsoft is merely determined to keep all its users up to date. That argument is somewhat undermined by the fact users still on Windows 8 will keep receiving security patches until January 2016.

Furthermore Microsoft’s decision has terrible timing. It is announced against the backdrop of Heartbleed, a security bug which this month exposed user details on 17% of the world’s supposedly secure web servers. Heartbleed has hit headlines around the globe and made users paranoid about security. Microsoft could not see it coming, but in refusing to give Windows 8.1 users more time in its wake the company looks antagonistic.

2

It gets worse because Microsoft recognises Windows 8.1 Update 1 has problems. In a TechNet post Senior Microsoft Consultant Steve Thomas confirms there is “an issue regarding Windows 8.1 Update preventing interaction with WSUS 3.2 over SSL connections” and until it is fixed the deployment of Update 1 will be suspended to affected machines.

For affected users who have already downloaded Windows 8.1 Update 1 Thomas says “we recommend that you suspend deployment of this update in your organization until we release the update that resolves this issue.”

Yes, Microsoft faces a race against time entirely of its own making. It is a no win situation. Even if Microsoft issues a fix before 13 May every day spent is a day less for administrators to check for compatibility issues and apply Update 1 across all their Windows 8.1 machines.

And yet perhaps the most frustrating aspect to all of this is Windows 8.1 Update 1 is a great update. In fact it is arguably the best and most important update Windows 8 has received.

3

Amongst other things Update 1 intelligently boots users without touchscreens to the desktop by default and uses desktop apps by default, it reduces the sensitivity of hot corners, highlights newly installed apps and dramatically improves the Modern UI for keyboard and mouse users. It also cuts its install size in half (from 32GB to 16GB) on SSDs, runs faster on slower hardware and drops minimum memory requirements from 2GB to 1GB of RAM. The end result is a darn good operating system.

Cynics will quite rightly point out it is the OS which Microsoft should have released from day one, but nevertheless Windows 8 is now starting to realise the company’s lofty ambitions.

All of which has probably come too late. Love or loathe Windows 8, it has been a sales flop. It changed too much too soon, alienated large numbers of users and ever since Microsoft has fought to restore confidence. Windows 8.1 Update 1 looked to be the incarnation to do it, but in needlessly condemning Windows 8.1 to the same fate as 13 year old Windows XP it has all but confirmed its latest OS will never be remembered with the same fondness.

 

Tags: , , , , , ,

5 Common Causes of Prevalent Tax Mistakes

taxes_(2)Whether you’ve filed for an extension on your taxes this year, or have waited until the last minute to complete paperwork, or want a better strategy for the future, chances are you could be doing a better job throughout the year to save on income taxes, says seasoned investment advisor Paul Taylor, a member of the National Ethics Bureau.

Forty-nine percent of Americans think they personally pay more than their fair share in taxes, according to 2013 Rasmussen reports.

“Come tax time, many of the other half could be doing more to legally and strategically save money,” says Taylor, an architect-turned-founder and owner of Capital Advisory Group & Tax Planners of Lake Norman and Capital Investment Advisors, Inc, (www.CapitalAdvGroup.com).

He cites mistakes that many taxpayers are liable to make now and in future years.

• Not knowing which tax deductions are available. Tax reform measures are enacted frequently by Congress, which makes it hard for U.S. taxpayers to know which deductions are currently available for maximizing savings. One of the most overlooked deductions is state and local sales taxes. Taxpayers may be able to take deductions for student-loan interest, out-of-pocket charitable contributions, moving expenses to take a first job, the child care tax credit, new points on home refinancing, health insurance premiums, home mortgage interest, tax-preparation services and contributions to a traditional IRA.

• Misunderstanding deduction value for medical expenses. The Affordable Care Act has altered the guidelines for tax-deductible medical expenses. Effective Jan. 1, 2013, the new policy increased the threshold for the itemized deduction for unreimbursed medical expenses from 7.5 percent of adjusted gross income to 10 percent of adjusted gross income for regular tax purposes. The increase is waived for individuals age 65 and older for tax years 2013 through 2016.

• Confusing when taxes must be paid on IRA and employer-sponsored retirement funds. Traditional IRAs and most employer-sponsored retirement plans are tax-deferred accounts, which mean they are typically funded with pre-tax or tax-deductible dollars. As a result, taxes are not payable until funds are withdrawn. Exceptions are the Roth IRA and the Roth 401(k) and Roth 403(b). Roth accounts are funded with after-tax dollars. That’s why qualified distributions – after age 59½ and the five-year holding requirement has been met – are free of federal income tax.

• Overlooking tax-advantaged investments. Tax-advantaged investments can include real estate partnerships, oil and gas partnerships and suitability, which refers to how appropriate an investment may or may not be to an investor. Two of the most common types of real estate partnerships, for example, are low-income housing and historic rehabilitation. The federal government grants tax credits to those who construct or rehabilitate low-income housing or who invest in the rehabilitation or preservation of historic structures.

• Uncertainty when accounting for gift taxes. The federal gift tax applies to gifts of property or money while the donor is living. The federal estate tax, on the other hand, applies to property conveyed to others, with the exception of a spouse, after a person’s death. There are several exceptions to gift taxes, including gifts of tuition or medical expenses that you pay directly to a medical or educational institution for someone else, gifts to a spouse who is a U.S. citizen, gifts to a qualified charitable organization and gifts to a political organization.

About Paul Taylor

Paul Taylor is the founder and owner of Capital Advisory Group & Tax Planners of Lake Norman and Capital Investment Advisors, Inc. Taylor, a fully licensed investment advisor, has more than 20 years of experience in the industry and is committed to providing personalized service to those he serves. Since 2007, he has been a member of the National Ethics Bureau, which acknowledges individuals who prove they are committed to upholding the highest ethical standards in their practices.

 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

THE INTERNET’S TELLTALE HEARTBLEED

By Rusty Foster -

foster-Heartbleed.jpg

The cryptography expert Bruce Schneier, who has been writing about computer security for more than fifteen years, is not given to panic or hyperbole. So when he writes, of the “catastrophic bug” known as Heartbleed, “On the scale of 1 to 10, this is an 11,” it’s safe to conclude that the Internet has a serious problem. The bug, which was announced on Tuesday—complete with an explanatory Web site and a bleeding-heart logo—is a vulnerability in a widely used piece of encryption software called OpenSSL.

Heartbleed is as bad as it is possible for a security flaw to be. It can be easily exploited by anyone on the Internet without leaving a trace, and it can be used to obtain login names, passwords, credit-card information, and even the keys that keep our encrypted communications safe from eavesdroppers. The bug first appeared in OpenSSL code that was released in March, 2012—so the vulnerability has been open to exploitation for more than two years. The Internet-security firm Netcraft reported that up to five hundred thousand sites thought to be secure were, in fact, vulnerable—including Twitter *, Yahoo, Tumblr, and Dropbox.

When you log on to a secure Web site—your bank’s, for example—you see a green-padlock icon at the top of your browser window, which confirms that your connection is secure. In order for browsers to communicate securely with servers, there is a standard set of steps that both sides must perform to create, and to maintain, that secure connection. This protocol is called Transport Layer Security, or T.L.S., and everything that it requires from both sides of a secure connection is laid out in a document called RFC 5246, which describes something like the Platonic ideal of a secure Internet connection. Of course, RFC 5246 cannot, by itself, be used to keep your bank account safe. To do that, someone has to write software that will make your Web browser and your bank’s Web server actually follow the steps that RFC 5246 delineates.

Among programmers, cryptography is notorious for its difficulty—even a tiny mistake can render your seemingly secure code worthless—and the conventional wisdom is that, whenever possible, the implementation of cryptography should be left to the experts. Since 1998, one way that programmers have been able to avoid implementing encryption protocols themselves has been to use an open-source library called OpenSSL. A code “library” is just a set of common functions that programmers can use within their own code, rather than having to write them from scratch. If many people are all using the same library, and the code is open-source—so that anyone can check it for bugs—it should be more reliable and more secure than a code that one person or firm could create alone.

Heartbleed is a bug in OpenSSL’s implementation of a small part of the T.L.S. protocol, called the heartbeat extension. A “heartbeat,” in this context, is like the “beep… beep…” of a hospital heart monitor: a quick way to check that the other end of a secure connection is still there. One side sends the other side a small piece of data, up to sixty-five kilobytes long, along with a number indicating the size of the data that has been sent. The other side is supposed to send back the exact same piece of data to confirm that the connection is still active. Unfortunately, in OpenSSL the replying side looks at the stated size of the data rather than at the actual size, and it always sends back the amount of data that the request asked for, no matter how much was sent. This means that if the stated amount of data is more than the amount actually provided, the response contains the data that was sent plus however much additional data, drawn from the contents of the computer’s system memory, is required to match the amount requested.

Here is why this is so bad: the heartbeat response can contain up to sixty-four kilobytes of whatever data happens to be in the server’s random access memory at the moment the request arrives. There is no way to predict what that memory will contain, but system memory routinely contains login names, passwords, secure certificates, and access tokens of all kinds. System memory is temporary: it is erased when a computer is shut down, and the data it holds is written and overwritten all the time. It is generally regarded as safe to load things like cryptographic keys or unencrypted passwords into system memory—indeed, there is little a computer can usefully do without temporarily storing pieces of sensitive data in its system memory. The Heartbleed bug allows an attacker to “bleed” out random drops of this memory simply by asking for it. Heartbeat requests aren’t usually logged or monitored in any way, so an attack leaves no trace. It’s not even possible to distinguish malicious heartbeat requests from authentic requests without close analysis. So an attacker can request new pieces of system memory over and over again; it’s almost impossible for the victim to know they’ve been targeted, let alone to know what data might have been stolen.

Among the items that can be found in a server’s system memory are the keys to cryptographically secured connections and the certificates that allow servers to prove they are what they claim to be. An attacker who steals cryptographic keys could use them to decode and read encrypted data that had previously been intercepted; an attacker who steals certificates could use them to mimic a secure site and to intercept communications. In other words, your browser could be tricked into thinking that it’s connected securely to your bank and instead be connected to an intermediary that can read all the data flowing back and forth.

In the worst-case scenario, criminal enterprises, intelligence agencies, and state-sponsored hackers have known about Heartbleed for more than two years, and have used it to systematically access almost everyone’s encrypted data. If this is true, then anyone who does anything on the Internet has likely been affected by the bug.

But, before you panic, it is worth remembering that, at this point, we don’t know how close we are to the worst-case scenario. It is possible, though improbable, that the security researchers who exposed this flaw were, in fact, the first people to find it, which would mean that it has only been known about, and exploited, for a few days. (It was found, independently, by a team of security researchers at Codenomicon and Neel Mehta, of Google Security.) At the same time the bug was announced, a new, secure version of OpenSSL was released, and updating most of the affected servers is a straightforward task. Major services like Google and Yahoo have already patched the vulnerability. Engineers did not need to stay up all night in a mad scramble to make repairs, but, as one system administrator told me, the nature of the bug made this something more than a routine update. “It’s an update, a configuration change, and a notification to your users that there’s no way to know if their data was stolen or not,” he said. To be safe, identity certificates for servers and users must be revoked and then reissued. The fix, in other words, is both urgent and tedious, which is the worst kind of job for a programmer or system administrator.

As a user, what can you do to protect yourself? Not very much, unfortunately. The standard advice is to change your passwords, but if a service is still vulnerable then changing your password just makes it more likely that it will be the one sitting in a leaked chunk of system memory. It is also not easy to determine whether a particular service you use is still vulnerable. If a provider suggests that you change your password, it should be done immediately; otherwise, it may be better to wait a few days. If you have the option to enable two-factor security, which requires more than just a password, you should do so on every service where it’s available.

How did such a catastrophic bug remain undetected for two years? OpenSSL, which is used to secure as many as two-thirds of all encrypted Internet connections, is a volunteer project. It is overseen by four people: one works for the open-source software company Red Hat, one works for Google, and two are consultants. There is nobody whose full-time job it is to work on OpenSSL.

The project’s code is more than fifteen years old, and it has a reputation for being dense, as well as difficult to maintain and to improve. Since the bug was revealed, other programmers have had harsh criticisms for what they regard as a mistake that could easily have been avoided. Theo de Raadt, the project leader for an open-source operating system called OpenBSD, put it bluntly in a message to a mailing list: “OpenSSL is not developed by a responsible team.” The portion of the code where the bug was found is written in a programming language called C, which was first developed, at Bell Labs, between 1969 and 1973. C is a finicky and old-fashioned language that puts great demands on programmers to manage the use of system memory. No modern language would let this sort of memory leakage take place, because newer languages automatically manage memory use.

Unlike a rusting highway bridge, digital infrastructure does not betray the effects of age. And, unlike roads and bridges, large portions of the software infrastructure of the Internet are built and maintained by volunteers, who get little reward when their code works well but are blamed, and sometimes savagely derided, when it fails. To some degree, this is beginning to change: venture-capital firms have made substantial investments in code-infrastructure projects, like GitHub and the Node Package Manager. But money and support still tend to flow to the newest and sexiest projects, while boring but essential elements like OpenSSL limp along as volunteer efforts. It’s easy to take open-source software for granted, and to forget that the Internet we use every day depends in part on the freely donated work of thousands of programmers. If open-source software is at the heart of the Internet, then we might need to examine it from time to time to make sure it’s not bleeding.

 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

 
Follow

Get every new post delivered to your Inbox.

Join 4,767 other followers

%d bloggers like this: