Monday, June 19, 2017

Did you know that 70% of Ransomware attacks come via e-mail?

Email remains the No. 1 threat vector for businesses, with a full 76% of ransomware attacks starting with a malicious message.
According to a survey from Barracuda, phishing—and particularly spear phishing—has become a lucrative art. The attackers also do not discriminate based on company size. Email remains one of the most widely used business communications tools, as well as one of the most commonly targeted threat vectors.
“Whether you are a mid-sized business with limited staff and resources, or a 10,000-employee organization with a dedicated security team and budget—we are all feeling the impact of these attacks,” said Hatem Naguib, senior vice president and general manager for the security business at Barracuda. He noted that criminals are taking the time to personalize the messages, crafting them to be compelling and convincing.
The survey showed that more than half (56%) of those we questioned admitted to being targeted by cyberattacks, with 84% of those admitting their organization felt a significant impact as a result. In fact, on average, organizations had been targeted by cyberattacks five times, with 43% targeted more than five times.
An earlier Barracuda study found that 92% of people surveyed are concerned about ransomware hitting their organization, and nearly half, or 47%, of respondents had been a victim of ransomware already.
The effects of an attack are not limited to the organization itself. More than three in 10 of those we questioned admitted that their customers (35%) and even their employees (32%) had lost faith in their security because of an attack. Perhaps most shocking from a global perspective, around one in five report a temporary closure of business (21%) or a loss of customers altogether (17%).
These figures become even more surprising when assuming that the bigger the company, the larger the security budget.
“Having a sizable security budget isn’t enough to make you immune,” said Naguib. “After all, it doesn’t really matter how much money there is in the budget when the majority of threats are still infiltrating organizations via email. This point brings us back to the very important notion that the most effective security plans include a combination of people and technology.”
Specifically, given that human error is at play, organizations must be prepared with a layered security strategy. That could include spam protection and malware filtering at the gateway, advanced threat protection and sandboxing technologies, and dedicated spear phishing solutions designed to stop highly-personalized attacks.

I will tell you I do not click on any link I do not know. When I see an e-mail from a friend that usually never e-mails me a link I delete it. Being very careful helps a lot!

Protect your small business from [Ransomeware]

Ransomware is a growth industry – and it's growing because it works. Attacks by hackers that lock up data unless a ransom is paid shot up an unbelievable 6000% worldwide in 2016 over the previous year. According to the FBI, hackers “earned” over a billion dollars in ransomware attacks in 2016, some five times over the amount they netted in 2015.

Despite the big numbers, it's small users who may be suffering the most. There's reason to believe that small businesses are among the primary targets – perhaps even more than big businesses - of ransomware hackers. According to one study, the average payment demanded by hackers for releasing a system was $679 – an amount that seems paltry, almost, except when you put it in context with who the victims of these demands really are.

Perhaps the most important statistic – the one that makes the whole effort worthwhile for hackers  - is that some 70% of victims pay up, according to a report by IBM. Of those, more than half paid $10,000 or more in ransom to free up their data. A Ponemon Institute study shows that 56% of companies surveyed said they are not ready to fend off ransomware attacks, and just 38% said they have a strategy to deal with ransomware and other malware.

Another Ponemon study says that while 66% of respondents rate the threat of ransomware as very serious, only 13% rated their companies’ preparedness to prevent ransomware as high.

While most small business owners believe that they are more or less immune to ransomware – you can't get blood from a stone, after all – the truth is that hackers are far less selective in their targets. One study shows that in 2015, 43% of all cyber-attacks, especially ransomware attacks, targeted small businesses.  Given the fact that most companies, large and small, pay off the hackers, there's no reason to believe that things will change in 2017.

That's the secret of ransomware success: There really is no business too small to be attacked. While the database of a local dry cleaner may not appear to be as important as that of a national bank, it is to the dry cleaner; hence, his willingness to pay, and if he can get his business back for $679, then the expense is certainly worth it, isn't it?

That is certainly a secret to hackers' ransomware success: Data is important to someone, somewhere – and to get their data back, people will pay. Of course, paying up is no guarantee that the hackers will release the security key that opens up the locked data; if a victim is willing to pay once, why not twice or thrice? 

Once an attack occurs, it's usually too late – although some victims have likely had luck using decryption tools from sites like the No More Ransom Project. Having a good backup system could help a business quickly recover from an attack, but it's not foolproof. In one survey of medium and large companies who didn't pay up, 81% of IT pros said they were “confident” they could cope with an attack, fully restoring their data from backup – but only 42% were able to do so.

That's likely with the advanced backup systems such organizations would have; most small businesses aren't that fortunate, and for most small business people, educating themselves – or paying a consultant to do it for them – about how to use the dizzying array of cyber-defense tools is probably a non-starter.

For them, prevention is going to be key. Indeed, preventing ransomware attacks from reaching companies in the first place is a lot like avoiding any other kind of malware – except that the stakes are higher, so organizations need to be very aware of what they can do, what they can't do, and what steps they need to take to upgrade their capabilities.

Prevent how? According to a report by Osterman Research, “email was the most likely attack vector for ransomware, either via email attachments or malicious links in email messages.” According to the report, 31% of ransomware attacks entered a business via a direct email link, while 28% entered via an email attachment (a Word document with “dirty macros,” for example). Only a quarter entered when engaging with a web site or an application – while infection rates from social media or USB sticks were negligible.

One effective way of disarming such attacks is to use a system that stops rogue files from getting onto the system in the first place, a “gatekeeper” that nabs malware-laden files before they are passed through to users. Instead of concentrating on detection, installing a system that prevents bad files from getting through in the first place.

Technology exists that allows systems to examine files before they are “waved through” by examining the code in an attachment or what lies behind a link, dissecting and reconstructing them to examine what is at their core. If an email or attachment checks out, it is allowed to proceed, and if not, it gets dumped, kept away from users and rendered harmless.

In any event, the bottom line for small businesses is clear: Get control of your email and/or how you engage with it, and you'll reduce your chances of becoming a ransomware victim by a whole lot. 

Remember it is not about you when working with clients [it is what you can do for your clients]

Great article by Chaz Horn!


The most useful thing I've learned and can teach you is to take your attention OFF of yourself and put it on the people who need your help. We can't help others when we are focused on ourselves.
At the end of the day, your potential customers don't give a crap about you. They need help, they need it now, so who CARES what kind of House you have on the Coast or how great your accomplishments are... How does what you do provide a specific and amazing OUTCOME for your clients/customers? If you truly care about the welfare of your clients/customers, but you are unable to reach them. Let's talk.
Everything in your business, from your offer, your sales process, marketing to your pricing, to your service & delivery, should be built around one big question:
"What Outcomes do we provide for our clients?"
At Mastery of Selling B2B, this is our mantra. It determines what we teach, whom we hire, and whom we do (and do not) let into our programs.
That one question will never, ever steer you wrong.
Money comes from serving. Serving comes from making the clients' success your #1 priority.

\I am guilty of forgetting this at times even after all of my years in sales. Listen to your client and then try to help them!

More to come later.

Joe Rossini

Wednesday, June 14, 2017

Marketing and sales and planing do hook together

Plan your work and work your plan that is an old saying but it still works today. This week I planned where I was going to make calls and as I like it they were all in an area that would save me on wear and tear and also I could make a lot of calls without wasting a lot of time. Time is money and by maximizing my time I set myself up to make more money.  If you are a young sales representative, consider mapping out your area and see how many potential customers are in that area.  Male calls on them, telephone then cold calls or set up calls and I bet you that you will increase your sales.  If you need help just call me at 913-244-6132 I can give you a few tips.

More to come soon.

Joe Rossini

Tuesday, June 13, 2017

Important security alert

Please read.....

National Cyber Awareness System:

06/13/2017 11:45 AM EDT

Original release date: June 13, 2017

Systems Affected

Networked Systems


This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides technical details on the tools and infrastructure used by cyber actors of the North Korean government to target the media, aerospace, financial, and critical infrastructure sectors in the United States and globally. Working with U.S. Government partners, DHS and FBI identified Internet Protocol (IP) addresses associated with a malware variant, known as DeltaCharlie, used to manage North Korea’s distributed denial-of-service (DDoS) botnet infrastructure. This alert contains indicators of compromise (IOCs), malware descriptions, network signatures, and host-based rules to help network defenders detect activity conducted by the North Korean government. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA.
If users or administrators detect the custom tools indicative of HIDDEN COBRA, these tools should be immediately flagged, reported to the DHS National Cybersecurity Communications and Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and given highest priority for enhanced mitigation. This alert identifies IP addresses linked to systems infected with DeltaCharlie malware and provides descriptions of the malware and associated malware signatures. DHS and FBI are distributing these IP addresses to enable network defense activities and reduce exposure to the DDoS command-and-control network. FBI has high confidence that HIDDEN COBRA actors are using the IP addresses for further network exploitation.
This alert includes technical indicators related to specific North Korean government cyber operations and provides suggested response actions to those indicators, recommended mitigation techniques, and information on reporting incidents to the U.S. Government.
For a downloadable copy of IOCs, see:


Since 2009, HIDDEN COBRA actors have leveraged their capabilities to target and compromise a range of victims; some intrusions have resulted in the exfiltration of data while others have been disruptive in nature. Commercial reporting has referred to this activity as Lazarus Group[1] and Guardians of Peace.[2] DHS and FBI assess that HIDDEN COBRA actors will continue to use cyber operations to advance their government’s military and strategic objectives. Cyber analysts are encouraged to review the information provided in this alert to detect signs of malicious network activity.
Tools and capabilities used by HIDDEN COBRA actors include DDoS botnets, keyloggers, remote access tools (RATs), and wiper malware. Variants of malware and tools used by HIDDEN COBRA actors include Destover,[3] Wild Positron/Duuzer,[4] and Hangman.[5] DHS has previously released Alert TA14-353A,[6] which contains additional details on the use of a server message block (SMB) worm tool employed by these actors. Further research is needed to understand the full breadth of this group’s cyber capabilities. In particular, DHS recommends that more research should be conducted on the North Korean cyber activity that has been reported by cybersecurity and threat research firms.
HIDDEN COBRA actors commonly target systems running older, unsupported versions of Microsoft operating systems. The multiple vulnerabilities in these older systems provide cyber actors many targets for exploitation. These actors have also used Adobe Flash player vulnerabilities to gain initial entry into users’ environments.
HIDDEN COBRA is known to use vulnerabilities affecting various applications. These vulnerabilities include:
  • CVE-2015-6585: Hangul Word Processor Vulnerability
  • CVE-2015-8651: Adobe Flash Player and 19.x Vulnerability
  • CVE-2016-0034: Microsoft Silverlight 5.1.41212.0 Vulnerability
  • CVE-2016-1019: Adobe Flash Player Vulnerability
  • CVE-2016-4117: Adobe Flash Player Vulnerability
We recommend that organizations upgrade these applications to the latest version and patch level. If Adobe Flash or Microsoft Silverlight is no longer required, we recommend that those applications be removed from systems.
The indicators provided with this alert include IP addresses determined to be part of the HIDDEN COBRA botnet infrastructure, identified as DeltaCharlie. The DeltaCharlie DDoS bot was originally reported by Novetta in their 2016 Operation Blockbuster Malware Report. This malware has used the IP addresses identified in the accompanying .csv and .stix files as both source and destination IPs. In some instances, the malware may have been present on victims’ networks for a significant period.
Technical Details
DeltaCharlie is a DDoS tool used by HIDDEN COBRA actors, and is referenced and detailed in Novetta’s Operation Blockbuster Destructive Malware report. The information related to DeltaCharlie from the Operation Blockbuster Destructive Malware report should be viewed in conjunction with the IP addresses listed in the .csv and .stix files provided within this alert. DeltaCharlie is a DDoS tool capable of launching Domain Name System (DNS) attacks, Network Time Protocol (NTP) attacks, and Character Generation Protocol attacks. The malware operates on victims’ systems as a svchost-based service and is capable of downloading executables, changing its own configuration, updating its own binaries, terminating its own processes, and activating and terminating denial-of-service attacks. Further details on the malware can be found in Novetta’s report.

Detection and Response

HIDDEN COBRA IOCs related to DeltaCharlie are provided within the accompanying .csv and .stix files of this alert. DHS and FBI recommend that network administrators review the IP addresses, file hashes, network signatures, and YARA rules provided, and add the IPs to their watchlist to determine whether malicious activity has been observed within their organization.
When reviewing network perimeter logs for the IP addresses, organizations may find numerous instances of these IP addresses attempting to connect to their systems. Upon reviewing the traffic from these IP addresses, system owners may find that some traffic corresponds to malicious activity and some to legitimate activity. System owners are also advised to run the YARA tool on any system they suspect to have been targeted by HIDDEN COBRA actors. Additionally, the appendices of this report provide network signatures to aid in the detection and mitigation of HIDDEN COBRA activity.

Network Signatures and Host-Based Rules

This section contains network signatures and host-based rules that can be used to detect malicious activity associated with HIDDEN COBRA actors. Although created using a comprehensive vetting process, the possibility of false positives always remains. These signatures and rules should be used to supplement analysis and should not be used as a sole source of attributing this activity to HIDDEN COBRA actors.

Network Signatures

alert tcp any any -> any any (msg:"DPRK_HIDDEN_COBRA_DDoS_HANDSHAKE_SUCCESS"; dsize:6; flow:established,to_server; content:"|18 17 e9 e9 e9 e9|"; fast_pattern:only; sid:1; rev:1;)
alert tcp any any -> any any (msg:"DPRK_HIDDEN_COBRA_Botnet_C2_Host_Beacon"; flow:established,to_server; content:"|1b 17 e9 e9 e9 e9|"; depth:6; fast_pattern; sid:1; rev:1;)

YARA Rules

$rsaKey = {7B 4E 1E A7 E9 3F 36 4C DE F4 F0 99 C4 D9 B7 94
A1 FF F2 97 D3 91 13 9D C0 12 02 E4 4C BB 6C 77
48 EE 6F 4B 9B 53 60 98 45 A5 28 65 8A 0B F8 39
73 D7 1A 44 13 B3 6A BB 61 44 AF 31 47 E7 87 C2
AE 7A A7 2C 3A D9 5C 2E 42 1A A6 78 FE 2C AD ED
39 3F FA D0 AD 3D D9 C5 3D 28 EF 3D 67 B1 E0 68
3F 58 A0 19 27 CC 27 C9 E8 D8 1E 7E EE 91 DD 13
B3 47 EF 57 1A CA FF 9A 60 E0 64 08 AA E2 92 D0}
condition: any of them"
$STR1 = "Wating" wide ascii
$STR2 = "Reamin" wide ascii
$STR3 = "laptos" wide ascii
condition: (uint16(0) == 0x5A4D or uint16(0) == 0xCFD0 or uint16(0) == 0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and 2 of them}"
$randomUrlBuilder = { 83 EC 48 53 55 56 57 8B 3D ?? ?? ?? ?? 33 C0 C7 44 24 28 B4 6F 41 00 C7 44 24 2C B0 6F 41 00 C7 44 24 30 AC 6F 41 00 C7 44 24 34 A8 6F 41 00 C7 44 24 38 A4 6F 41 00 C7 44 24 3C A0 6F 41 00 C7 44 24 40 9C 6F 41 00 C7 44 24 44 94 6F 41 00 C7 44 24 48 8C 6F 41 00 C7 44 24 4C 88 6F 41 00 C7 44 24 50 80 6F 41 00 89 44 24 54 C7 44 24 10 7C 6F 41 00 C7 44 24 14 78 6F 41 00 C7 44 24 18 74 6F 41 00 C7 44 24 1C 70 6F 41 00 C7 44 24 20 6C 6F 41 00 89 44 24 24 FF D7 99 B9 0B 00 00 00 F7 F9 8B 74 94 28 BA 9C 6F 41 00 66 8B 06 66 3B 02 74 34 8B FE 83 C9 FF 33 C0 8B 54 24 60 F2 AE 8B 6C 24 5C A1 ?? ?? ?? ?? F7 D1 49 89 45 00 8B FE 33 C0 8D 5C 11 05 83 C9 FF 03 DD F2 AE F7 D1 49 8B FE 8B D1 EB 78 FF D7 99 B9 05 00 00 00 8B 6C 24 5C F7 F9 83 C9 FF 33 C0 8B 74 94 10 8B 54 24 60 8B FE F2 AE F7 D1 49 BF 60 6F 41 00 8B D9 83 C9 FF F2 AE F7 D1 8B C2 49 03 C3 8B FE 8D 5C 01 05 8B 0D ?? ?? ?? ?? 89 4D 00 83 C9 FF 33 C0 03 DD F2 AE F7 D1 49 8D 7C 2A 05 8B D1 C1 E9 02 F3 A5 8B CA 83 E1 03 F3 A4 BF 60 6F 41 00 83 C9 FF F2 AE F7 D1 49 BE 60 6F 41 00 8B D1 8B FE 83 C9 FF 33 C0 F2 AE F7 D1 49 8B FB 2B F9 8B CA 8B C1 C1 E9 02 F3 A5 8B C8 83 E1 03 F3 A4 8B 7C 24 60 8D 75 04 57 56 E8 ?? ?? ?? ?? 83 C4 08 C6 04 3E 2E 8B C5 C6 03 00 5F 5E 5D 5B 83 C4 48 C3 }
condition: $randomUrlBuilder"


A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:
  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.


Mitigation Strategies

Network administrators are encouraged to apply the following recommendations, which can prevent as many as 85 percent of targeted cyber intrusions. The mitigation strategies provided may seem like common sense. However, many organizations fail to use these basic security measures, leaving their systems open to compromise:
  1. Patch applications and operating systems – Most attackers target vulnerable applications and operating systems. Ensuring that applications and operating systems are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker. Use best practices when updating software and patches by only downloading updates from authenticated vendor sites.
  2. Use application whitelisting – Whitelisting is one of the best security strategies because it allows only specified programs to run while blocking all others, including malicious software.
  3. Restrict administrative privileges – Threat actors are increasingly focused on gaining control of legitimate credentials, especially credentials associated with highly privileged accounts. Reduce privileges to only those needed for a user’s duties. Separate administrators into privilege tiers with limited access to other tiers.
  4. Segment networks and segregate them into security zones – Segment networks into logical enclaves and restrict host-to-host communications paths. This helps protect sensitive information and critical services, and limits damage from network perimeter breaches.
  5. Validate input – Input validation is a method of sanitizing untrusted input provided by users of a web application. Implementing input validation can protect against the security flaws of web applications by significantly reducing the probability of successful exploitation. Types of attacks possibly averted include Structured Query Language (SQL) injection, cross-site scripting, and command injection.
  6. Use stringent file reputation settings – Tune the file reputation systems of your anti-virus software to the most aggressive setting possible. Some anti-virus products can limit execution to only the highest reputation files, stopping a wide range of untrustworthy code from gaining control.
  7. Understand firewalls – Firewalls provide security to make your network less susceptible to attack. They can be configured to block data and applications from certain locations (IP whitelisting), while allowing relevant and necessary data through.

Response to Unauthorized Network Access

Enforce your security incident response and business continuity plan. It may take time for your organization’s IT professionals to isolate and remove threats to your systems and restore normal operations. Meanwhile, you should take steps to maintain your organization’s essential functions according to your business continuity plan. Organizations should maintain and regularly test backup plans, disaster recovery plans, and business continuity procedures.
Contact DHS or your local FBI office immediately. To report an intrusion and request resources for incident response or technical assistant, you are encouraged to contact DHS NCCIC ( or 888-282-0870), the FBI through a local field office, or the FBI’s Cyber Division ( or 855-292-3937).

Protect Against SQL Injection and Other Attacks on Web Services

To protect against code injections and other attacks, system operators should routinely evaluate known and published vulnerabilities, periodically perform software updates and technology refreshes, and audit external-facing systems for known web application vulnerabilities. They should also take the following steps to harden both web applications and the servers hosting them to reduce the risk of network intrusion via this vector.
  • Use and configure available firewalls to block attacks.
  • Take steps to secure Windows systems, such as installing and configuring Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) and Microsoft AppLocker.
  • Monitor and remove any unauthorized code present in any www directories.
  • Disable, discontinue, or disallow the use of Internet Control Message Protocol (ICMP) and Simple Network Management Protocol (SNMP) as much as possible.
  • Remove unnecessary HTTP verbs from web servers. Typical web servers and applications only require GET, POST, and HEAD.
  • Where possible, minimize server fingerprinting by configuring web servers to avoid responding with banners identifying the server software and version number.
  • Secure both the operating system and the application.
  • Update and patch production servers regularly.
  • Disable potentially harmful SQL-stored procedure calls.
  • Sanitize and validate input to ensure that it is properly typed and does not contain escaped code.
  • Consider using type-safe stored procedures and prepared statements.
  • Audit transaction logs regularly for suspicious activity.
  • Perform penetration testing on web services.
  • Ensure error messages are generic and do not expose too much information.

Permissions, Privileges, and Access Controls

System operators should take the following steps to limit permissions, privileges, and access controls.
  • Reduce privileges to only those needed for a user’s duties.
  • Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
  • Carefully consider the risks before granting administrative rights to users on their own machines.
  • Scrub and verify all administrator accounts regularly.
  • Configure Group Policy to restrict all users to only one login session, where possible.
  • Enforce secure network authentication, where possible.
  • Instruct administrators to use non-privileged accounts for standard functions such as web browsing or checking webmail.
  • Segment networks into logical enclaves and restrict host-to-host communication paths. Containment provided by enclaving also makes incident cleanup significantly less costly.
  • Configure firewalls to disallow Remote Desktop Protocol (RDP) traffic coming from outside of the network boundary, except for in specific configurations such as when tunneled through a secondary virtual private network (VPN) with lower privileges.
  • Audit existing firewall rules and close all ports that are not explicitly needed for business. Specifically, carefully consider which ports should be connecting outbound versus inbound.
  • Enforce a strict lockout policy for network users and closely monitor logs for failed login activity. Failed login activity can be indicative of failed intrusion activity.
  • If remote access between zones is an unavoidable business need, log and monitor these connections closely.
  • In environments with a high risk of interception or intrusion, organizations should consider supplementing password authentication with other forms of authentication such as challenge/response or multifactor authentication using biometric or physical tokens.

Logging Practices

System operators should follow these secure logging practices.
  • Ensure event logging, including applications, events, login activities, and security attributes, is turned on or monitored for identification of security issues.
  • Configure network logs to provide adequate information to assist in quickly developing an accurate determination of a security incident.
  • Upgrade PowerShell to new versions with enhanced logging features and monitor the logs to detect usage of PowerShell commands, which are often malware-related.
  • Secure logs in a centralized location and protect them from modification.
  • Prepare an incident response plan that can be rapidly administered in case of a cyber intrusion.


Wednesday, June 7, 2017

Advice on how to best drive user registration on mobile apps.

The article offers tips and advice on how to best drive user registration on mobile apps.
When it comes to creating, delivering, and optimizing apps, there are many questions that must be answered.
One of the most challenging questions to answer is “When is the right time to ask for registration?”
Done improperly or at the wrong time, it could cause users to churn. And when users churn, you have to work twice as hard to get them back.
Many app owners and marketers may think that they know how and when to ask users to register, but the most effective way to determine this is by testing and experimenting with the content and timing of the registration requests.
Here are a few tips to keep in mind:
Related Article: Mobile App Marketing: How Apps Contribute to the Consumer Journey

Asking Users to Register

For some apps, registration is an obvious requirement for accessing certain functionality. For example, banking apps may be able to locate the nearest ATM without registration, but to display account information, users must be registered.
If your app’s core functionality can only be accessed once users are registered, as is the situation with the banking apps, you should clearly explain the benefits to users when you ask them to register.
Otherwise, finding the right time to ask users to register, may be a little trickier. It might also require some testing until you get it just right. Your aim is to give your users enough functionality without registering that it will drive their desire to register.

How to Drive Registration

Think of your users as being in a relationship with you. As in any relationship, there is give and take. The successful relationships are the ones that achieve a balance. In fact, consider the dating scene. Coming up to attractive strangers and asking for their phone numbers rarely ends well; however, after an engaging conversation, when strangers want to get to know you better, they will be glad to offer their number.
To drive registration, give your users a chance to get to know your app. For example, a grocery store app may give users the ability to browse their inventory, view special deals, and add items to their shopping carts freely without registering. But when users want to create their own personal grocery lists or check out, the app asks for registration. In the relationship between app and user, the app needs to give value to drive the “take” of registration information.
Example of ClickTheCity App registration

The Best Registration Process

The best registration process is certainly not about the font you use or even the amount of information you collect. The best registration process is the one that is easiest and friendliest for the user.
While you want to keep the registration form brief, some apps may have customers who feel uncomfortable with a process that is too short, as it doesn’t seem secure. A friendly UX will give users a sense of security, and if it is a longer registration process, you could use a slider form that indicates progress.
Often, the easiest way to register is to link to social accounts. It’s fast, and users often prefer it for its ease. From your side, it often gives you access to all of the information you need, effortlessly. Make it very clear that you’re not going to use or share their data with any third party. Use privacy or regulation icons, as necessary.

The Worst Registration Process

If the best registration process is the friendly one, the worst is the annoying one.
  • Don't ask for registration as soon as users open the app. It may sound obvious, but there are thousands of apps out there that still require up-front registration
  • Don't ask for registration before users have had a chance to see the value in the app
  • Don't take anybody else’s word for it. Always test the timing as it relates to your target audience and their real-time actions
Related Article: Launching An App? You Need These Tips for Promotion

Perfect Timing

Experimenting with the timing for requesting registration is important, and the concept of “give and take” is crucial, here. You must choose the right time to offer your users something that will be of value to them based on their current activities (e.g. access to additional features) so that they will also give you something of value in return (e.g. their personal details and preferences).
For example, if yours is a Fandango-style movie app, you can track unregistered users who are looking at the list of movies and cinemas in your app. In order to get them to register, you must give them something of greater value, like access to movie critic reviews. Promising access to additional features, like critic reviews, that offer a higher value to the user is a fundamental tactic for driving registration. Your users know that in exchange for registering, they also receive something that is useful to them.
You can also offer different levels of registration in cases where some users are not yet prepared to give all of their personal details. In the example of the movie app, people still need to submit their email addresses in order to purchase tickets, even if they do not create a profile within your system.
However, this minimum level of registration is a starting point for you to communicate and build trust with the users so that they will eventually feel comfortable enough to complete their profiles. Once they are familiar with your app and have good experiences using it, they will be more inclined to give you more information.

More to come on this important topic!!!!!!

Tuesday, June 6, 2017

Ranking first is not always the best:

1. It's not necessary to get as many visitors as possible

Many people optimize their web pages because they want to get more website visitors. This usually is a good idea. However, it's likely that won't double your sales if you get twice as many visitors as now.
The additional visitors must come through keywords that convert to sales. It depends on what the searcher is looking for. If you are booking hotel rooms in Miami Beach, then people who enter "book miami beach hotel room" in Google's search box are exactly the people you're looking for.
But that's the best case. Depending on the intention of the searcher, the search terms can be different: "hotel" (general interest in hotels), "miami beach" (interested in general information about the place), "miami beach hotel" (looking for different offerings), etc. Getting high rankings for "miami beach" will get you many new visitors, but few new customers.
Time-saving conclusion:
When you optimize your web pages, optimize them for keywords with a high conversion rate. Avoid vanity keywords that just look good. The more targeted the keywords are, the better. A small traffic increase for good keywords is much better than a big traffic increase for low quality keywords.

2. It's not always necessary to rank higher than your competitors

For some keywords, it doesn't matter if your website is listed on position 2 or position 7. Searchers will check multiple results on the first results page before they make a decision. If your website is listed in the top 3 results, it is possible that the time and effort that is necessary to move your website to position 1 is better used to get high rankings for new keywords.
The number of targeted visitors that you get through the new keywords might be more than the additional visitors that you get by increasing the position for a single keyword.
Time-saving conclusion:
It's sometimes better to optimize for new keywords than to optimize for keywords for which you already have good rankings.
Keywords have been mentioned often in this article by Axandra and it makes me continue to tell people that keywords are important still very important. Many people I have talked to do not think they need keywords anymore, I say bull, you still need them and we can provide them for you!

More to come soon.

Joe Rossini

An interesting offer from

Build a Google ready website, internal reporting, the ability to make changes, hosting, e-mail, standard marketing for one year and more $4995.00. Cannot afford that at once then we finance it for $500.00 per month for one year! Twenty pages, twenty pictures, social media links and more. Contact me at 913-244-6132.

What do our web sites look like? Why don't you go look at

Did you want a phone application? Our pricing is generally around $2000.00 to create an Android app.



Examples of Mobile Applications: (Future options)

Ottawa Kansas Coop





Mobile application for large Coop offering information about the company, list of contacts, descriptions and contact information for locations, access to customer functions, access to crop prices, and more.

More to come soon!

Monday, June 5, 2017 can bring you leads!

How can we help you in your business? We can update your web site so it conforms more to what Google is looking for. We can make sure your keywords internally are keywords that people are looking for. We can do web based pr releases to push new products. We can add reporting that can tell you what is working and what is not on your marketing campaigns. We can submit you to the leading search engines. We can create e-mail campaigns to boost sales.  We can do a lot more but this is just a taste if you choose to help you in your business marketing.

More to come soon!

Internet security sort of

This is a short snippet about the way browsers I think will ove and combat retargeting. Retargeting is sometimes a neat way to follow potential web visitors but it can be pesky and sort of intrusive. Ever see a picture or an ad you might have clicked on a few days ago and then sudeenly you see it all the time, this is a form of retargeting.

Apple may be starting to fight this:

Among the announcements coming out of Apple’s WWDC developer conference is news that Safari will prevent cross-site tracking.
Apple Senior VP Craig Federighi said “intelligent tracking prevention” uses machine learning to keep trackers, namely ad trackers and third-party data trackers, from following users as they browse from site to site.
That browsing information data is routinely used for retargeting, interest and other behavioral ad targeting.
Ads themselves aren’t blocked, just the user’s previous browsing data. The move is “not about blocking ads — the web behaves as it always did, but your privacy is protected,” said Federighi.
We don’t have all the details yet, and we will update here if we learn more. The move again sets Safari apart from Google’s Chrome from a privacy perspective.
Federighi also said Safari will implement auto-play blocking to keep music and video from automatically playing when a page loads on websites.

I believe this sort of privacy protection will spread and many will click on the link to give them more privacy.

More to come.


New capabilities to look at

I have recently been testing new capabilities that I can offer to my customers.  One such capability is the capability to give you exact information on who is visiting your web site and where they visited. This is not perfect but you now would get on several occasions the name and telephone number of the potential client so you could call them! Just think if you could double or triple your sales because your sales support knew exactly who to call!

Another thing to think about is a call to action button on your e mail or on your web site that gives something away or at least gets a person to sign up thus once again, you have a name and perhaps a why they came in.

Another method I am looking at would target or re target ads to people that might have visited you for a reason and your sales machine leaves them a cookie so when they are surfing occasionally an ad from you shows up thus reminding them about your product!  If they came in, looked and left without buying,now you kinda follow them around occasionally and remind them on what a great product you have.

Reporting is another very important way to track if your marketing is working. Yes I have looked at Google Analytics but there are other packages that give you so much more information and are easy to use. If you are using adwords or email blasts or other marketing ideas, would it not be nice to know exactly if they are working?

I have also looked at various SEO products that assist you in making sure your product has good keywords, and proper SEO in place. If you spend a good chunk of change on making a new web site should  yo not know if the internals are right? Many people can write a we age but that is about as far as they can go, we go that extra step. Make sure your website is responsive. Make sure you have good keywords internally.

Just think, what would one or two more large orders be worth to you by using some of these new tactics. The new programming and reporting might only cost you as little as Two hundred per month, certainly one big lead would be worth this.

More to come soon.

Joe Rossini

Wednesday, May 24, 2017

Interesting facts

Wal-Mart will spend millions this year to update hundreds of stores, including 12 stores in Michigan. The effort is meant to connect in-store and online shopping, and features changes such as moving in-store pickup to the front of stores, tests of a click-and-collect grocery service, a dedicated lounge area for customers picking up orders, lower shelving and more signs.  Start looking I am starting to see Walmart change like adding more self check out lanes and guess what they are being used!

More info about retailers:

IKEA Group has promoted Jesper Brodin, a 22-year veteran of the Sweden-based furniture retailer, to CEO, effective Sept. 1. Brodin succeeds Peter Agnefjall and will continue the company's focus on growing its online efforts, said IKEA Chairman Lars-Johan Jarnheimer.

 Macy's has expanded a self-serve model in its shoe department to three Chicago stores and it expects to roll out the change to all stores by July. Associates will still be on hand to help shoe shoppers, but the new setup gives customers the option of bypassing help, and early tests in select markets led to higher shoe sales, Chief Financial Officer Karen Hoguet said.

In Nebraska Malls are still thriving look at the end of this short article:
Locally, Nebraska Crossing Outlets in Gretna has been fully leased since its opening three years ago, developer Rod Yates said. The outlet mall also is wrapping up an expansion that will house an Ulta store and an H&M, to open in August. Yates attributes the center’s success to its mix of tenants, many of whom are new to the market, and a technology platform that allows the mall to collect data on its customers and where they shop.  Collect data is the term, know your customer!

React to change and prosper:

What new retail benchmarks say about the way we shop now
Consumers have been quick to make new technology a part of their lives and expect retailers to do the same. NRF's Jessica Hibbard looks at the latest NRF-FitForCommerce Omnichannel Retail Index to see how retailers are adding features that make it easier for shoppers to discover products, get what they want and collect rewards for coming back again. 

The NRF-FitForCommerce Omnichannel Retail Index tracks retailer implementation of 200 digital and multichannel features — those deceivingly small considerations that make an outsized difference on the shopping experience — and found a double-digit increase in adoption rates on several types of initiatives. From the first study conducted in August 2015 to the most recent analysis in October 2016, online and multichannel retailers have been adding features that make it easier for shoppers to discover products, get what they want and collect rewards for coming back again.

Generation Z??

Mathews also dissects Uniquely Gen Z, an extensive NRF/IBM research study about the youngest generation of consumers. The rise of social media and evolving technologies has ushered in rapid change, and the upheaval will continue as Generation Z gains even more spending power.
“They’re impatient,” Mathews says, speaking about the differences between Gen Z and older generations. “They want things now.” Listen to this episode of Retail Gets Real to learn how retailers can better meet Gen Z’s needs and earn their trust early in their careers as consumers

It is through technology at all levels that retailers and business in general will grow and thrive. Another such example of ways to get those customers to buy faster and direct them in a store are products by COOL-ADStm:
  • Energize your P.O.P. advertising and increase sales with sensory messaging.

    Bring your P.O.P. advertising out of the dark ages with beautiful backlit graphics.
    Command your shoppers' attention and drive sales higher with sensory messaging. Backlit LEDs are incorporated into a design structure that diffuses light across the entire panel. Create whatever messages/designs you want. They print easily on inexpensive transparent sheets and can be installed within seconds. A motion detector module controls the automatic on/off and sleep functions. Battery powered using 8 AA batteries located in an easily accessible compartment.  This captures attention in a store and gets a shopper to the product faster! Once again, a retailer can assist their shopper and make them happy thus hopefully bringing them back again and again.

If you are interested in products from Cool-Adstm let me know I can guide you or visit their web page at

More to come soon about retail and about new technology!

Joe Rossini

Tuesday, May 16, 2017

Solar panels and the law: Can you stop your neighbor from blocking your sunlight?

I know this has nothing to do with the web but I am a big solar guy so if you like solar read this it is interesting and might affect us in the USA one day.

Important notice on a new Ransomware

National Cyber Awareness System:

05/12/2017 09:36 PM EDT

Original release date: May 12, 2017 | Last revised: May 15, 2017

Systems Affected

Microsoft Windows operating systems


According to numerous open-source reports, a widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in as many as 74 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The software can run in as many as 27 different languages.
The latest version of this ransomware variant, known as WannaCry, WCry, or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and has spread rapidly over several hours, with initial reports beginning around 4:00 AM EDT, May 12, 2017. Open-source reporting indicates a requested ransom of .1781 bitcoins, roughly $300 U.S.

This Alert is the result of efforts between the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) to highlight known cyber threats. DHS and the FBI continue to pursue related information of threats to federal, state, and local government systems and as such, further releases of technical information may be forthcoming.


Initial reports indicate the hacker or hacking group behind the WannaCry campaign is gaining access to enterprise servers either through Remote Desktop Protocol (RDP) compromise or through the exploitation of a critical Windows SMB vulnerability. Microsoft released a security update for the MS17-010 vulnerability on March 14, 2017. Additionally, Microsoft released patches for Windows XP, Windows 8, and Windows Server 2003 operating systems on May 13, 2017. According to open sources, one possible infection vector is via phishing emails.

Technical Details

Indicators of Compromise (IOC)

IOCs are provided within the accompanying .xlsx file of this report.

Yara Signatures

rule Wanna_Cry_Ransomware_Generic {
              description = "Detects WannaCry Ransomware on Disk and in Virtual Page"
              author = "US-CERT Code Analysis Team"
              reference = "not set"                                        
              date = "2017/05/12"
       hash0 = "4DA1F312A214C07143ABEEAFB695D904"
              $s0 = {410044004D0049004E0024}
              $s1 = "WannaDecryptor"
              $s2 = "WANNACRY"
              $s3 = "Microsoft Enhanced RSA and AES Cryptographic"
              $s4 = "PKS"
              $s5 = "StartTask"
              $s6 = "wcry@123"
              $s7 = {2F6600002F72}
              $s8 = "unzip 0.15 Copyrigh"
              $s9 = "Global\WINDOWS_TASKOSHT_MUTEX"       
              $s10 = "Global\WINDOWS_TASKCST_MUTEX"  
             $s11 = {7461736B736368652E657865000000005461736B5374617274000000742E776E7279000069636163}
             $s12 = {6C73202E202F6772616E742045766572796F6E653A46202F54202F43202F5100617474726962202B68}
             $s13 = "WNcry@2ol7"
             $s14 = "wcry@123"
             $s15 = "Global\MsWinZonesCacheCounterMutexA"
              $s0 and $s1 and $s2 and $s3 or $s4 and $s5 and $s6 and $s7 or $s8 and $s9 and $s10 or $s11 and $s12 or $s13 or $s14 or $s15
/*The following Yara ruleset is under the GNU-GPLv2 license ( and open to any user or organization, as long as you use it under this license.*/
rule MS17_010_WanaCry_worm {
              description = "Worm exploiting MS17-010 and dropping WannaCry Ransomware"
              author = "Felipe Molina (@felmoltor)"
              reference = ""
              date = "2017/05/12"
              $ms17010_str1="PC NETWORK PROGRAM 1.0"
              $ms17010_str3="Windows for Workgroups 3.1a"
              $wannacry_payload_substr1 = "h6agLCqPqVyXi2VSQ8O6Yb9ijBX54j"
              $wannacry_payload_substr2 = "h54WfF9cGigWFEx92bzmOd0UOaZlM"
              $wannacry_payload_substr3 = "tpGFEoLOU6+5I78Toh/nHs/RAP"
              all of them

Initial Analysis

The WannaCry ransomware received and analyzed by US-CERT is a loader that contains an AES-encrypted DLL. During runtime, the loader writes a file to disk named “t.wry”. The malware then uses an embedded 128-bit key to decrypt this file. This DLL, which is then loaded into the parent process, is the actual Wanna Cry Ransomware responsible for encrypting the user’s files. Using this cryptographic loading method, the WannaCry DLL is never directly exposed on disk and not vulnerable to antivirus software scans.
The newly loaded DLL immediately begins encrypting files on the victim’s system and encrypts the user’s files with 128-bit AES. A random key is generated for the encryption of each file.
The malware also attempts to access the IPC$ shares and SMB resources the victim system has access to. This access permits the malware to spread itself laterally on a compromised network. However, the malware never attempts to attain a password from the victim’s account in order to access the IPC$ share.
This malware is designed  to spread laterally on a network by gaining unauthorized access to the IPC$ share on network resources on the network on which it is operating.


Ransomware not only targets home users; businesses can also become infected with ransomware, leading to negative consequences, including
  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.
Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.


Recommended Steps for Prevention
  • Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017.
  • Enable strong spam filters to prevent phishing e-mails from reaching the end users and authenticate in-bound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent e-mail spoofing. 
  • Scan all incoming and outgoing e-mails to detect threats and filter executable files from reaching the end users.
  • Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.
  • Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary. 
  • Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares. 
  • Disable macro scripts from Microsoft Office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office suite applications.
  • Develop, institute and practice employee education programs for identifying scams, malicious links, and attempted social engineering.
  • Have regular penetration tests run against the network. No less than once a year. Ideally, as often as possible/practical.
  • Test your backups to ensure they work correctly upon use.
Recommended Steps for Remediation
  • Contact law enforcement. We strongly encourage you to contact a local FBI field office upon discovery to report an intrusion and request assistance. Maintain and provide relevant logs.
  • Implement your security incident response and business continuity plan. Ideally, organizations should ensure they have appropriate backups so their response is simply to restore the data from a known clean backup. 
Defending Against Ransomware Generally
Precautionary measures to mitigate ransomware threats include:
  • Ensure anti-virus software is up-to-date.
  • Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks.
  • Scrutinize links contained in e-mails, and do not open attachments included in unsolicited e-mails.
  • Only download software – especially free software – from sites you know and trust.
  • Enable automated patches for your operating system and Web browser.
Report Notice
DHS and FBI encourages recipients who identify the use of tool(s) or techniques discussed in this document to report information to DHS or law enforcement immediately. We encourage you to contact DHS’s National Cybersecurity and Communications Integration Center (NCCIC) ( or 888-282-0870), or the FBI through a local field office or the FBI’s Cyber Division ( or 855-292-3937) to report an intrusion and to request incident response resources or technical assistance.


Revision History

  • May 12, 2017: Initial post
  • May 14, 2017: Corrected Syntax in the second Yara Rule
  • May 14, 2017: Added Microsoft link to patches for Windows XP, Windows 8, and Windows Server 2003
  • May 14, 2017: Corrected Syntax in the first Yara Rule

This product is provided subject to this Notification and this Privacy & Use policy.

Tuesday, May 9, 2017

Social Networking security

Often we get on a social network and do not think anything about security but they should. Hackers as the past election might have shown can do some amazing things so you must be vigilant.Here is some info about Twitter:

Twitter: Beware of shortened URLs

Twitter is a valuable source of real-time information. During the devastating Japanese earthquake and tsunami in March, Twitter users shared information and helped raise funds. Unfortunately, as often happens, scammers try to channel that goodwill for their own gain. A Twitter scam impersonating the British Red Cross asked tweeters to send money via MoneyBookers to a Yahoo email address in one Japanese tsunami charity scam. In another scam, emails resembling Twitter notifications included dangerous links disguised as a tsunami video. If you clicked on this link, malicious JavaScript could infect your computer.
Twitter users often shorten URLs via and other services to keep tweets within their 140 character limit. Hackers can also create shortened URLs to easily redirect you to malicious sites, since the URL itself gives you no indication of the site name. Although most shortened URLs are legitimate, if a link brings you to another page that asks for a Twitter or Facebook password, leave immediately.
Similar to Facebook scams, Twitter messages promise such curiosities as the “Banned Lady Gaga Video,” which takes users to a fake YouTube page. If you click the play button, a window pops up and seeks permission to access your Twitter account. If you grant access, you allow third parties to post messages in your name. Another recent scam, “TimeSpentHere,” promises to tell you how many hours you’ve spent on Twitter. Since it appears to come from a Twitter friend, you may think about clicking on it. But this rogue application actually wants your email address, which could be used later for a phishing campaign or spam.
How about Facebook? Facebook has been working hard to protect their users but read this article and realize there may be some ulterior motives: 

Facebook: Self-XSS, clickjacking and survey scams abound

With so many users, Facebook is a target for scams; it can also expose your personal information far beyond your group of friends.
Users need to remember that Facebook makes money from its advertisers, not users. Since advertisers want to get their message out to as many people as possible, Facebook shares your information to everyone, not just your "friends." And most recently, Facebook's facial recognition technology automatically suggests that friends tag you, unless you turn it off.
Scams on Facebook include cross-site scripting, clickjacking, survey scams and identity theft. One of the scammers' favorite methods of attack of the moment is known as cross-site scripting or "Self-XSS." Facebook messages such as Why are you tagged in this video? and the Facebook Dislike button take you to a webpage that tries to trick you into cutting and pasting a malicious JavaScript code into your browser’s address bar. Self-XSS attacks can also run hidden, or obfuscated, JavaScript on your computer allowing for malware installation without your knowledge.
Facebook scams also tap into interest in the news, holiday activities and other topical events to get you to innocently reveal your personal information. Facebook posts such as “create a Royal Wedding guest name” and "In honor of Mother’s Day" seem innocuous enough, until you realize that information such as your children’s names and birthdates, pet’s name and street name now reside permanently on the Internet. Since this information is often used for passwords or password challenge questions, it can lead to identity theft.
Other attacks on Facebook users include "clickjacking" or "likejacking," also known as "UI redressing." This malicious technique tricks web users into revealing confidential information or takes control of their computer when they click on seemingly innocuous webpages. Clickjacking takes the form of embedded code or script that can execute without the user's knowledge. One disguise is a button that appears to perform another function. Clicking the button sends out the attack to your contacts through status updates, which propagates the scam. Scammers try to pique your curiosity with messages like "Baby Born Amazing effects" and "The World Funniest Condom Commercial – LOL". Both clickjacking scams take users to a webpage urging them to watch a video. By viewing the video, it’s posted that you “like” the link and it’s shared with your friends, spreading it virally across Facebook.
Clickjacking is also often tied to “survey scams” which trick users into installing an application from a spammed link. Cybercriminals take advantage of news topics, such as the Osama bin Laden video scam, which takes you to a fake YouTube site in an effort to get you to complete a survey. Scammers earn commission for each person that completes it. Taking the survey also spreads the scam virally to your Facebook friends.
In theory, new Facebook security features provide protection against scams and spam—but unfortunately they’re mainly ineffectual. Self-XSS, clickjacking and survey scams essentially did not exist just a few years ago, but they now appear on Facebook and other social networks on a daily basis.
Our recent social networking poll also asked computer users which social network they felt posed the biggest security risk. Facebook is clearly seen as the biggest risk with 81% of the votes, a significant rise from the 60% who felt Facebook was the riskiest when we first asked the question a year ago. Twitter and MySpace each received 8% of the votes this year, and LinkedIn only 3%.
This information moves fast so keep researching on your own. The above information came courtesy of SOPHOS.

More to come soon.

Joe Rossini