Owners with tax calculations,

Miva Merchant’s online shopping cart software has some exciting new features and upgrades upcoming soon!
The new wombat for Miva Merchant 5.5 is now in Beta Testing
A new partnership with AccurateTax has been created in order to aid store owners with tax calculations.
The exciting new features included in the Wombat and the AccurateTax partnership are designed to help online merchants that utilize Miva Merchant Web Hosting take their business to the next level by increasing functionality and saving time and hassle.
Anyone with a fully up to date Miva Merchant 5.5 store can test the new Wombat beta and make suggestions to the Miva team on how to better these new components. Since the Wombat is only in the beta stages, Miva does recommend that you initially install and test the Wombat on a developmental copy of your store to make sure everything runs and functions properly. You can simply install the Wombat from the Streaming Update menu in your global settings.
Key features included in the Wombat beta are:
Order Management with Advanced Credit Card Features
Label Printing For UPS, USPS (Fed Ex will be included in the final version)
Address Line 2 for Billing, Shipping and Databases
Order Status and History Fields
Remember that the features included in this Wombat will be available as a streaming update with the production release (after the beta and developmental process). You do not have to be involved in the beta testing and pre-development stages in order to enjoy the new features – you simply need to wait until the wombat is released as an official update to your store.
In addition to the Wombat beta release, there is some more exciting news in the Miva Host world! As a result of the often complicated and confusing sales tax rules that face online merchants, Miva Merchant has joined forces with AccurateTax – a leading provider of sales tax software. The goal of this partnership is to make tax computations within the shopping cart. This tax plug-in ensures that stores are calculating the correct taxes for the right state(s) and are up to date with the ever-changing rules and laws concerning the calculation of sales tax. Furthermore, online storeowners need not worry that this module will slow down their sites because most of the work is completed on AccurateTax’s servers.
For more details and instructions regarding the Wombat and AccurateTax, please visit the Miva Merchant forums.

The customer protection company for online businesses,

The customer protection company for online businesses, Trusteer, today issued a security advisory that warns the customers of website hosting companies, including yahoo.com, against a new phishing attack aimed at stealing their content management system log-in credentials. The e-mails discovered by Trusteer appear to be from Yahoo.com (and other website hosting firms) and ask website owners to confirm their cPanel/FTP account information. Using this information, criminals are uploading look-a-like bank website pages to steal funds.
cPanel is a very popular CMS (Content Management System), used by many leading hosting providers, including Yahoo. It is used to perform website operations, including FTP account control and setup, which can be used to upload content to the cPanel-managed web site. Over the past few days, Trusteer’s security monitoring service has detected a phishing email campaign targeting owners of cPanel-based sites at various hosting providers. The attack is designed to harvest the FTP credentials of site owners, using cPanel-oriented messaging. The full report is available at: http://www.trusteer.com/files/cPanel-FTP-Phishing-advisory.pdf
“The ability to upload arbitrary content into relatively small and less popular sites may seem un-interesting fraud-wise,” said Amit Klein CTO of Trusteer and head of the company’s research organization. “However, evidence we have collected over the past few months connects cPanel-driven sites to online banking fraud. By stealing cPanel login credentials, criminals do not need to use hacking tools to upload content to a website, and therefore can avoid detection until after they have siphoned funds from consumer and business banking accounts.”
About Rapport
Rapport from Trusteer is a lightweight browser plug-in plus security service that acts like a vault inside the browser and prevents redirection of user information to fraudulent websites. It protects personally identifiable information (PII) and Web pages from unauthorized access and theft while users are accessing sensitive Web sites. Trusteer also offers in-the-cloud reporting services where unauthorized access attempts detected by Rapport are analyzed by fraud experts who provide actionable intelligence to financial institutions.
About Trusteer
Trusteer enables online businesses to secure communications with their customers over the Internet and protect PII from a user’s keyboard into the company’s Web site. Trusteer’s flagship product, Rapport, allows online banks, brokerages, healthcare providers, and retailers to protect their customers from identity theft and financial fraud. For more information visit www.dhanprasadgurung.blogspot.com,

Verizon Business security ,

The latest in the Data Breach Investigations Report series by Verizon Business security experts provides enterprises with an unprecedented look at the 15 most common security attacks and how they typically unfold.
In the "2009 Supplemental Data Breach Investigations Report: An Anatomy of a Data Breach," Verizon Business security experts tap the company's detailed investigative records to identify, rank and profile the most common attacks. For each type of attack, the report provides real-world scenarios, the warning signs, how the attack is orchestrated, how attackers got in, what information they took, what assets the attackers targeted, what industries are commonly affected, and what countermeasures are effective. In total, the report details nearly 150 ways to detect and combat security threats.
This latest installment in Verizon's data breach study series is based on the "2009 Verizon Business Data Breach Investigations Report," issued in April. That landmark study analyzed more than 90 forensic investigations involving 285 million compromised records.
This supplemental report seeks to address the thousands of inquiries we've received from companies around the world wanting a more detailed explanation of attacks, as well as requests for additional recommendations for deterring, preventing and detecting breaches," said Dr. Peter Tippett, vice president of technology and innovation, Verizon Business. "This follow-up analysis is aimed at helping organizations better safeguard their organizations by understanding the anatomy of a data breach and how cybercriminals workThe 2009 Verizon Business Supplemental Data Breach Report identified and ranked by frequency the following top 15 types of attacks:
1. Keylogging and spyware: Malware specifically designed to covertly
collect, monitor and log the actions of a system user.
2. Backdoor or command/control: Tools that provide remote access to or
control of infected systems, or both, and are designed to run covertly.
3. SQL injection: An attack technique used to exploit how Web pages
communicate with back-end databases.
4. Abuse of system access/privileges: Deliberate and malicious abuse of
resources, access or privileges granted to an individual by an
organization.
5. Unauthorized access via default credentials: Instances in which an
attacker gains access to a system or device protected by standard preset
(widely known) user names and passwords.
6. Violation of acceptable use and other policies: Accidental or purposeful
disregard of acceptable use policies.
7. Unauthorized access via weak or misconfigured access control lists When ACLs are weak or misconfigured, attackers can access
resources and perform actions not intended by the victim.
8. Packet Sniffer: Monitors and captures data traversing a network.
9. Unauthorized access via stolen credentials: Instances in which an
attacker gains access to a protected system or device using valid but
stolen credentials.
10. Pretexting or social engineering: A social engineering technique in
which the attacker invents a scenario to persuade, manipulate, or trick
the target into performing an action or divulging information.
11. Authentication bypass: Circumvention of normal authentication mechanisms
to gain unauthorized access to a system
12. Physical theft of asset: Physically stealing an asset.
13. Brute-force attack: An automated process of iterating through possible
username/password combinations until one is successful.
14. RAM scraper: A fairly new form of malware designed to capture data from
volatile memory (RAM) within a system.
15. Phishing (and endless "ishing" variations): A social engineeringIn addition to the extensive threat catalogue, the supplemental report includes an appendix that compares Verizon's caseload with DataLossDB, a public database of reported incidents worldwideAbout Verizon Business
Verizon Business, a unit of Verizon Communications (NYSE: VZ), is a global leader in communications and IT solutions. We combine professional expertise with one of the world's most connected IP networks to deliver award-winning communications, IT, information security and network solutions. We securely connect today's extended enterprises of widespread and mobile customers, partners, suppliers and employees - enabling them to increase productivity and efficiency and help preserve the environment. Many of the world's largest businesses and governments - including 96 percent of the Fortune 1000 and thousands of government agencies and educational institutions - rely on our professional and managed services and network technologies to accelerate their business. Find out more at www.dhanprasadgurung.blogspot.com.
VERIZON'S ONLINE NEWS CENTER: Verizon news releases, executive speeches and biographies, media contacts, high-quality video and images, and other information are available at Verizon's News Center on the World Wide Web at www.verizon.com/news. To receive news releases by e-mail, visit the News Center and register for customized automatic delivery of Verizon news releases.