Looks like Amazon has made good on its threat to terminate the NC affiliate program due to the pending internet sales tax. The tax provision that Amazon objects to would apply sales tax to purchases made through such click through transactions from Web sites run by affiliates based in North Carolina. Amazon claims it is against the US Constitution.
Friday, June 26, 2009
Wednesday, June 24, 2009
NC Internet Sales Tax Debate Heats Up with Budget Crunch
I recently received an update from Brooks Raiford, President of the NC Technology Association (NCTA), on the pending NC internet sales tax legislation. NCTA has been at the forefront of the issue and quick to recognize the burdens the proposed tax will create.
Our very own Charlotte based state senator, Daniel G. Clodfelter, as the primary sponsor of the senate bill for some reason has called S 487 The Modernize Sales Tax Statutes/Digital Products Act, and I am not sure why. Senator Clodfelter can be reached at 919) 715-8331 or via email at Daniel.Clodfelter@ncleg.net to share your thoughts.
The debate is now being played out largely in the budget arena in the absence of legislative language that has been thoughtful aired and crafted. This approach demonstrates the systemic problem with our legislators in Raleigh - building a tax system piece by piece (nickle and dime) that gives rise to even more challenges for small businesses. All this does is increase the complexity of our tax laws and passes the costs to figure it out back to small businesses. I welcome modernization of the tax sytem but call a spade a spade - and this is just a horrible tweak (not modernization). Senator Clodfelter should be embarrassed by this title. No doubt, the legislators will weave something new for us to figure out. For more on my perspective, see my prior post.
As a recap (largely from NCTA), the digital tax issue currently before the North Carolina General Assembly consists of the three main parts – (1) New digital taxes on consumer items such as downloadable books, music and movies, (2) New digital taxes on downloadable software purchases, and (3) New taxes on remote sellers who pay someone in NC for referring potential customers to the seller--the so-called "Amazon tax" that has been enacted in New York.
On April 22- The State Senate Finance Committee first discussed a tax proposal that included new digital taxation without considering a specific bill. The proposal said that it was aimed at digital products purchased electronically if they are currently taxed if purchased in stores. See my prior post for details. On June 20 (Saturday) - The NC House passed a budget that appears to impose new digital taxes on the consumer items referred to above and to include the Amazon provision but does not seem to impose new taxes on business to business software purchases. The House version of the Amazon provision does not apply to sellers if their gross receipts from sales into NC via referrals by NC residents during the prior four quarters are $10,000 or less. FYI, the digital tax part of the budget bill (S 202) is section 27C.2. For an update see the legislative history here.
Business Position. NCTA and many businesses have been keen to oppose all of the tax changes. Many companies and a number of other interested parties such as the NC Chamber and many of the banks and other large industries have been especially focused on business to business software. This opposition is well grounded given the considerable complexity in unraveling the components of taxable products, services, etc.
Amazon Position. Amazon has been vehemently opposed to the tax and has threatened to end its affiliate program in North Carolina as reflected in Amazon's email above to their NC affiliates.
Consumers and iTunes users. Interestingly not a peep out of this crowd. Has Senator Clodfelter and company asked their grandchildren about this idea?
Schedule. The budget now moves to the conference process with the goal for legislators to present a document to the Governor to sign by June 30, the end of the fiscal year.
Phishing gangs "Drip" market to target top banks
I recently noticed a surge in phishing email attacks against a few banks and thought I would take a closer look. Looking only at one sample quarantine here is what I found for the last few days:
JP Morgan Chase - 200 (4 days)
Bank of America - 130 (7 days)
Suntrust - 9 (one day only)
It seems Phishers are deploying traditional email "drip" marketing techniques. For more information on this style of marketing see this write up in Wikipedia.
Ballmer responds with advise for Obama on Cyber Security while in Queen City
In an unusually mellow "Ballmeresque" demeanor, Steve Ballmer headlined the North Carolina Technology Association (NCTA) event last Friday in Charlotte. Mr. Ballmer offered interesting insight into the role of technology and proclaimed now is the time for technology to lead us forward. He reminded us that nearly half of the fortune 500 were formed during the depression and other serious economic downturns. For more coverage see the Charlotte Observer article.
In a shameless effort to solicit insight from the current top dawg in the world of software, I could not pass up the open mike... So I asked..."Given the elevation of cyber security as a national priority by President Obama, what advise would you give him?"
In response, Mr. Ballmer first deftly couched his response and role saying "I don't do that - advise presidents." Not to be left in the cold, he repositioned his repsonse as if he were advising a CEO and had these three comments.
1. The President should use his position as a "Bully Pulpit" to keep cyber security a top concern and make an effort to raise and maintain awareness. He noted that his information reflects a reduction in corporate spending on security - not a good thing.
2. The President should focus on getting his "own house" in order. In other words, the President should undertake a focused effort on securing the government's cyber infrastructure.
3. As for the commercial sector, he offered no specific guidance. He noted that he did not think further regulation was necessary - but that he would deal with whatever comes his way. I am guessing he might have more insight on this front given the nearly $9 million spent on lobying each year. See here for details.
In a shameless effort to solicit insight from the current top dawg in the world of software, I could not pass up the open mike... So I asked..."Given the elevation of cyber security as a national priority by President Obama, what advise would you give him?"
In response, Mr. Ballmer first deftly couched his response and role saying "I don't do that - advise presidents." Not to be left in the cold, he repositioned his repsonse as if he were advising a CEO and had these three comments.
1. The President should use his position as a "Bully Pulpit" to keep cyber security a top concern and make an effort to raise and maintain awareness. He noted that his information reflects a reduction in corporate spending on security - not a good thing.
2. The President should focus on getting his "own house" in order. In other words, the President should undertake a focused effort on securing the government's cyber infrastructure.
3. As for the commercial sector, he offered no specific guidance. He noted that he did not think further regulation was necessary - but that he would deal with whatever comes his way. I am guessing he might have more insight on this front given the nearly $9 million spent on lobying each year. See here for details.
Wednesday, April 15, 2009
Roundtable Discussion: Lining Your Pockets With FUD
The Conflicker “panic” earlier this month has generated a very interesting dialogue among seasoned IT professionals. Most veterans we work with witnessed the passing of Conflicker at their client locations as a “non-event” despite the torrent of media alarms. In addition, many have been appalled by attempts by others to cash in on the event with “Conflicker cure-all solutions.”
Tomorrow at 10 a.m PST we will join Dana Epp of Scorpion Software, Susan Bradley (SBS Diva) of TSH&B and Amy Babinchak of Harbor Computer Services and Third Tier on April 16th in a discussion on selling security without FUD – fear, uncertainty and doubt.
We invite you to join us, ask questions and share your perspective.
Register here: https://www2.gotomeeting.com/register/733132802
Tomorrow at 10 a.m PST we will join Dana Epp of Scorpion Software, Susan Bradley (SBS Diva) of TSH&B and Amy Babinchak of Harbor Computer Services and Third Tier on April 16th in a discussion on selling security without FUD – fear, uncertainty and doubt.
We invite you to join us, ask questions and share your perspective.
Register here: https://www2.gotomeeting.com/register/733132802
Monday, April 13, 2009
Patch Tuesday: important updates coming
April 14th is Patch Tuesday, and if you read the executive summary that Microsoft put out, it looks like almost every popular operating system that Microsoft puts out has something critical.
"Critical" is Microsoft's highest level. These are things can be exploited remotely, although they generally require a vulnerable service to be active and listening. We recommend only forwarding the ports that you actually need forwarded, and, if possible, to limit the range of IP's that can connect.
Vulnerable products include what looks like all the supported Windows operating systems, as well as Internet Explorer, DirectX, and Microsoft Office -- including Office for the Mac. ISA also shows up on the list, although it's "only" a denial of service attack that's being fixed.
"Critical" is Microsoft's highest level. These are things can be exploited remotely, although they generally require a vulnerable service to be active and listening. We recommend only forwarding the ports that you actually need forwarded, and, if possible, to limit the range of IP's that can connect.
Vulnerable products include what looks like all the supported Windows operating systems, as well as Internet Explorer, DirectX, and Microsoft Office -- including Office for the Mac. ISA also shows up on the list, although it's "only" a denial of service attack that's being fixed.
Friday, April 3, 2009
Conficker Eye Chart
http://www.joestewart.org/cfeyechart.html
Since Conficker blocks your access to certain websites, you can tell if you're infected based on the pattern of images you see.
(Unfortunately this may not be a reliable test behind an AccessEnforcer that has its web proxy active.)
Since Conficker blocks your access to certain websites, you can tell if you're infected based on the pattern of images you see.
(Unfortunately this may not be a reliable test behind an AccessEnforcer that has its web proxy active.)
Tuesday, March 31, 2009
Conficker
The Conficker worms spread using the MS08-067 vulnerability (we blogged about this vulnerability earlier). Microsoft released an out-of-band patch for the MS08-067 vulnerability in October 2008.
There are rules that detect exploitation of the MS08-067 that have been out for a while. Any of our clients in IPS mode should be okay from the network angle. (But our device is a perimeter device -- it cannot detect a virus brought in on, say, a USB drive.)
The best way to be defended is to have the machines up-to-date. The reason why the Conficker worm managed to spread to a large number of Windows machines is because most people do not patch their machines. Ensuring that your Windows systems are updated may also help prevent infections from new Conficker variants, if they continue to use the same exploit as the current variants.
In addition, it is also recommended that you do not forward TCP port 445 to any Windows systems. There is no legitimate reason to make TCP port 445 accessible from the Internet. (Update: also ports 135 and 139)
Partners can find more information on our Partner Portal.
These URLs also give more information:
http://www.confickerworkinggroup.org/wiki/pmwiki.php?n=ANY.FAQ
http://www.us-cert.gov/cas/techalerts/TA09-088A.html
There are rules that detect exploitation of the MS08-067 that have been out for a while. Any of our clients in IPS mode should be okay from the network angle. (But our device is a perimeter device -- it cannot detect a virus brought in on, say, a USB drive.)
The best way to be defended is to have the machines up-to-date. The reason why the Conficker worm managed to spread to a large number of Windows machines is because most people do not patch their machines. Ensuring that your Windows systems are updated may also help prevent infections from new Conficker variants, if they continue to use the same exploit as the current variants.
In addition, it is also recommended that you do not forward TCP port 445 to any Windows systems. There is no legitimate reason to make TCP port 445 accessible from the Internet. (Update: also ports 135 and 139)
Partners can find more information on our Partner Portal.
These URLs also give more information:
http://www.confickerworkinggroup.org/wiki/pmwiki.php?n=ANY.FAQ
http://www.us-cert.gov/cas/techalerts/TA09-088A.html
Wednesday, March 11, 2009
Risks of Cloud Computing
At Calyptix we use Salesforce.com for a lot of our customer relationship management, for both sales and support. In most conditions it serves us very well -- at least as good as if we were to manage it entirely in-house. And by being in the cloud, our remote sales and support staff have access to it wherever they are.
Every once in a while, though, relying on things in the cloud has its drawbacks.
That's showing that one of salesforce.com's outbound mail servers is on a spam blacklist at the moment.
Since one of the things that salesforce.com does it coordinate email, it ends up sending a lot of email on behalf of its customers. It can be hard to keep up with all that, and a poorly-worded sales attempt can look an awful lot like spam. (You can find the example at spamcannibal's website; we've avoided linking because it is possibly an innocent mistake on the part of another vendor.)
If you rely on a third-party to send email for you, what happens if that third-party ends up on a blacklist because of another of its customers? These are the questions we'll have to face in the coming years.
Every once in a while, though, relying on things in the cloud has its drawbacks.
$ host 97.234.14.204.bl.spamcannibal.org
97.234.14.204.bl.spamcannibal.org has address 127.0.0.2
That's showing that one of salesforce.com's outbound mail servers is on a spam blacklist at the moment.
Since one of the things that salesforce.com does it coordinate email, it ends up sending a lot of email on behalf of its customers. It can be hard to keep up with all that, and a poorly-worded sales attempt can look an awful lot like spam. (You can find the example at spamcannibal's website; we've avoided linking because it is possibly an innocent mistake on the part of another vendor.)
If you rely on a third-party to send email for you, what happens if that third-party ends up on a blacklist because of another of its customers? These are the questions we'll have to face in the coming years.
Subscribe to:
Posts (Atom)
