PayPal Handles PCI Compliance for SMB Ecommerce Merchants

http://www.ecommerce-guide.com//article.php/3937816
— eCommerce-Guide.com

By Vangie Beal

July 27, 2011

While the phrase PCI compliance is enough to make a small business ecommerce merchant groan, the reality for merchants is that compliance is required in this day and age of online shopping -- regardless of the size of your online business.

PCI Compliance Explained

The Payment Card Industry Data Security Standard (PCI DSS) is designed to be a baseline minimum standard for credit card security. In a nutshell, PCI DSS is a security process to help you identify all parts of your business that are vulnerable to theft, ranging from how you dispose of paper records to how you transmit and store personally identifiable information online -- including your customers' credit card information.

To achieve PCI compliance, an online retailer must meet all PCI DSS requirements. Lee Castro, a senior marketing manager at PayPal said that when it comes to being in compliance with PCI regulations, a lot of responsibility falls to the merchant.
"Some of the responsibilities for merchants include building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability-management program, implementing strong access control measures, regularly monitoring and testing networks,and maintaining an information security policy," he explained.

The problem most small business ecommerce site owners will face is putting the infrastructure into place to meet those requirements. The approach that merchants use in meeting these requirements is an important business consideration.

"Merchants can decide to build and maintain the infrastructure to meet these requirements themselves, or they can outsource that infrastructure by using a third party, like PayPal, that stores, transmits, and processes the data on their behalf.  The decision is certainly a key decision for the merchant, as it has implications in terms of overall cost and time investment," Castro said.

Outsourcing PCI Security and Compliance to PayPal

Working to assist small business site owners and online merchants tackle PCI compliance, PayPal recently announced a significant update to PayPal Payflow Link that provides merchants with "PCI peace of mind" and buyers with a streamlined purchasing experience.

"Our recent PayPal Payflow update allows merchants peace of mind when it comes to PCI compliance management.  PayPal achieves this by offering hosted templates that ensure that sensitive cardholder data is stored, transmitted, and processed by PayPal, not the merchant," said Castro. "As a result, merchants can stay focused on future business growth instead of website security."

In this way, PayPal acts as a trusted third-party that stores, transmits, and processes credit card data on behalf of the merchant and also assumes the responsibility of keeping customers' information safe and the transaction secure to meet PCI requirements.  As part of your ongoing PCI Compliance management you will need to periodically certify your compliance to PCI regulations, but by outsourcing the infrastructure, that certification workload is greatly reduced. 

Embedded Checkout Templates

One issue that merchants may face when outsourcing PCI Compliance is being able to offload the security and still provide a seamless transaction process for the customer. In most cases merchants want to provide customers with the level of PCI security, but also don't want to let customers know that another player has entered the transaction process.

PayPal solves this problem with Payflow Link's embedded checkout template so your customers do not have to leave your site during the checkout process to buy securely. This, according to PayPal, creates an efficient and secure transaction that meets key expectations of the shopping experience. 

"The element that stands out in terms of consumer preference is those sites that offer the most efficiency.  A key part of delivering that efficiency is having a streamlined shopping experience that doesn't redirect the customer," said Castro. "The seamless process means that the customer will be less likely to abandon the sale as a result of additional websites and windows to navigate."

PayPal's Payflow Link tool is available to merchants who want to conduct sales and transactions from their own website or online Web store.

Related PCI Compliance Articles

From beginner guides to expert tips, our selection of PCI compliance articles can help you to better manage your ecommerce business.

• Will PCI Outsourcing Kill Conversion Rates?
• 4 Ecommerce Regulations to Need to Know
• PCI Security: Small E-tailers Face Large Fines if Hacked
• The Tangled Web of PCI Compliance, Are You Ready?

Vangie Beal is a veteran online seller and frequent contributor to ECommerce-Guide.com. She is also managing editor of Webopedia.com. You can tweet with her online @AuroraGG.

Google两步验证安装使用方法

http://www.williamlong.info/archives/2754.html

-月光博客

由于Google的Gmail账户经常遭到恶意攻击，甚至出现美国政府高级官员帐号被攻击的情况，Google在早先推出过一个更安全的登录Google账户的方式：两步验证，目前该功能已经向全球用户开放。

两步验证和动态密码

两步验证，指的是用户登录Google账户的时候，除了要输入用户名和密码，还要求用户输入自己手机的一个动态密码，为Google帐户额外添加了一层保护。也就是说，即使入侵者窃取了用户的Google密码，也会因不能使用用户的手机而无法登录帐户。

Gmail的"两步验证"支持iPhone和Android手机，实际上属于动态密码的一种类型。动态密码（Dynamic Password）也称一次性密码，它指用户的密码按照时间或使用次数不断动态变化，每个密码只使用一次。由于每次使用的密码必须由动态令牌来产生，而用户每次使用的密码都不相同，因此黑客很难计算出下一次出现的动态密码。不过动态密码对手机要求较高，需要iPhone或Android这样的智能手机。

安装两步验证

对于经常受到攻击的Gmail用户，强烈推荐使用Gmail的"两步验证"功能，设置方法是，先登录Google帐号，然后访问这个地址，之后系统会让用户选择获取验证码的方式：短信 （SMS）、语音电话或智能手机应用程序。如果用户的手机是iPhone、Android或黑莓手机，强烈建议选择智能手机应用程序的方式，更为稳定和快速。

之后去iTunes或者Android市场下载一个名为Google Authenticator的应用，将其安装。

之后在Google Authenticator（谷歌身份验证器）中，点击"+"。选择基于时间类型的密钥。在"帐户"中键入用户的完整电子邮件地址。在"密钥"中键入Google网页上生成的密钥，空格可有可无，点击"完成"即可。

之后就可以使用动态口令了，这种动态口令极大增强了Gmail的安全性。

使用两步验证

两步验证启用之后，用户具体的使用流程是，在Web端，用户登录Google账户，先输入原有的用户名和密码。

之后，系统会提示用户输入通过手机上的动态验证码。为了减少输入次数，用户可以选择每30天输入一次动态验证码。

对于手机或桌面上的独立应用，例如Gmail移动版、桌面Picasa等，就无法使用动态密码，需要在"两步验证"设置里生成一个随机密码，供应用程序使用，用户在这些独立应用里，登录Google需要使用"两步验证"生成的随机密码。

关闭两步验证

用户启用"两步验证"之后，如果感觉太麻烦不好用，可以选择关闭两步验证，关闭的方法是：

访问 Google 帐户设置下的使用两步验证页面。使用用户名、密码和验证码登录，点击关闭两步验证。系统会显示一个弹出式窗口，以确定用户要关闭两步验证，点击确定即可关闭"两步验证"。

总结

邮箱是密码管理中的核心和关键，通过邮件重置密码功能，可以获得用户大部分网站的密码，因此一旦邮箱密码被黑，会导致用户全部密码体系失控，Gmail动态密码虽然看起来麻烦一些，其实也并非每次都输入，在单台电脑可以三十天再输入一次。方便性固然是好的，安全性是更重要的，用户必须要重视自己的密码管理，虽然增加了一点点不便，但是你可能将会因此避免极大损失的可能性。

How To Get Hardware Information In Linux

http://www.webupd8.org/2011/07/how-to-get-hardware-information-in.html

 ~ Web Upd8: Ubuntu / Linux blog

To use lshw, run the following command in a terminal:

 sudo lshw

To get the hardware information in a HTML file, use the command below:

 cd && sudo lshw -html > hardware_info.html

After running the command above, you should find a file called "hardware_info.html" in your home directory - you can open this file using a web browser.

How To Use Google Plus

http://www.readwriteweb.com/archives/how_to_start_with_google_plus.php

By Dan Rowinski / June 29, 2011 11:20 AM / 504 Comments

Waiting for a Google Plus invite? Google is rolling out the service in waves and you can expect it to become a ubiquitous social option in the coming months. We have been playing with the service since getting invites yesterday and there are a lot of things to like about Google's new social initiative.

Unlike Google's last big invite-only rollout of a social initiative - Google Wave - users will not be confounded on just what the heck you are supposed to with the service when signing up for the first time. From Friendster, Friendfeed, MySpace and Facebook, users are familiar with how a social platform is theoretically supposed to look. At its core level, Plus is not that much different. Yet, there is so much more. How do you get started with Google Plus? Let's break down the nuts and bolts.

Create Your Circles

Imagine the ability to break down Facebook into its various constituent parts and keep them separate from each other as opposed to one giant feed. That is what Google has done with Plus. There is one main stream where all your friends updates show up then the option to see updates from only certain groups like "Work," "Friends" or "Family." This is the essence of Circles.

From the initial interface, you will see four buttons - Home, Photos, Profile and Circles.

The first thing you are going to want to do is set up your circles. Click on the tab and it will bring you to a interface where all of your contacts in Gmail (not just Gmail addresses, but all of your contacts) are listed in a panel on top of the screen. Below is a panel that has your various circles. To add a contact to a circle, drag from the top of the list to the appropriate group. Contacts can be added to multiple circles.

One of the initial problems I had from the circles interface was that I added a couple of "Friends" into my "Work" circle and could not figure out how to get them out. You can do this from the user streams by hovering over the person's name and hovering over "Add to circles" and clicking the appropriate boxes. Yet, from the circles interface, that was not readily apparent. To take people out of a circle, hover above the circle, grab their icon and drag it back into the people plane.

One of the great differentiators between Twitter and Facebook is the "unbalanced" or "balanced" follow. Facebook was initially a two-way follow paradigm - I friend you, you friend me and we see each other's updates. This has been changed with the ability to "like" groups, brands and pages without them following you back. Twitter has always been a one-way follow - I follow you and you do not necessarily have to follow me back.

This line has been blurred in circles. If a person is in your contacts, they can be added to a circle and will get a notification that has happend (but not what circle they have actually been added to). There is also a "follow" circle. Just like Twitter, you can follow people and see their updates without them having to follow you back. As your circles evolve this could allow to track different interests, like Twitter lists.

The Stream and "Bumping"

Once you have set up your circles, go back to the Home screen to see the results. Below the profile picture you will see the choices of stream. You can view your entire stream at once (à la Facebook) or by particular circle.

There are two other options below your circles - Incoming and Notifications. Clicking incoming will bring you to messages that have been sent by people outside of your circles. Notifications will show you when people in your circles have commented on something you have posted, or something you have commented on.

Below the circles and notifications there is a tab dubbed "Sparks." More on that below.

One of the killer features of Gmail, or any Google product, is Chat. It has made its way into Plus and sits in the familiar left-hand, bottom-right portion of the screen that it is found in Gmail. Users with a lot of Circle and Chat contacts will like the ability to enable chat for particular groups. Want to surface friends and family but not acquaintances? Plus will let you do that.

If you are using Plus in a Chrome browser, desktop notifications do not pop up when someone sends you a message like it would in Gmail.

Posting a status update in Plus is not like sending a Tweet or updating Facebook. The core functions of an update are present - photos, links, video and location - but when you hit "share" it doesn't automatically post your message to everybody in your circles. You have the option to decide which circles your update is posted to, from individual groups to all circles, to extended circles, or just a single person.

An interesting feature in the user stream is that conversations will surface back to the top of the feed when subsequent comments are made on a thread. This, according to Google developer Jean-Baptiste Queru, is called "bumping." Google Buzz has this same capability and it was also a feature of FriendFeed.

Photos

Photos in Plus are relatively self-explanatory. Users can update photos from their computers or from their phones, see photos that people in their circles have uploaded. With the Android app, there is a way to upload any photo that you take with your phone straight to Plus, an interesting if slightly disconcerting feature.

When you add a photo, it will prompt you to create an album. Once that album is created it will ask which of your circles you would like to share it with. This is a prime differentiator from Facebook where all of your photos are visible to all of your friends by default (you can change who can view certain photos in Facebook preferences). You can also pick an individual to share photos with instead of an entire circle.

Photo uploading is easy within Plus. Just like adding a picture or an attachment to a Gmail document, you can drag-and-drop from your desktop or click the on the upload button and browse your computer for pictures.

Users can also add photos by posting them in status updates or by uploading them through the Profile tab.

Profile

If you use any Google products and have a Google account, you have a Google Profile. Profiles are unknown to most of the Internet because, until now, it was relatively useless to anyone but Google.

Your Google Profile is now the hub of you Plus experience, the backbone that everything else is built upon. There are six tabs in your profile page - posts, about, photos, videos, +1s and Buzz.

A significant change to your profile page is that there is now a location where your +1s live. Until now, when you clicked +1 on content on the Web, nothing happened. The information was sent to Google and integrated into some type of esoteric search algorithm. Users can now see what people have +1ed through their Google Profile. Unlike the Facebook share/like/recommend buttons, it does not go straight into your stream but rather to the profile page.

Sparks and Hangouts

Hangouts is a new feature rolled out with Plus. Essentially it is an area where your circles or a select group of friends can video chat all on one screen. To start a Hangout, go to the "Welcome" button in the home tab. It will prompt you to start a hangout and invite individuals or entire circles. Up to 10 people can be in a hangout at once and it will be seen in that circle or users' stream.

Sparks is the part of Plus where you can find content on the Web that you are interested in. In the "Field Trial" version of Plus, it looks like Sparks is a randomized version of content and news generated through Google News. Sparks can be a dashboard for things you are interested in on the Web. When you do a search in Sparks, it will predict what you are searching for with a drop down menu (like old Google search, not quite like Google Instant). You can pin particular topics you search for to the Sparks dashboard for quick access.

You can share articles found in Sparks with a share button on the bottom of every article that surfaces in a search. Like everything else in Plus, it can be shared with a specific person, circle, group of circles or the general public.

For more information, check the videos that Google made explaining Plus and all of its aspects --Circles, Hangouts and Sparks. 

See Also

• More Signs of Google Plus Games Coming Soon: How Will G+ Gaming Differ From Facebook?
• Google Plus Best Practices: Trey Ratcliff, Artist
• Google Plus is Eating Startups
• Is Google Plus Causing Facebook & Twitter Usage to Decline?
• How to Add Google Plus Search for Profiles and Posts to Chrome

How to install wireshark 1.6.1 using ubuntu PPA

http://www.ubuntugeek.com/how-to-install-wireshark-1-6-1-using-ubuntu-ppa.html

 | Ubuntu Geek

July 24, 2011 · General

Wireshark is the world's foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.

Features

Wireshark has a rich feature set which includes the following:

Deep inspection of hundreds of protocols, with more being added all the time
Live capture and offline analysis
Standard three-pane packet browser
Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
The most powerful display filters in the industry
Rich VoIP analysis
Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and many others
Capture files compressed with gzip can be decompressed on the fly
Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
Coloring rules can be applied to the packet list for quick, intuitive analysis
Output can be exported to XML, PostScript®, CSV, or plain text

Install wireshark 1.6.1 using ubuntu PPA

Open the terminal and run the following commands

sudo add-apt-repository ppa:n-muench/programs-ppa

sudo apt-get update

sudo apt-get install wireshark

With space shuttle era over, U.S. robot set for Mars

http://www.reuters.com/article/2011/07/22/us-space-idUSTRE76L5FK20110722

 | Reuters

(Reuters) - NASA moved on to a new chapter in space exploration on Friday, a day after the end of its shuttle program, by announcing details of plans to determine if Mars has or ever had the ingredients for life.

Managers at the U.S. space agency said a robotic science laboratory, being prepared for a November 25 launch, will land in August 2012 near a mountain in a crater on the planet most like Earth in the solar system.

The announcement came after the final curtain fell on NASA's 30-year-old space shuttle program with Thursday's landing of shuttle Atlantis at the Kennedy Space Center.

A detailed blueprint of NASA's follow-on space exploration strategy is still pending and many Americans fear the demise of the shuttle program means the United States is relinquishing its leadership in space.

But U.S. President Barack Obama has said the objective is to build new spaceships that can travel beyond the shuttle's near-Earth orbit and eventually send astronauts to asteroids, Mars and other destinations in deep space.

At a Cape Canaveral briefing next Wednesday, NASA officials will discuss preparations for the agency's upcoming Juno mission to Jupiter. The unmanned spacecraft, set for launch in August, is expected to reach Jupiter's orbit in July 2016 and should further understanding of the solar system's beginnings by revealing the origin and evolution of its largest planet.

"A lot of attention has been given to the event that concluded yesterday with the landing of the space shuttle, marking really the turning of the page to a new chapter in human exploration of space," said NASA chief scientist Waleed Abdalati.

"Things change, things evolve, but what remains constant is the urge to explore, to reach out beyond where we are and understand our surroundings and our place in it," Abdalati said at the National Air and Space Museum in Washington, D.C., where the landing site for the Mars Science Laboratory was announced.

NASA plans to turn over its three space shuttles to museums and regroup for development of the new manned exploration program. This will be aimed at the inner solar system, which so far has only been explored by robots, albeit increasingly more capable ones.

Among the most sophisticated probes in the offing is the plutonium-powered roving Mars Science Lab, nicknamed Curiosity, which is being prepared for launch in November.

Twice as long and five times heavier than previous Mars rovers, Curiosity packs 10 science instruments, including two for on-site chemical analysis of pulverized rock. With it, scientists hope to learn if Mars has or ever had the organics necessary for life -- at least life as it appears on Earth.

"STUNNING" ROCK MOUNTAIN

Scientists spent five years mulling 60 possible landing sites before narrowing the list to four: Eberwalde Crater, Mawrth Vallis, Holden Crater and -- the winner -- Gale Crater, which sports a stunning three-mile-(5 km-)high mountain of rocks rising from the crater floor. That's about twice the height of the stack of rocks exposed in the Grand Canyon.

Analysis from Mars-orbiting spacecraft shows the base of Gale Crater's mountain includes both clays and sulfate salts, the only site among the four finalists with both types of materials available.

"Those are key classes of minerals that tell us about the environment on Mars and the interaction with water. Water is critical to habitability," said geologist Dawn Sumner, with the University of California at Davis.

Scientists do not know how the mountain formed, but it may be the eroded remnant of sediment that once completely filled the crater.

"If you start at the bottom and you go to the top, it's like reading a novel and we think that Gale Crater is going to be a great novel," said lead mission scientist John Grotzinger, with the California Institute of Technology in Pasadena.

Though Curiosity's mission is scheduled to last two years, scientists hope the rover will live past its warranty.

One of a pair of Mars rovers that arrived for concurrent three-month surveys in January 2004 is still working. Its twin succumbed to the harsh Martian environment only last year. They returned evidence that Mars was once far wetter and warmer than the dry, cold desert that exists today.

"Gale Crater is interesting to explore because it crosses what we think is a major time boundary on Mars recorded in its mineral history," said Brown University geologist Jack Mustard.

"That boundary marks a change from an early wet, hospitable environment that would have been suitable for life to a middle period where conditions may have become more hostile. We believe that at Gale Crater, we have located that boundary where life may have sprung up and where it may have been extinguished. That's why we're going there," he added.

Kennedy Space Center is overseeing preparations for Curiosity's launch from Cape Canaveral Air Force Station, which is adjacent to the space shuttle's now-dormant launch pads.

(Editing by Tom Brown and Todd Eastham)

Learning about Exposure – The Exposure Triangle

http://www.digital-photography-school.com/learning-exposure-in-digital-photography

The three elements are:

• written a post on ISO  – the measure of a digital camera sensor's sensitivity to light
• Aperture – the size of the opening in the lens when a picture is taken
• Shutter Speed – the amount of time that the shutter is open

It is at the intersection of these three elements that an image's exposure is worked out.

Most importantly – a change in one of the elements will impact the others. This means that you can never really isolate just one of the elements alone but always need to have the others in the back of your mind.

Read more: http://www.digital-photography-school.com/learning-exposure-in-digital-photography#ixzz1SrKF5o00