Category Archives: Advice & Tips

Amazon & Repricer Express 1p Sales

Repricer Express sets Amazon products to sell at just 1p, way below cost price.

Repricer Express sets Amazon products to sell at just 1p, way below cost price.

Following the recent problems with Amazon & Repricer Express (http://www.bbc.co.uk/news/uk-northern-ireland-foyle-west-30475542), there’s a valuable lesson to be learned about the importance of properly designing and testing software, which in itself derives from proper requirements capture at the start of the exercise. These are lessons for Amazon and/or Repricer Express to learn (although with their combined resources they should already know better), just like anyone else who is commissioning bespoke software development (or customisation) for their business.

In this instance the enforced use of a simple stop-loss minimum price setting in the software would have stopped the problem ever occurring, and it would not have been hard to design in. An image on the Repricer Express website suggests that the facility already exists.

Repricer Express Software Configuration Options

Repricer Express Software Configuration Options

There’s a secondary lesson to learn for any business that’s planning on signing up to use someone else’s software of course, and that’s to understand your business requirements and make sure they’re met by it before you sign up. In this instance a simple requirement would have been “Don’t sell product at less than cost price” and then set things up accordingly.

If your business requirements are not met in third part software, then look for ways to mitigate possible damage. This could be contractual, or (as in this instance) simply moving fulfilment to be handled elsewhere (with a sanity check in between) would perhaps have solved the problem. And if the software you plan to use does have the facility to do what you need, make sure you take the time and trouble to configure it properly.

Unfortunately it looks as though many small businesses will be paying the ultimate price for these failures.

LinkedIn Email Addresses Revealed via SellHack

Millions of LinkedIn email addresses compromised via free SellHack plugin for Chrome browser

Millions of LinkedIn email addresses compromised via free SellHack plugin for Chrome browser

It seems that LinkedIn has suffered yet another security breach, this time courtesy of a free extension to the Chrome browser that reveals the email addresses behind LinkedIn profiles with a simple button click, even when not connected.

The powerful LinkedIn has issued a Cease & Desist notice to try and stop the much smaller SellHack company from giving away the extension. As is often the case the larger company, with the disproportionately bigger legal budget, will probably win the day. Indeed, SellHack has already disabled the plugin.

Certainly we don’t condone SellHack’s actions in making it so simple to access confidential LinkedIn data that even a 2 year old with an Android tablet could do it. That’s obviously wrong. However simply making something harder to do doesn’t make it secure: LinkedIn please take note.

To my mind then the real problem here is that LinkedIn has some major security flaws in its system as we revealed just 3 weeks ago. I personally think LinkedIn would do better to attend to its evident security problems, rather than pick on those who expose them (regardless of how inappropriate that method of exposure may be). I’m beginning to wonder what LinkedIn security vulnerability will be revealed next: Sweepstake anyone?

One lesson here is of course never to trust any system that views you as a content-generating commodity item, and to ensure that you use a disposable email address to communicate with it.

Change Your Passwords Regularly

IT Security - change your passwords regularly

IT Security: Change Your Password Regularly

Information has come to light suggesting that LinkedIn may have been compromised in December 2013 with the resultant loss of around 2,500 passwords. The criminals that infiltrated LinkedIn are only just getting around to using those passwords now, 3 months later, suggesting that it was a speculative or opportunist thief who took a while to find a buyer, rather than targeted to order with an immediate customer or purpose in mind.

2,500 may not sound like a lot compared with the millions of users on LinkedIn, but if it’s your professional profile that’s affected then it’s a big problem for you. Imagine losing most of your professional contacts, or the recommendations (not those worthless endorsements) that people have written for you. LinkedIn are not helpfully and selectively restoring information that has been deleted from those affected.

Perhaps worse, imagine being locked out of your LinkedIn account, unable to get back in, with somebody else masquerading as you… perhaps abusing your timeline, creating content you’d rather not see on it, stealing email addresses for your contacts… while your professional contacts think it’s you, and you can only watch on powerless.

It’s not yet clear precisely where the vulnerability in LinkedIn was. Maybe it was connected with their Q&A user forum, or perhaps something to do with new premium account signups. LinkedIn aren’t saying, although they are working to address the problem.

The message is clear enough though: change your passwords regularly. That way if your password is stolen without your knowledge, but not used for a while, it will hopefully be useless to the thieves when they come to try it.

And if you ever see an email suggesting that something odd is happening in or with your account, on any system, act quickly. Do not click a link in the email though (it may be a phishing scam or virus) but open up a browser, type in the URL manually, log in, and change your password.

For most people it’ll take less than 15 minutes to change all your passwords on LinkedIn, Facebook, Twitter etc. So why not make that investment of time now rather that risk seeing your professional presence compromised, and then waste days picking up the pieces.

The same goes for any other systems you access online too, not least your bank (although they’re generally a lot more secure to begin with).

Change your passwords today.