Tag Archive for CSCO

| May 1, 2016
Comments Off on How Much Cash Do Tech Firms Stash Overseas

How Much Cash Do Tech Firms Stash Overseas

How Much Cash Do Tech Firms Stash OverseasA new report (PDF) from charity Oxfam says American companies stash a significant part of their cash overseas to take advantage of more favorable tax laws in other countries. They claim that tech companies take particular advantage of this practice, also known as “tax havens.” Oxfam which is crusading to get the U.S. government to crack down on this practice says tax havens costs the United States more than $100 billion a year in lost tax revenue.

Tech firms are hoarding nearly $500 Billion overseasThe Business Insider brought us this Statista chart, based on the Oxfam report. Tech firms are hoarding nearly $500 Billion in cash overseas. The chart shows how much money major US tech companies have stashed overseas, and how many subsidiaries they have set up in countries that Oxfam defines as tax havens, “which can be characterized by secrecy, low- or zero-tax rates, and the almost complete lack of disclosure of any relevant business information.

U.S. tech firms with most cash held overseas

While tech is the most prominent sector on Oxfam’s list, the article claims tech is not alone — large companies in other sectors like General Electric ($119 billion), Pfizer ($74 billion), Merck ($60 billion), and Exxon Mobile ($51 billion) also have lots of cash stashed overseas.

There’s nothing illegal about this practice. But Oxfam believes it contributes to income inequality. They are urging U.S. lawmakers to make it harder for companies to use international tax laws to their advantage in this way.

money stashed overseasOverseas tax havens have been the focus of recent revelations about tax scams by wealthy people, based on the leak of the “Panama Papers,” documents from a single Panama-based law firm, Mossack Fonseca, involving 214,000 offshore shell companies. The firm’s clients included 29 billionaires and 140 top politicians worldwide, among them a dozen heads of government.

rb-

This list looks a lot like the one for the top lobbying spender firms. I wrote about the tech titans lobbying efforts just a couple of weeks ago here.

RankFirmCash $ held off shoreLobbying rankLobbying $ spending
1Apple181.1B104.5M
2Microsoft108.3B78.5M
3IBM61.4B114.6M
4Cisco52.7B142.7M
5Alphabet/Google47.4B116.6M
6HP42.9B
7Oracle38.0B134.5M
Related articles
  • Obama urges Congress to take action on corporate tax reform (bnn.ca)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , ,
| April 18, 2016
Comments Off on Schools Face RansomWare Risk

Schools Face RansomWare Risk

More than 2,000 machines at K12 schools are infected with a backdoor in unpatched versions of JBoss that could be used at any moment to install ransomware such as Samsam. TargetTech defines ransomware as malware designed for data kidnapping, an exploit in which the attacker encrypts the victim’s data and demands payment in Bitcoins for the decryption key.

JBossRansomware has typically been spread through drive-by downloads or spam emails with malicious attachments. One of the latest victims of Samsam was MedStar Health, a not-for-profit organization that runs 10 hospitals in the Washington, D.C., area.

PCWorld reports that the Cisco (CSCO) Talos threat-intelligence organization, announced that roughly 3.2 million machines worldwide are at risk. The article says that many of those already infected run Follett’s Destiny library-management software, used by K12 schools worldwide. According to Cisco, Follett responded quickly to the vulnerability,” Follett identified the issue and immediately took actions to address and close the vulnerability”.

BitcoinIn a presser, Follett offers patches for systems running version 9.0 to 13.5 of its software and says it will help remove any backdoors. The author states that Follett technical support staff will reach out to customers found to have suspicious files on their systems. Follett even offers SNORT detection rules on the presser page.

Snort is a highly regarded open-source, freeware network monitoring tool that detects attack methods, including denial of service, buffer overflow, CGI attacks, stealth port scans, and SMB probes. When suspicious behavior is detected, Snort sends a real-time alert to Syslog, a separate ‘alerts’ file, or to a pop-up window.

JBoss the vulnerable underlying system is described as an open-source Red Hat product that serves as an application server written in Java that can host business components developed in Java. Essentially, JBOSS is an open source implementation of J2EE that relies on the Enterprise JavaBeans specification for functionality.

PCWorld reports that compromised JBoss servers typically contain more than one Web shell. Talos advises that it is important to check the contents of a server’s jobs status page. “This implies that many of these systems have been compromised several times by different actors,” the company said.

BackupWeb shells are scripts that indicate an attacker has already compromised a server and can remotely control it. The list of those associated with this exploit is listed in Talos’s blog post.

Companies that find a Web shell installed should begin by removing external access to the server, Talos said in the article. The security firm recommends quick action.

Ideally, you would also re-image the system and install updated versions of the software … If for some reason you are unable to rebuild completely, the next best option would be to restore from a backup prior to the compromise and then upgrade the server to a non-vulnerable version before returning it to production.

rb-

I have worked with a number of customers on their library automation projects. The cost of these systems is as usual in the data. There is a great deal of time and effort that goes into creating the proper MARC records, especially for books that are out of print and kiddie books. If these files get locked up by ransomware, the system is useless and expensive to replace.

K12 schools are notoriously cheap, but the advice is the same as always,

  1. Keep your software UP TO DATE
  2. Use a real virus scanner on your servers and administrative stations
  3. Back-Up – Back-Up – Back-Up – With a good backup, you can just blow the machine away, re-install and restore the data. and be back in business.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| April 16, 2016
Comments Off on Hey Lobbying Tech Spender

Hey Lobbying Tech Spender

-Update 04-26-2016- As if to prove my point, Democratic Presidential candidate Bernie Sanders just named Verizon one of America’s Top Ten Tax Avoiders. VZ has a corporate tax rate of -2% for the last 6 years according to the post. Verizon has the #4 lobbying spender.

Hey Lobbying Tech SpenderJust in time for the U.S. tax deadline, the Business Insider has a report which details the amount of money the tech titans spent on bribing lobbying the politicians in DC. Thanks to one of the small bits of transparency in the gooberment, the U.S. House of Representatives requires companies to file government lobbying records. You can search their disclosures here at the Office of the Clerk of the House. (rb- Use this while you can, it’s likely to be shut down at any time by politicians with things to hide.)

Amazon was the most aggressive tech lobbyist in 2015The most aggressive tech spender on lobbying in 2015 was Amazon (AMZN) according to research by Consumer Watchdog. The company spent $9.07 million (a company record) on lobbying in 2015, an incredible 91.4% surge from its 2014 spend dedicated to influencing federal regulations last year according to BI.

Amazon lobbied Washington about

tech firms spent over $122M lobbying Washington politiciansDespite Amazon’s aggressive lobbying, Google (GOOG) topped the list of tech companies for the second year in a row. Google spent $16.6 million in 2015 vs $16.83 million in 2014. The biggest spending tech firms spent over $122M lobbying Washington politicians.

How the tech titans spent their money

  1. Google: $16.6 million in 2015 vs $16.83M in 2014.
  2. Comcast (CMCSA): $15.63 million vs $16.8M in 2014
  3. AT&T (T): $14.86 million, up from $14.56M in 2014
  4. Verizon (VZ): $11.43 million, up 1.9% from $11.22M in 2014.
  5. Facebook (FB): $9.85 million from $9.34M in 2014, a company record.
  6. Amazon (AMZB): $9.07 million up 91.4% from 2014 .
  7. Microsoft (MSFT): $8.49 million vs $8.33M in 2014.
  8. Time Warner Cable (TWC): $6.8 million in 2015, down 13.2% from 2014.
  9. T-Mobile (TMUS) $6.14 million, up 1.7% from 2014.
  10. Apple (AAPL): $4.48 million in 2015 compared to $4.11M in 2014.
  11. IBM (IBM): $4.63 million, a 6.5% decrease from $4.9M in 2014.
  12. Intel (INTC): $4.55 million in 2015, up 19.7% from $3.80M in 2014.
  13. Oracle (ORCL): $4.46 million in 2015, down 23.5% from $5.83M in 2014.
  14. Cisco (CSCO): $2.69 million compared to $2.35M in 2014.
  15. Yahoo (YHOO): $2.84 million in 2015 vs $2.94M in 2014.

Tech titans with boxes of meney for politicansBI reminds us that these may seem like big numbers, they’re a tiny part of these companies’ overall expenditures — in the third quarter of 2015, Google spent $3.47 billion on traffic acquisition costs (such as the price of its deal to stay the default search on Apple’s iPhone), and another $6.93 billion on other operating expenses.

rb-

I haven’t written about the tech’s industry lobbying efforts since 2010. Many of the names have remained the same, ATT, Verizon, Google, IBM, Yahoo, and Intel have been bribing lobbying the gooberment for a very long time.

However, just 5 years ago, Apple and Facebook were barely in the lobbying racket.  In 2015, they both ranked at the top in lobbying spending.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , ,
| February 9, 2016
Comments Off on Trivial Taxes for Tech Titans

Trivial Taxes for Tech Titans

Trivial Taxes for Tech TitansJust in time for the start of the U.S. tax season, reports have surfaced that should piss off most tax-paying Americans. The Business Insider is reporting that most of the American tech giants, like Apple, Google and Microsoft are not paying their share of taxes.

the effective tax rate paid by US tech titans is well below the average rate paid by the 100 biggest S&P companies

The U.S. corporate tax rate is about 35%, but according to an analysis by financial research website WalletHub and charted by Statista, the effective tax rate paid by U.S. tech companies, like Apple (AAPL), Microsoft (MSFT), and Google (GOOG), was well below the 28.6% average rate paid by the 100 biggest S&P companies.

Facebook (FB) was the exception with an effective tax rate of 41%, but the social networking company has paid a higher rate in past years and recouped some of the money in tax deductions, according to Quartz.

Infographic: How Much U.S. Tech Companies Pay in Taxes | Statista

One way these tech giants are lowering their tax bills is by stashing most of their profits overseas, where lower international tax rates apply. Despite claims by Apple CEO Tim Cook, that Apple pays all of its taxes, Apple, for example, keeps most of its cash offshore, and openly says it’s keeping it overseas to avoid their U.S. corporate tax bills.

Tax dodgerThe New York Times recently reported that Apple made a deal with Italian tax authorities over a dispute about how much tax the iPad maker should have paid Italy. A spokesman for Italy’s tax authority declined to comment to the NYT on the amount of owed taxes but the BBC reports that the figure is €318m ($348m).

The investigation found that since 2013, Apple had moved roughly $1.1 billion in revenue from its Italian operations through an Irish subsidiary to lower the taxes that the company was obliged to pay under the 27.5% corporate income tax rate in Italy.

The NYT says Ireland’s corporate tax rate, at 12.5%, is one of the lowest in the Western world, compared with 35%, before deductions, in the United States. Of course, Irish officials deny that the low-tax structure represents unfair competition.

rb-

The Tech Titans have long lusted after a tax cut. I cover the 2011 meeting where Tech giants Facebook, Mark Zuckerberg, Apple, Steve Jobs, Yahoo, Cisco (CSCO), Twitter (TWTR), Oracle (ORCL), Netflix, Google, and venture capitalists lobbied Obama for a tax cut on $1 trillion of profits they’ve stashed overseas.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , ,
| December 7, 2015
Comments Off on Let’s Encrypt Lives

Let’s Encrypt Lives

Let's Encrypt LivesLet’s Encrypt, an initiative to set up a free certificate authority (CA) on the Intertubes has entered its public beta phase. All major browser makers including Google Chrome, Mozilla Firefox, and Microsoft Internet Explorer trust Let’s Encrypt certificates. In their announcement Josh Aas, the executive director of California based Internet Security Research Group (ISRG), which runs the Let’s Encrypt service, wrote:

We’re happy to announce that Let’s Encrypt has entered Public Beta. Invitations are no longer needed in order to get free certificates from Let’s Encrypt … We want to see HTTPS become the default. Let’s Encrypt was built to enable that by making it as easy as possible to get and manage certificates.

Encryption to protect communications

Lets Encrypt logoLet’s Encrypt is overseen by folks from Mozilla, Akamai (AKAM), Cisco (CSCO), Stanford Law School, CoreOS, the EFF, and others. Let’s Encrypt was first announced in 2014, (rb- Which I covered here). motivated by a desire to steer organizations towards the use of encryption to protect their communications. A key part of the strategy is offering free digital certificates, which is a radical departure from the very hefty premiums that certificate authorities typically charge.

The Register reports that the free cert is no freebie weakling. Lets Encrypt uses a 2048-bit RSA TLS 1.2 certificate with a SHA-256 signature installed and the server configured to use it. The cert gets an A from Qualys SSL Labs.

Let’s Encrypt to offer free SSL/TLS certs

Secure Socket Layer/Transport Layer Security certificatesLet’s Encrypt plans to distribute free SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates, which encrypt data passed between a website and users. The use of SSL/TLS is signified in most browsers by “HTTPS” and a padlock appearing in the URL bar. Unencrypted web traffic poses a security risk. For example, an attacker could collect the web traffic of someone using a public Wi-Fi hotspot, potentially revealing sensitive data.

Besides securing your information going across the Internet from spies and thieves, FierceSecurityIT says another key aspect of Let’s Encrypt is to make it easy to generate and install new digital certificates. The Let’s Encrypt CA uses an open source “automated issuance and renewal protocol” that allows for certificates to be renewed without manual intervention.

automated issuance and renewalThe automated issuance and renewal protocol prevents oversights resulting in certificates for live websites expiring, a situation that does happen from time to time. FierceSecurityIT says that short-term certificates also offer better security by reducing exposure in the event that the private keys are stolen.

rb-

Major technology companies including Google, Yahoo and Facebook have made a strong push for broader use of encryption in light of government surveillance programs and burgeoning cyber-crime.

The point of Let’s Encrypt is that anyone who owns a domain name can use Let’s Encrypt to get a trusted certificate at no cost. This will help HTTPS become the default. This is a big step forward in terms of security and privacy.

Instructions for getting a certificate with the Let’s Encrypt client can be found here.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
« Older Entries   Recent Entries »