We received a frantic phone call from a client on Wednesday. We had done a site review as a favor a while back and they've been friends of the company for a very long time. The conversation went something like this:

Client: Our web store has been hacked! McAfee Site Advisor says we have malware, spyware, and viruses on our site!

Me: Really? That doesn't seem possible since you've got a Yahoo Store. And you've got the HackerSafe service checking your server every day. It hasn't complained, has it?

Client: No, but our sales have dropped to nothing today. And the warning from McAfee wasn't on our site yesterday.

Have You Been Hacked?

My first thought was "Uh oh, they've been hacked. I hope they have good backups." Then it dawned on me -- McAfee site advisor would be showing their warning on the search engine listing, not on the actual store site. Since we don't have that installed anywhere around here, I had the client email me some screen shots so I could see what was going on

Here's a Google search for Marie Sharp's Hot Sauce, a fairly popular product. The top three results in the product search have a yellow circle with an explanation point to signify a warning for those sites. That's mighty odd that both the client and their competitors results would show a warning. But it gets worse. Clicking on that warning icon shows this bad news:

Who are These People?

Our client explained to me that they had never heard of any of the users that supposedly were reviewing their site. I know they kill themselves over customer service, so the horror stories being told in the McAfee Site Advisor reviews just didn't make sense. I also happen to know that they don't spam, and I was very doubtful that they had been hacked and were distributing malware, spyware, or viruses.

So I clicked on the competitor's link. The same results. Not a different set of bad stories, but the exact results for the competitor as the client. Then the lightbulb went off. McAfee had made a mistake of monumental proportions.

McAfee had rated all of YAHOO.NET as dangerous.

Supreme Incompetence

Yahoo Stores can be hosted on a subdomain of yahoo.net. Their url looks like storename.stores.yahoo.net. I've heard there are over 100K stores using the Yahoo service. It's a lot of stores. And McAfee had taken a few complaints from a couple of specific stores and applied them to every store in the Yahoo store system. A quick google site search on a product category proved my hypothesis:

Yep, 31,000 results for a site search on cameras in the yahoo store system and McAfee marked every single one of them with a warning.

The level of apparent incompetence and recklessness on the part of McAfee is hard to believe. They are wrongly telling their users that these sites are dangerous, when it is completely untrue. The warning shows up right next to the Google result for that store. If you read the fine print you can see that they're talking about yahoo.net, but frankly most potential customers don't read the fine print. It's been 2 days now and our client has seen a dramatic drop off in sales. They're really being hurt by this.

It's the Little Guy That Gets Hurt

The client has contacted Yahoo support, who says they're working on it. The behavior started Tuesday afternoon after the earthquake, so perhaps that's related to it. I can imagine a situation where they rebooted some servers and forgot to apply a patch and now they're giving out wrong information. But frankly, this sure looks like libel by software. They're accusing people in a very public way of being spammers and distributors of malware and adware. And they're wrongly attributing customer complaints to that company.

Interestingly enough, the McAfee Site Advisor software only modified the google search results. Yahoo has a partnership with them to render the results from Yahoo instead of in the browser, and not surprisingly Yahoo isn't telling people that Yahoo.net is a supplier of malware and adware, run by spammers. So it's only killing 80% of the Yahoo Store's business since most of their search traffic comes from Google.

McAfee needs to fix this mistake, and fast. Otherwise they might find themselves with a pretty hefty legal liability from a lot of Yahoo store owners. And Yahoo needs to wake up and push McAfee to do it, because this is impacting the percentage they get from their Yahoo stores.

I heard a story from a friend the other day that I've seen played out on the Internet dozens of times. A blogger who writes about restaurants wrote a post that was critical of the restaurant.

The restaurant owner's lawyer sent a cease and desist letter, claiming libel. In this case the blogger just folded and took down the post, but put up a copy of the lawyer letter with the offending lines redacted.

So the restaurant gets an article in the SERPs below the fold that indicates somebody was really unhappy, but they don't know why. That would be enough to keep me away...

Follow the Rules of Business

The restaurant owner, in this case, completely blew it. They violated several important rules of business:

• Never Take Business Advice From Your Lawyer. Your lawyer knows absolutely nothing about how to run a business. They went to law school and work in a law firm. That's about as far away from the business world as you can get. If you need advice on how to overcharge clients for working more hours than are in a day, then perhaps your lawyer is where to go. But for a PR situation, a lawyer is exactly the wrong person to call. The lawyer doesn't get to bill your hundreds of hours if you decide to just ignore something. Your lawyer wants you to outspend the other side with a big lawsuit. In the end, the only people that ever come out ahead in these situations are the lawyers. If you're fortunate enough to find a great lawyer like we have that understands the needs of a business, then you're fortunate. But most businesses are not, and they tend to defer to them.
• Make Love Not War. An angry customer is an opportunity, not a call to war. Some of your most fiercely loyal customers will be those people that started out with a complaint that you made right. Yes, there are some customers that are complete jerks that you just can't make happy, but you should at least give every customer a few chances.
• It Never Pays to Threaten Someone with a Megaphone. In this case the blogger just had a small following. But the lawyer didn't know that. It could have just as easily been a blogger with 40K+ subscribers. That simple cease and desist letter could have been plastered everywhere across the internet. As it is, the blog post is now below the fold when you Google for the restaurant's name. But if they had gotten someone who knew a little about SEO angry at them they could have ended up with a negative blog post outranking their city search listing (they don't have a site of their own).

A Better and Less Expensive Outcome

So this restaurant owner, who probably doesn't understand anything about Web 2.0 or that whole intarweb thing, probably spent $300 to have a big name law firm bully a blogger into taking down a negative post. Worse yet, the lawyer probably found the post by "policing their trademark". That's when you pay your lawyer $300/hour to Google your company name and send nastygrams to anyone that dares talk about you in a negative light. My guess is they lost several hundred customers because this guy has a pretty good local following.

Here's how it could have been done differently in a Web 2.0 approach. Instead of launching the sharks at the blogger, the restaurant owner could have engaged his customer and called or emailed him and said "I see that we didn't live up to your expectations. How about giving us another try, lunch is on us?" At the very least the blogger would now have a real human face to associate with the restaurant rather than an institution. He might very well have written another post along the lines of "Well, this food isn't my cup of tea, but the owners sure are nice people and a lot of people like this restaurant." Or better yet, the blogger might have had some valid criticisms that the restaurant could have addressed. That could easily have turned things around and they might have gotten good PR out of the situation. Instead of alienating several hundred people, they might have gained many new customers.

Whatever he did, using the lawyers wasn't the right move. It would have been much less expensive and effective to go comment on the blog and tell their own side of the story. They probably could have found a few dozen customers that would have done the same thing. If the blogger wouldn't move, the story could have become about how the blogger totally missed the point. Instead of a negative, they could have generated a big buzz for themselves.

Old and Busted or New Hotness

Their way cost them $300 lawyers fees and probably thousands in lost revenue. It's a very 1980s approach to business. It's like having your secretary print out your email so you can read it. The Web 2.0 way would have cost about $10 for the free lunch, and might have gained them several thousand in revenue from new customers.

Is your customer retention strategy Old and Busted or New Hotness? Your choice.

Wow, that may be the most specific post title I have ever written.  But I want to capitalize on the extreme amount of google love we're getting lately to save someone else a LOT of time.

We're doing a beta of our Social Suite and it depends on iOpus's most excellent iMacro for FireFox.  Except that they released a new version (6.0.4.1) which killed our software.  Thanks guys.

So, how simple could this be: we just needed the previous version (6.0.3.9). 

Which is NOT on their website.  Nor is it mentioned in their otherwise comprehensive wiki. And when you try to search google for it, well, good luck with that. 

So, it turns out that previous versions of iMacro for FireFox are kept on the FireFox/Mozilla website.  Go here to get version 6.0.3.9 and earlier versions of iMacro for FireFox.

You know what else I know now?  There is (often) a "see all versions" button at the bottom of the addon for FireFox that gets you to the same place. 

Our Digg Genesis

We started off reading and "digging" stories from our favorite RSS feeds and quickly moved to posting some of our own writing. "Uh oh," you say, "bad blogger."

No, not really. For three reasons:

• It's not against the TOS at digg
• As our readers will know, we don't have a spam blog in any way
• It had it's own punishment in terms of public yawning at our posts

Because we are very interesting writers (*cough*) but not to the digg crowd and certainly not on every post. Our first 40 postings averaged 3 diggs each. I swear, you could scan your BK receipt, post it to "offbeat" and get more diggs than that.

But, not being totally oblivious, I started reading some articles on how all this stuff worked (or how people thought it worked!) and our average over the next 10 stories doubled to 6 diggs/story. Whoo, hoo, if we were a startup we'd have been worth $1B by then!

After a bit more attention over the next 10 stories we bumped our average to 24 diggs/story. From there our average over the next 15 stories went to 45 diggs/story.

Any my last story finally got "popular" and got 700+ diggs by this article.

Now, lest you assume I was spending my entire life on this, well, uh, no. I did around 70 stories over 7 months, or a couple per week. I was spending a lot more time digging (2,000+) stuff. A lot of that was shouts but a lot more was stuff I found by looking for people submitting stories with keywords I cared about.

So, to summarize, rocky start but a good strong finishing position, pretty good citizen. Maybe I give myself a B+, which would make Digg better than High School, in retrospect.

The Landmine Tripped

Not by anything I did outside the TOS, nor by a flame war, and not even by some self proclaimed Digg guardian. Nope, some sockpuppet knocked our blog out of bounds for Digg.

I posted a digg (Best. Digg. Shout. Ever.) about an absurd shout I got from a user called SteJules. I won't go into details but he'd been a Digg member for 31 days and had over 10K diggs and had a 20% hot rate. The shout was 800+ words and was priceless. It just begged for digging and though I was careful not to be ad hominem about it, I figured since he'd sent it to around a thousand people, I posted it. And it got 100+ votes in two days.

And it got our site banned by SteJules and his friends. Which is a long and boring story, but they did it on purpose by going back through posts from months before and burying them as spam. Nice.

Banning is Forever

Which is when I discovered that there is NO appeals process. You know how blogger will lock you out or require a captchya to post? Annoying but after a few days it usually gets put right. Google gives you a penalty, you can fix that in a few weeks. But no such process exists at Digg. (I actually have friends who know the guys what run Digg but you don't call in favors for stuff like that. Which makes it worse, actually.)

Being Innocent is No Protection

Oh, you say, you don't submit your own site and other people only do it sometimes. Well, what if someone creates a user, says that their home page is your domain, and starts, once a day, submitting your stories. After a few weeks they get their friends to swarm them and mark them as spam.

Bye-bye.

Diversify

Look, our business model does not require that we get traffic from Digg, but if it did, we'd be toast. We'll, we'd be toast unless we wanted to change our domain name, 301 redirect hundreds of pages, etc. And even then the "breathing space" only last until some other sock puppet bully gets you banned. So diversify into other social media sites. There are a lot of them, and if you read the articles under our "niche social media" tag you'll get a flavor for what is out there. In the meantime, while being a model citizen is smart, it certainly won't protect you.

Well, not wrong in the sense that they are writing silly stuff (lord knows there is plenty of that in the SEO blogosphere!) but that they get the wrong end of the handle, as it were.

Article the first: Real People Don't Have Time For Social Media.

B: The Decline and Fall of Tech on Digg.

Go read them both as they are frightfully well written and insightful, but ultimately not to the point I'd have made.

Here it is in a nutshell, though: People have to spend too much time on Digg and there is less tech news there.

Yes, yes, I know these articles aren't a pair, but they have a lot of similarities in their outlook on Digg/Social Media

Jumping to What?

 Ok, I think people often spend a lot of time "working" on things that don't have ROI. But even worse, they simply don't consider ROI or even measuring it. I might say they act in a tactical fasion with no linkage to a strategy.

Which brings me to the second part about Digg not being so tech friendly. I am not so sure this is true in the sense that it's permanent. We are in an election cycle and it's been quite a while since Steve Jobs came out of his hole, saw his shadow, and dropped a raft of fanboy flavored iPods on us.

But say it is so. So what? Does that mean that the tech readers aren't there anymore? Or that they are actually more interested or less?

Which brings me around to the "too much time" argument, which I still think is bad ROI focus and lack of testing.

So, while the articles are good, I would encourage people interested in social media to keep examining their overall strategies of readers, links, subscribers, etc, etc and not jump to any conclusions.

I am not a big fan of "top 10" lists because my teeny tiny dinosaur brain can only remember two or three of the points, which makes me feel like I'm treading water watching eveyone else evolve their way ashore and I've left my proto-feet behind somewhere. But someone recently sent me this ancient (1994 era) email that had Bonnie McElveen-Hunter's:

The Ten Commandments For Failure

• Thou Shalt Have Little Faith
• Thou Shalt Pick Thy Partners with Wanton Abandon
• Thou Shalt Make the Quick Buck
• Thou Shalt Have No Enthusiasm
• Thou Shalt Seek Easy Street
• Thou Shalt Do It Alone
• Thou Shalt Not Be Accountable
• Thou Shalt Have No Sense of Humor
• Thou Shalt Give Nothing Back
• Thou Shalt Believe Failure is Final

Wow, there is a lot in there, but let me divide this into three piles and then I'll pick the three that I need to remind myself to remember!

No Brainers for Business Success

I think that a few of these jump out at me as being really important and obvious:

• Thou Shalt Hav No Sense of Humor
• Thou Shalt Believe Failure is Final
• Thou Shalt Not Be Accountable
• Thou Shalt Do It Alone

Anyone out there who is overly serious, self-important, arrogant, and the Lone Ranger? You are so headed for a fall. I know guys like Steve Jobs like to be the famous front man, but it's not like he's actually designed or built or programmed anything that was famous. Sure, he makes decisions and micromanges and drives people to nervous breakdowns, wait, dang, don't work for him - it's a trap!

An Embarassment of Riches

But some of these are things that most startups have too much of, not a dearth:

• Thou Shalt Have Little Faith
• Thou Shalt Have No Enthusiasm
• Thou Shalt Make the Quick Buck

Have you ever seen a zombie startup that is running on denial, manic positivism and leaping from the last big thing to the next big thing? Uh, huh, you sure have and so have I. It's hard to write off your dream, but sometimes you just have to move on.

Remember these Three Rules for Success

I liked these a lot, not because I don't "know" it already, but because it's good to be reminded of important ideals in a new way:

• Thou Shalt Pick Thy Partners with Wanton Abandon
• Thou Shalt Give Nothing Back
• Thou Shalt Seek Easy Street

Now these, these are good.

When you're decideing on people to hire or companies to partner up with, take a deep breath, You've got to live with those people for a long time. Read our A Managers Hire A People article - it distills down 40 years of hiring experience in high tech.

And when things are going well you need to help someone else prime the pump. Take on an intern, pick an office charity, free your people up to do service work.

Finally, if what you're doing seems easy, well, you're probably about to step into an open manhole cover. Time to do some risk management!

At least. Which is a pretty good piece of pocket money. I suspect even Warren Buffet would slow down to pick that up.

I attribute this to SEO because even thought it was a change in business process coupled with good SEO that made it happen it could not have happened without SEO.

Fair warning to people looking for "advanced" techniques - they ain't here. But what I'm going to talk about is a LOT more valuable than a trick that may or may not work with Google next week or next year.

Best Ever YouMoz Article

Let's look at the real money quote that J Kelly Garrett put in his amazingly excellent SEO article at YouMoz. This piece of advice will serve you while you climb up the value chain from a specialist to a trusted business advisor:

I took the pile [of papers, documentation, etc], pushed it aside, and asked him [the business owner] to tell me about himself. This is a common technique of mine, whether it is a small business owner, or the Chairman of the Board for Burlington Northern Railroad.

He wasn't asking to hear about the guy's soccer team, he wanted to get the gestalt around the company. What is important about the environment, goals, challenges, employees, culture, customers, etc, etc, etc.

It's Not About the Technology

Really, it's not. Not even in SEO. I wasn't about the technology in OO programming. It wasn't about the technology in robotics. It wasn't about the technology during the dang moon shots either.

It's about how the technology serves the business and makes it more successful. Sometimes 'success' means one or more of:

• Improved profit
• Increased revenue
• Decreased risk
• Stronger resilience
• Faster new product introduction
• and on and on...

But if the technology isn't in service to the goals of the business then it will eventually fail.

The $2M Piece of Advice

I know exactly when I finally understood this. No kidding.

I left one job as a consultant making $55/hour doing NeXTStep programming (hey, that was LOT of money back then) and got another one making $75/hour. The had two slots to fill - lead programmer ($50/hour) and technology business advocate ($75/hour).

For some reason, don't know why, during the interview I was homing in on the business objectives of the billing audit system they were building. I kept asking about change management (people, not source!), about deployment, about disruption, etc, etc.

Next thing I knew I was walking about into the freezing flipping cold in Chicago holding onto a 50% raise. Bubba, you don't get too many of those.

If you work that out - 48 weeks a year, 40 hours a week, 40 work years in a lifetime - you find out that that change in focus gets you a $1,920,000 raise.

Actually, it's even more than that because you keep the advantage while you march up the food chain.

Back to The SEO Example

What really struck me about Garrett's example was that the business took the fairly traditional and predictable approach of getting some SEO guys to graft web and SEO onto a traditional "ring and pitch" business.

The SEO guys put together a campaign that generates 2,500 leads and it kills the guy because:

• ROI goes from "signup" to 2 years.
  
• "He is looking at ROIs that should apply to heavy machinery and commercial aircraft."
• Growth rate drops from 19% to 3% because of process issues:
• "growth rate has plummeted from 19% per year to 3% per year because he is in the office answering the phone all the time with close rates of 12% [down from 97%]"
  

Actually, there were a lot of issues, but those are the two killers. Look at what happened - his profits got pushed out a year from acquisition AND instead of looking at an yearly "takehome" increase of $67,032 he was seeing an increase of $10,584. That is an opportunity cost of over $55K!

You can go broke quickly making money that way.

Do the math

I'm just going to quote Garrett's point in toto because it sums up the whole problem so neatly:

SEO Firm Declares “Success.” The PPC campaign is bringing in over 2500 hits per month. Closing the sales is not really their job. They just need to work with the business owner to further tweak everything to bring in more hits. “Obviously” the copywriting needs work to further capture the ones that do get there, or there is something wrong with the business, or whatever...but we are getting people to the site. Just wait till the site starts to rank higher with the search engines!

Remember, the owner is now going broke pretty quickly, has sunk a fair bit of capital into the new venture AND is probably pretty much apoplectic. In fact, if he's like any dial-and-smile salesguy I know, physical and financial threats are probably in the offing.

What's the Solution?

I won't repeat the meat of the article but basically Garrett becomes and advisor and helps the owner re-engineer his business so that he goes back to ROI on close. But most importantly the business growth goes back up to the previous 19% and then all the way up to 28%.

So, back to the math - previous to the first campaign the owner was looking at a yearly "raise" of $67K based on growth. The slap-on-SEO campaign took him down to a $10K raise. The SEO+BPR campaign took him to a $98K yearly raise. Thus the title of this post because the SEO catalyzed a $31,752 additional raise.

I'd like to read a lot more articles like this, and I hope he keeps writing.

You know, when a tanker full of eggs hits a rail car of charcoal and they roll into the propane factory? You don't get omlettes for Lubbock, you just get a stinky mess.

Digg Is Not A Stinky Mess

Well, it's a fascinating mess, some sort of mixture of socialism run amuck and web bubble captitalism.

By socialism I mean that people profess to want to "do good" while gaming the system like mad, pretending money doesn't matter and not understanding the tragedy of the commons.

(Capitalists would profess to being efficient, game the system like mad, say money is just a score counter, and sell you a share in the commons. More for a share on the golf course side.)

In any case, it's a chaotic system with Ron Paul screeds fighting with lolcats for front page attention by 10M readers. You have ardent wikipedia like zealots burying anything sniffing of SEO or SPAM or just not-what-we-like. You even have an entire sub-industry of people selling tools and techniques and Amazonian Mechanical Turks to game the system.

I liked the grand Bazaar in Istanbul too.

So Digg Went Down. Again.

Surfing over to Digg in the morning is my personal equivalent of choosing the long supermarket checkout lane so I can finish The Enquirer. So what do I see first thing this morning:

No, you're down because your servers crashed like, well, like that egg truck earlier. It may well have been because your engineers made an excusable mistake - we've all been there. But I think it is because of bad management.

Hubris, Look It Up

Kevin Rose, who I admit bugs me, said in Amsterdam recently:

Moreover, the Digg-founder told me that the company is large enough now - 55 employees - for things to happen on their own. He used to panic when the servers crashed, now he has a team to take care of a crisis like that.

Kevin, dude, get a team that prevents crisis. Better yet, and I know this is going to sound strange to a 30 year old, hire some guys in their late 40's and early 50's who've run data centers and development teams bigger than your current company. Ask them to put some process in place.

I will quote your own words back at you:

Interviewer: So the first question that comes to everybody's mind is: how can you handle three start-ups at the same time?

Rose: "It's a matter of getting the right management in place".

Ok, so you've clearly got the wrong management in place. Not because your system went down (though that really shouldn't happen) but because it happens often enough that nobody was surprised.

Moving Forward

I dunno what to say. I've heard the same rumors as everyone else - "Digg for sale at $200M" or "$400M Buyout of Digg Rumored."

I will say that if I were giving Kevin some advice I'd tell him to pick one company and pay 100% attention to it. I'd pick Digg over Pownce or MyBlogLog or whatever else he's got going on.

And if he didn't listen I'd pick up the phone and start calling friends who had tens (or hundreds) of millions in stock from Webvan, Pets.com, Scient, etc, etc.

I've given Cari.net a hard time about giving almost good customer service and TracFone for looking like they just don't care about their image. So here is an example of an excellent proactive response to a potentially serious problem. We use Redbox (automated DVD vending jukebox) a lot for kid and probably-do-not-want-to-own (ex: I am Legend) films. It's not perfect, and their online rental interface could certainly use a tuneup, but it's a buck a night and that saves me three bucks a movie for new releases, so I will put up with a lot.

However, apparently someone put a credit card skimmer on a machine somewhere so below is their response:

To Our Valued Customers:

A few days ago redbox detected and removed an illegal credit card skimming device at one of our 7,400 locations. At the same time, redbox also discovered evidence of skimming attempts in two other locations. Skimming involves the placement of an illegal device above the credit/debit card reader on a vending machine, ATM, or in this case a redbox. These devices are used to illegally read or store personal credit card information.

Even if your redbox was not targeted, it never hurts to pay a little extra attention and check for any unusual activities or changes at your local redbox. If you suspect your redbox has been tampered with (click this link to see pictures of skimmer devices: http://www.redbox.com/creditcardsecurity/ ) please call 866-REDBOX3, e-mail alerts@redbox.com , or notify the store/restaurant manager of your concerns immediately.

Although there is no evidence currently that these skimming attempts were successful, consumer security is a top priority for redbox. Reviewing transaction records, there is a possibility that up to 150 customers may have been affected. Although only a small percentage of the millions of customers who use redbox each month, redbox has notified the major credit card companies so that they can monitor the situation. The redbox team is also working with local authorities to investigate the incidents and ensure your security.

Skimming is not new (click this link for more details: http://www.uboc.com/ ). It has been attempted numerous times on ATMs, gas station pumps, and now redbox has been targeted. Redbox has been aware of these industry threats and has spent significant time and resources to prepare for them. The 7,400 redbox locations are visited frequently by redbox associates to maintain smooth operations and an optimum customer experience. In this case, a redbox associate found evidence of skimming attempts and initiated the actions in the team's response plan (including this e-mail message).

Redbox greatly values our customer relationships. As a result, redbox is open and direct in our communications about this type of situation. The redbox team also utilizes industry-leading technology to ensure you have a safe shopping experience and aggressively combats attempts by criminals to defraud customers. Please see the questions and answers below for some additional details on skimming and how redbox ensures the safety of your account information.

Sincerely,

Trina Graham-Hodo
Director, Customer Service

Bill Caputo
Director, Security

Ok, so far so good - clear explanation, promise to stay vigilent. And well written too!

And then they go the extra mile and provide you with more information using outside "expert" sources to help you understand the issue.

Additional Questions / Answers:

Q. What is credit card skimming?

A. Skimming is the theft of credit card information used in an otherwise legitimate transaction. It often involves the placement of an illegal device above the credit/debit card reader on a vending machine, ATM, or in this case a redbox. For more info click these links:
http://en.wikipedia.org/wiki/Credit_card_fraud#Skimming
http://www.uboc.com/about/main/0,,2485_703976951,00.html

Q. What does redbox do to protect consumer credit card information?

A. Redbox employs state-of-the-art security technology to ensure the privacy and security of our customers' data before, during, and after their visit to our kiosks. Customer credit card information is encrypted the moment it's swiped through our readers. Redbox uses further layers of encryption to protect all data transfers, too. Kiosks are also actively monitored and regularly inspected both on-site and remotely. Redbox never moves or stores unencrypted customer information. Credit card information can not be accessed by outsiders or even by redbox employees once the card is swiped at a kiosk.

Q. Where can I get more information on credit card skimmers?

A. Please use these links to get more information on credit card skimmers:
http://en.wikipedia.org/wiki/Credit_card_fraud#Skimming
http://www.usatoday.com/tech/news/computersecurity/infotheft/2007-07-31-gift-cards_N.htm
http://www.uboc.com/about/main/0,,2485_703976951,00.html

Q. How do I know if a skimmer is on my redbox?

A. Redbox credit/debit card readers are standardized for all locations. Click this link for pictures of the two approved readers and some examples of skimmer devices: http://www.redbox.com/creditcardsecurity/

Q. Who should I call if I have questions?

If you suspect your credit card information was improperly used, contact your financial institution immediately. If you have specific concerns related to this incident and redbox, please visit http://www.redbox.com/creditcardsecurity/ or call 866-REDBOX3. Please do not reply to this email.

Perfect job, IMHO. Responsive, attentive, explanatory, links to authority sites to inform you, etc. Good job guys.

Sigh.  Once again they almost avoid being the rotten apple of my eye.  My not so snarky comments in red.

This evening Cari.net will conduct an emergency maintenance window to provide additional protection and redundancy for the C2 Data Center. [Planned emergency maintence window. Nice!] Every attempt is made to provide advance notice of these windows; however, in the interest of our customers ,it has been decided that postponing these actions may subject our customers to undue risk. [We forgot to send the email, we got the Special Post Mortem Version of D&D.]

At 12:00am this evening (Friday, March 28th) [Ooops, 12:00am Friday was this morning, around 18 hours ago.  You probably mean midnight tonight, or Saturday morning.][Wait, what time zone?], Cari.net Network Service Teams will install an additional BGP router [Oooooh.] within the C2 data center. This router will provide load sharing and additional redundancy to this segment of our network.

The maintenance will begin promptly at midnight and is expected to take approximately 15 minutes. Service impact should be minimal, though customers with equipment or services located in C2 may notice brief periods of latency and intermittent loss of connectivity during this short window as BGP tables are recalculated. [Is my stuff in C2?  How would I know.  Don't you know?  Why don't you tell me?] Senior Networking Team members will be onsite managing this event. [Blame will be allocated immediately!]

This work is being done to augment changes made during the March 21st window and to provide protection against additional large-scale network problems in the future. [We are not sure we fixed it right last time.   Now we're pretty sure it's the fuel injectors and not the distributor.] Customers located in Cari.net’s C5 facility will be unaffected by this maintenance window. [Probably.]

 Golly.  I am starting to think that Dilbert's PHB works there.