Beanstalk on Google+ Beanstalk on Facebook Beanstalk on Twitter Beanstalk on LinkedIn Beanstalk on Pinterest
Translate:
Published On:
SEO articles and blog published on ...
Hear Us On:
Webmaster Radio
Blog Partner Of:
WebProNews Blog Partner
Helping Out:
Carbon balanced.
Archives
RSS

XMLRSS

Beanstalk's Internet Marketing Blog

At Beanstalk Search Engine Optimization we know that knowledge is power. That's the reason we started this Internet marketing blog back in 2005. We know that the better informed our visitors are, the better the decisions they will make for their websites and their online businesses. We hope you enjoy your stay and find the news, tips and ideas contained within this blog useful.


April 9, 2014

Is the heart of your website beating or bleeding?


The Heartbleed Bug is a serious SSL/TLS encryption vulnerability in the popular OpenSSL cryptographic software library. So what is it?


Seems like we’ve heard this all before?



To put it into layman’s terms, Heartbleed or CVE-2014-0160, depending on your pedantic nature, is a really bad thing.

In less simple terms, the ‘heartbeat’ service of OpenSSL can be exploited to ‘leak’ it’s memory and reveal the contents of of otherwise protected/encrypted data.

But we’ve heard of OpenSSL exploits/vulnerabilities before, why is this one exciting?

Heartbleed vulnerability logo

Not only does Heartbleed have it’s own logo:

..it has it’s own website: http://heartbleed.com/


If you wanted to know all about it, the heartbleed.com website is full of information and details on the vulnerability if you want to dig right in for maximum info.


Essentially these are the points made:

  • This vulnerability has been around for years and so if someone had captured traffic from a year ago, and then got your secret keys with this exploit, this could allow them access to data you thought nobody could touch.

  • Using this exploit to impersonate your servers could allow an attacker even more access.

  • This is untraceable at the moment, meaning you don’t know what secure/protected content was stolen, or when.

  • This isn’t even all about you and your servers, think about the private data of your users and how a common password could be stolen from your server and used to infiltrate other more-secure servers around the internet.



Who is impacted :

  • Everyone that uses SSL is impacted in some way. Even if you just have to change some passwords. This will impact you.

  • OpenSSL 1.0.1 through 1.0.1f are vulnerable. OpenSSL 1.0.1g and newer are fine. Very old servers that didn’t upgrade to the heartbeat feature may be immune.

  • It’s estimated that this applies to over 66% of the web servers on the internet.

What to do :

  • Upgrade OpenSSL and/or disable the heartbeat function.

  • If you don’t disable the heartbeat function you can expect to be contacted by security teams checking to make sure you’ve upgraded.

  • Make sure your users know, either by a site bulletin, or perhaps a blog post?

  • Urge users to make password changes once you’ve secured your server.

  • Make it clear that users need to update that password on all sites that it was used on.

  • Be honest. No data can be assumed private at this point, your users should consider this truth.

  • Revoke and reissue your server’s primary keys.

  • As servers get patched you can reconnect with them, but there should be a ‘patch first, trust after’ policy.


..and above all else, Don’t Panic. :)

Update: If you are hosted on CentOS don’t assume you are vulnerable based on the version. In our case we had version 1.0.1e installed but it has been patched for CVE-2014-0160, which I can confirm with SSH access and looking at the RPM changelog.
 

SEO news blog post by @ 3:27 pm


 

 

October 17, 2012

New Webmaster Guidelines Part 2 – Technical Guidelines

This is part 2 of an in depth look at the newly revised Webmaster Guidelines from Google. Google has recently updated their list of best practices and suggestions for site development. To give your site the best chance of ranking well, and to keep a competitive edge, the Google guidelines should be read like the gospel.

monkey fixes computer

• Did you ever wonder how Google processes your site to determine its focus and content? Try using a text-based browser like Lynx to understand what Google is using to interpret your site.

By displaying the page without dynamic elements such as Flash, JavaScript, cookies, sessions IDs or DHMTL, you will gain a keen insight as to what is actually visible to the Google. If there is not enough content to be read, then Google is going to have a difficult time indexing your site and establishing you value in the SERPs

• Allow bots to crawl your site without session IDs or arguments that are designed to track a user activity. Disallow specific URLs that you don’t want crawled in your robots.txt file. Sessions IDs are antiquated and should not be used in any new site development. You can use cookies instead for monitoring site traffic.

• Check to see that your web server supports the “If-Modified-Since” HTTP header. This tells Google if your content has changed since it last crawled your site, saving bandwidth and overhead.

• Use the robot.txt file to exclude directories that do not need to be crawled from Google. Keep it updated in your Webmaster Tools account and ensure that you are not blocking Google bot from crawling your site by testing it in Webmaster Tools.

• Keep advertisements (such as Google’s AdSense and DoubleClick) to a minimum and ensure that they are not affecting your rankings by making sure they are excluded in your robots.txt file.

• If you use a content management system (CMS), makes sure that it support seo friendly URL structure and is easily crawled by bots.

• Test you site in several browser’s (IE, FireFox, Chrome, Lynx, Opera, Safari) at different resolutions.

• Use tools to monitor page load speeds. This is becoming an increasingly bigger factor for rankings. Use Google’s Page Speed, or Webmaster Tools Site Performance Tool to gain insights on how to boost you page loads speeds.

SYNOPSIS:

• Make use of the robots.txt file to keep your site accessible to the Google bots
• Block unneeded/irrelevant content from
• Use SEO friendly urls and move away from parameter-based urls
• Monitor your page load speed and take steps to improve it.

SEO news blog post by @ 12:09 pm


 

 

June 11, 2012

The Google/Netflix Internet Land Grab

There are indications of an apparent paradigm shift occurring with how your favorite streaming content is delivered to you. There appears to be a “land grab” by large corporations to move their servers next to their ISPs networking infrastructure in order to minimize lag and increase profits.

land grab game

In a typical setup, when you want to watch a YouTube video, your traffic get sent across your ISP servers, over the internet then to the website’s data center (where the movie is) and then sends the data back to your ISP and then to your computer.

There is a growing move by large content delivery networks to move to a more streamlined infrastructure by moving CDNs to the ISPs. This allows companies such as Google and Comcast to save a lot of money in bandwidth traffic charges from their ISPs by reducing the amount of bandwidth required by these services and the ability to speed up the delivery of the content to consumers. Reports indicate that as many as 100 CDNs are looking to move theirs servers to a co-location setup with service providers.

Google has been making the move with its own content delivery network for several years now, and Netflix has just announced that it will be following suit in their Netflix Open Content Delivery Network. Over 70% of all Netflix traffic is being served in through server’s setup directly at several ISPs. Prior to January all of their traffic was being distributed through CDN companies such as Level 3, Akamai and Limelight.

CDN Traffic

The Internet is in its Golden Age of video. There is such a large volume of traffic being generated from online video and movie providers that many networks are striking up deals directly with the ISPs themselves to get as close to the source as possible. Video providers such as Netflix can lower their operating costs by paying less for bandwidth and be able to deliver content at higher speeds (and even HD content). However, it is only the largest content providers that can afford to do so, which inevitably forces out the smaller players in the market, squashing all competition.

Editor of StreamingMedia.com Dan Rayburn doesn’t call it a land rush.“Apple, Microsoft, Facebook, and others are doing this,” stated Rayburn, “There are a handful of companies that are large enough,” he says. “But you have to be a certain sized company doing enough traffic.”

Andy Ellis, chief security officer with Akamai agrees that companies are moving to cache their content locally with ISPs, but stated that there are many services such as security and analytics that Akamai can sell them. “I don’t think we’re yet seeing a land rush into the ISPs,” he says. “I think you have to be really, really big to be interesting enough to the ISPs.”

On the surface, this could sound disastrous for third party CDNs, but we have seen time and again how competition can keep the marketplace robust and lower prices for the consumer.

SEO news blog post by @ 12:04 pm


 

 

January 26, 2012

The Slippery Slopa

Ever try to catch something slimy only to have it slip away from your best attempts to grasp it? That’s how the intellectual world feels towards SOPA and the various laws that follow in it’s slimy footsteps.
Slippery sopa snake

Public protests erupt as Poland signs ACTA

Yesterday Poland went ahead and signed onto the ACTA agreement joining the nations already signed on and enraging it’s public in the process. The internet is cheering on activists who took to the street in mass protests of the signing.

Over 9000 protesters meet in the streets of Kraków to have their voices heard!”

Hopefully this strong public reaction will be a very clear message to other political powers debating on how bad the public backlash will be over signing such ‘internet endangering’ agreements.

As if ACTA wasn’t bad enough?

Over in Ireland they are showing respect for the people by slipping in a bit of legislation called the “S.I. No. of 2011 European Communities (Copyright and Related Rights) Regulations 2011″, which will pass via ministerial order which does not involve a public vote.

Is it the sort of addendum that doesn’t merit input from the public?

Well Irish legal expert Tim McIntyre had the following comment on the new regulations:

“At a minimum this will probably allow courts to require ISPs to block access to alleged infringing sites (such as the Pirate Bay). Over and above that it becomes impossible to say — the language is so vague it might, for example, allow a court to require an ISP to introduce a three strikes system or to block certain ports. However, once copyright plaintiffs get hold of this power you can expect it to be pushed to its absolute limit.”

There’s still time!?

While the USA, Canada, and Mexico are already signed onto ACTA, there’s no reason why the public can’t organize an opposition to the decision and work to either get the agreement amended or have support withdrawn one country at a time. The only roadblock is getting folks to agree on a meaningful reaction that everyone can rally behind. So far the most centralized effort I’ve come across is the SOPA subreddit which has plenty of discussions on ACTA and PIPA as well.

SEO news blog post by @ 11:50 am


 

 

December 29, 2011

SOPA Sabotage

From the same band that brought us “Fight for Your Right” comes many great themes for opposing SOPA.

Sabotage


In a post-SOPA world images and music with questionable copyrights will be tickets for take downs, financial seizure, and other under handed attacks on popular websites.

You think the legal ho-ha over patents is extremely petty and wasteful? Picture how bad the internet will be when user posted content can get your entire organization shut down instantly?

Here’s an example, say I decide to post something on our blog that’s not SOPA-safe. The competition takes note of it, and the instant I say something the competition doesn’t like, they complain about the post, our DNS is yanked, our accounts are frozen, and THEN we get the complaint to remove the content.

Yeah that’s not going to work, look at Germany if you want to see an example of what a SOPA-like environment is like.

Here’s a SOPA-like example:
Retired, Computerless Woman, forced by courts to pay fine for pirating hooligan movie

Even little things, like a picture of an awesome band, and a ~10 sec clip of their music would become ‘frightening’ if SOPA passed. Such uses are fine right now as we’d find out right away if a rights holder cares, and we’d take it down without a fuss. Post SOPA would be completely different, and fear of take-downs would absolutely kill user-submissions because each post would need to be checked for violations.

Tom’s Hardware also posted today with similar concerns to what we have in regards to immoral and unwarranted take-downs of sites over user-generated content. I really do like the fact that they had no qualms explaining exactly how pirates will work around SOPA DNS blocks, how SOPA won’t be effective at it’s main purpose, and is only going to be abused.

The names of companies opposed to SOPA is huge and growing, with supporters like GoDaddy changing it’s stance as the public backlash forces them to step back from a supporting role. In fact today GoDaddy even took the time to share a copy of the remaining supports of the bill, with it’s name missing from the list.

This has even more people freaking out about GoDaddy because:

Soaking your neighbours in kerosene has never been the wisest way to try and douse your own fire…
Eating popcorn

It’s no wonder GoDaddy reacted to the anti-SOPA movement; One report had pegged the losses for GoDaddy at over 70,000 domains in a single day last week, and today (Dec 29th) is the official ‘boycott GoDaddy’ day over on Reddit.

Imgur also stepped up and announced that they are working on leaving GoDaddy as well, but there’s speculation over how people would react if GoDaddy was to ‘make good’ on it’s position by actually supporting the anti-SOPA movement instead of merely dropping it’s support for the bill.

Only time will tell but I really am starting to worry about all the folks saying that SOPA is ‘likely’ to pass!? That just seems so absurd to me, but experts are hard to ignore, and I’m no political watch dog.

UPDATE: Okay I knew I was breaking the cardinal rule of auto-play and I knew it was for a good cause, but I couldn’t let it stick for more than a day. The clip’s still there you just have to hit play. ;)

SEO news blog post by @ 3:51 pm


 

 

December 15, 2011

We’d feel dirty not posting about SOPA today..

This is the day folks, the bill is in Congress as I type and here’s some good spots to follow the proceedings closely:
Dirty Bar of Soap
EFF Twitter Feed
Video Webcast
Justin.tv re-broadcast of the live feed

Wondering what all the fuss is about?
Here’s a great read:
Wikipedia -> Stop Online Piracy Act

Who supports SOPA?
Domino Project’s SOPA Supporter List

What sort of organizations are opposed to SOPA?. It was such a bad move that Wikipedia was publicly contemplating a blackout of the service just to make it clear how bad the bill is!

There’s also a few very active/current discussions over on Reddit in the r/technology section that give a good ‘nerds eye view’ of the bill reading.

Wonder why Google was opposed to the bill? Here’s a humorous take on the essence of their fears:
Mockery of SOPAs effect on Google in 2012

If I had to personally sum everything up into a TL;DR I would have to go with:

“Artist and labour groups who don’t have a nerdy understanding of how the internet works and how to approach piracy are joining with other anti-piracy groups to fast-track an ill-considered and potentially dangerous bill.

While most folks don’t understand the internet enough to argue the bill as experts the general reaction today has been “we are rushing something we don’t understand and we can’t proceed”.

With any luck that’ exactly how bill H.R.3261 will end, some potential, but not ready. *fingers crossed*

SEO news blog post by @ 10:42 am


 

 

July 7, 2011

Google is taking out the trash

For some time now the “free hosting” Korean company Co.cc has been a target of malware, phishing, and large volumes of spam content.

Over at Google I can picture a hand full of their best ‘whack-a-mole’ admins looming over activity from .co.cc sites.
Endlessly fighting spammers

It’s anyone’s guess what kind of resources this one company has tied up over at Google (and other search engines) but I’m going with “too much” as my guess. When you consider that most of the results are spam, and the rest are mainly malware and phishing attacks, it shouldn’t be a shock that Google has done us all a favour and just blocked the whole *.co.cc stream from showing in the search results.

Sadly, spammers will be spammers and already I can see http://jzp.cc/ is acting as a portal to .co.cc sites and Google is currently showing these sites in their search results.

Google needs a bigger hammer
Wait, I see the problem! Going to need a bigger hammer!



The very unpleasant problem with this tactic is that the spam tends to just squish around, like a full diaper. The .cc TLD belongs to the Cocos Islands in Australia and while there are legit sites on that domain, the figures from the Anti-Phishing Working Group in 2010 are quite amazing. In the latter half of 2010 .cc domains accounted for almost five thousand phishing attacks in that time period!

While the percentage of good sites in the .cc realm might be questionable Google is effectively removing over 11 million registered domains run by almost 6 million users! My personal guess is that the block will stay up for some time, and once the spam has shifted elsewhere, we’ll silently see .co.cc domains back in the search results.

Google has stated they aren’t above blocking an entire bulk sub-domain in the past, they have clearly proven they will follow through, and I expect them to continue to do this as companies lose control of the content from their users.

The best way to fight spam is at the user level. Do you purchase anything that was ‘spammed’ at you? Are you rewarding people who put things on-line for your review, or are you spending money on things that are forcefully presented to you without solicitation? If the only way to make a sale is to respect the customer, retailers wouldn’t spam us because they would shoot themselves in the foot. As the consumers in this ecosystem of commerce, the matter is entirely in our hands if we so choose.

SEO news blog post by @ 6:14 pm


 

 

June 21, 2011

Bitcoin takes a beating..

Bitcoin had a serious case of the Mondays yesterday as the EFF dropped the currency for donations, and MtGox, a major international exchange, managed to spill over $5 million worth of BTC in a public ‘free for all’ moment. One lucky fellow snatched up over $5 million worth of BTC with a mere $2,613 by wisely setting an unlimited buy order at $0.0101 (everyone else was bidding $0.01).

The EFFs move wasn’t so bad when you pick it apart. Accepting any donation might seem harmless, but if the charity needs to convert that donation to a currency then it becomes an issue. The EFF cannot responsibly spend BTC, or exchange it, without exposing themselves to legal entanglement in doing so. Until the currency is ‘trouble free’ the best option for a huge non-profit is to avoid that donation.

In a post from Cindy Cohn on the EFF blog the issue is broken down three ways:
EFF Logo

  • Lack of understanding with regard to legality of BTC
  • Misleading donors with regard to value and use of donations
  • Giving a false endorsement of Bitcoin technology

Going forward the EFFs plan is to simply dump the donated BTC into the public faucet where they will be given away in small chunks to fresh Bitcoin users (or existing users who have never drank from the faucet). Don’t hurt yourself rushing on over for your handout, the current give-aways are only around 55 cents US when there’s more than 50 BTC in the faucet.

Speaking of give-aways, the $5 million I mentioned at the start of the article is apparently pending the decision of the folks running the exchange. The story is the very essence of TL;DR, so let me try to put it into point form:
BTC Value

  • MtGox setup a BTC exchange in Japan
  • MtGox’s auditors were hacked and an encrypted file was stolen
  • Alerts went out to change passwords and secure accounts
  • At some point on the 19th an MtGox user put a gigantic sell order up
  • As the sell was taking place Kevin Day took note, offering $0.0101 per BTC
  • By the end of the trading Kevin had purchased ~260k BTC for $2,613
  • Kevin took out 643.27BTC (~$8,000 US) and placed it into a personal wallet
  • MtGox claims that the day of trading broke exchange rules and must be reversed
  • Initially MtGox was considering a review by the FBI but at the moment it seems they are focused on a roll-back
  • MtGox has not mentioned an ability to reverse coins that left the exchange which creates a large problem

At this point the MtGox sites are having a hard time staying up and as of 11:40AM GMT they are struggling to allow users access to ‘reclaim’ accounts. I gave up on the site personally and have just been looking in Google’s cached results (a great solution for overloaded websites any time something like this happens).

There is also mention of the exchange going back on-line when the accounts are sorted out, and the claim that once the site is back on-line, trades 218869~222470 will be reverted and the exchange price will be going back to ~$17.50/BTC. Given everything that has happened this seems really optimistic to me.

Can’t wait to see what happens tomorrow.

SEO news blog post by @ 8:48 pm


 

 

June 8, 2011

Official IPv6 Test Day

Don’t forget, June 8th is the official IPv6 test day!

IPv6 Test Day

We should have a full blog post later today but I wanted to remind everyone to take a look and see who’s passing the test.

This is a link the test site to see if you have an IPv6 compatible connection: http://test-ipv6.com/

Have a great day and don’t forget the game tonight (Go Canucks!).

SEO news blog post by @ 6:37 pm


 

 

February 17, 2011

Blacklisting for National Security?

Blacklists sound like a racial slur, but they are simply a list of known bad offenders. Email spam is effectively kept in check to some degree by maintaining blacklists of known bad offenders. If your mail server isn’t accepting mail from a domain because the security is notably ‘not acceptable’ and ‘likely compromised’ why would you let that same domain access your login systems?

China Blacklist

I’ll keep my rant short and to the point, but the details of the attack are a bit like a drunken man explaining how his cat ‘escaped’ after he left the door open and his music playing really loud for hours.

Today there was news of another major hack on the Canadian Federal government in top level systems. Part of the news revealed that “Defence Research and Development Canada”, a civilian agency of the DND, was compromised. I personally read that as “hackers will be enjoying the fruits of our federal research money/time before we are”.

This hack also took major segments of the federal government offline, likely as a necessity to facilitate cleanup and containment of the situation. So this wasn’t a ‘scare’ or an ‘annoyance’, it’s clearly costing us money, tax payer money.

The source of the attacks came from China, as they always seem to be. Admittedly, if one wanted to hide their identity, the best place to start would be an insecure network in China, and then work out from there. If this is a no-brainer for myself, a tech-savvy SEO, what’s going on with the professional security services we’re paying for?

Do we really have a lot of Canadian federal employees in China making it far too difficult to block logins to sensitive networks from that entire country save a few exceptions?

SEO news blog post by @ 7:50 pm


 

 

Older Posts »
Level Triple-A conformance icon, W3C-WAI Web Content Accessibility Guidelines 1.0 Valid XHTML 1.0! Valid CSS!
Copyright© 2004-2014
Beanstalk Search Engine Optimization, Inc.
All rights reserved.