Evidence-Based Search Engine Optimization
Over the last several years, our industry has produced myriad theories of how firms or consultants should go about SEO, each with their own set of shortcomings. Through these flawed systems, a new overarching theory of how our industry should behave has budded. First, let’s identify some of those flawed systems. Ethical SEO: A do no harm type of solution that strictly adheres to the guidelines of major search engines. Greatly inhibits the ability of a site to perform in the most competitive industries Follows a subjective set of ideals (whose ethics is right? mine is) Forces SEO’s to react drastically to position changes (such as Google coming out against reciprocal links or paid links) Performance-Based SEO: An elusive goal which attempts to create a...
Cross Site Request Forgery in Sphinn
I have removed the XSRF exploit, although you can click on the link below with the text “this story” to cause a vote to happen. Just imagine putting that into an iframe or an img src=, and it would accomplish the same thing w/o you knowing…. Thanks for the vote! If you are currently logged into Sphinn (or simply forgot to logout), chances are, you have just voted for this story. Sphinn’s vulnerability is one of the most common forms of XSRF, where the site allows actions to originate offsite without any authentication aside from the original cookie / session. There are multiple ways to prevent XSRF, the easiest of which is to generate a user-specific token for each action origination point on the site (a form, a link that votes, etc.) so...
Recent Comments