SEM Wired

On the 21st september, at 2.54 PDT, Twitter has experienced a attack through a XSS (Cross-side scripting) vulnerability. Due to malicious code being executed, a massive retweet spread though all users,

Generally speaking XSS attacks exploit a lack of control on HTTP GET and POST requests. Malicious code is injected through a URL pointing to the affected website, allowing most kind of queries to be executed. Defacement should not be worst in case of less visited website but as the outcome can incredibly grow in magnitude if considered the amount of visitors.

This is the code used:

http://t.co/@%22onmouseover=%22document.getElementById(%27status%27)

.value=%27RT%20Matsta%27;$(%27.status-update-form%27).submit();
%22class=%22modal-overlay%22/

When you move your mouse pointer over a link and you are logged into your Twitter account, your account will post a new RT (ReTweet) that points to a link to the Twitter account of the user “Matsta”.

The worm spread over all terminals with javascript activated. Some people obviously panicking at Twitter Headquarters (or probably just laughing their ass off for being fooled by a script-kid), for a few minutes internet went back to be a less noisy, content based network, as it originally was. Considering the amount of uselessness spreading through twitter these days, a smart worm is for sure an improvement in content quality.

Back in the years you were like if you could score a shell on a *.ac.kr server, with a PHF or ftp-bounce attack. Script-kiddies nowadays can just hit the news with a smart URL… I’ve never though that web security would have grown according to the number of visitors and variety of services and protocols available, but is probably time to catch up more than ever.

On a side note, attacks like these may also show what the really security attitude of these companies, definitely in need of a real improvement.

Another great post from ilovecharts.com. A self-explanatory graph is worth thousands of words sometimes.

Just a few years ago Blockbuster Spanish subsidiary announced it was going to shut down all of his Spanish rental shop, due to piracy and eventually a clear change in customer’s behavior. A few days ago the company finally announced its bankruptcy. The company’s lost more than a billion dollars in the past two years. However its a well-defined plan aiming to change the company itself into something more similar to Netflix, hence focusing on online rental services. Bussiness is much like survival of the fittest and every company has to adapt an overcome in order to survive. It will be quite unlikely to see the Blockbuster brand totally disappear though, due to studios backing it up in fear of Netflix to take over the market.

On a side-note, this will certainly mean a clear spike in every US unemployment report for the next year or two, due to the huge amount of people working at Blockbuster’s shops.

HTML5 is already here and it is changing the SEO world forever.

HTML 5 basically follows the way the web evolved in the last years and includes many useful tags and elements. It develops more towards a semantic approach to content, with specific tag which mark the kind of content is going to be displayed. It might seem as its developers where aiming to create a PHP kind of programming language but it is still an XML-based markup language.

The major development from HTML5 is a bunch of new tags with outline the semantic content of a page section. It is quite of a revolutionary change, considering now search engine will be finally able to understand the actual content of a page.

It’s easy to see how letting sites mark individual blocks of their page with meaningful information would assist in the segmentation of a page. Search engines would be able to know instantly what is what and decide how to treat it.

Here is a short list of a few new tags and the way the should be implemented on page:

<article> tag – The new <article> tag is probably the best addition from a SEO point of view. The <article> tag allows to mark separate entries in an online publication, such as a blog or a magazine.  It will reduce the need to use <div> tags, hence making the code cleaner and easier to be understood both from humans and search engines. Search engines will put more importance on the text inside the <article> tag as compared to the contents on the other parts of the page.

<section> tag – The new <section> tag can be used to identify separate sections on a page, chapter, book. Each section can have its separate HTML heading. As with the <article> tag, it can be presumed that search engines will pay more attention to the contents of separate sections. For instance, if the words of a search string are found in one section, this implies higher relevance as compared to when these words are found all across the page or in separate sections.

<header> tag – The new <header> tag (which is different from the head element) is meant to give developers much more flexibility in term of heading categorization. The <header> tag is very similar to the <H1> tag but the difference is that it can contain a whole different set of header tags (h1,h2….) or whole paragraphs of text, hard-coded links (and this is really precious for SEO), and any other kind of info you feel relevant to include.

<footer> tag - Both the footer and header tag can be used several times in a pge, which means the do not have to belong necessarily to the standard header and footer of the page. For instance it can be used to define recurrent elements on a page (think of a blog post) with specific header and footer.

<nav> tag – The new <nav> tag can be used to identify a collection of links to other pages. It is quite important when it comes to define page rank distribution through links on a page. We often have to struggle a bit in order to distribute page rank through link, this should be make life a bit easier.

Beside these tags there a whole bunch of new ones which might require further explanation. For instance, <audio>, <video> or <dialogue> tags are also part of the HTML 5 standard and they will allow to further separate the content into the adequate categories. As you can see the main point of this update is making HTML closer to a human level of understanding, besides the obvious consequences with SEO.

How it works: HTML4 tags vs HTML5 semantic tags

Currently with HTML4, mark-up coders are working with document structures like this:

<div id=”header”>
[logo]
[links or navigation]</div>
<div id=”leftnav”>[navigation links]</div>
<div><p>text</p></div>
<div id=”footer”>[footer links]</div>

CSS transition have been finally made available on Firefox (3.7, pre-alpha2). With this feature developers will finally be able to apply movement to CSS elements, quite a good alternative to the more common use of Javascript. Here’s the developers Firefox version if you want to have a try.

// HTML
<ul>
 <li id="long1">Long, gradual transition...</li>
 <li id="fast1">Very fast transition...</li>
 <li id="delay1">Long transition with a 2-second delay...</li>
 <li id="easeout">Using ease-out timing...</li>
 <li id="linear">Using linear timing...</li>
 <li id="cubic1">Using cubic-bezier(0.2, 0.4, 0.7, 0.8)...</li>
</ul>

// CSS
#delay1 {
 position: relative;
 -moz-transition-property: font-size;
 -moz-transition-duration: 4s;
 -moz-transition-delay: 2s;
 font-size: 14px;
}

#delay1:hover {
 -moz-transition-property: font-size;
 -moz-transition-duration: 4s;
 -moz-transition-delay: 2s;
 font-size: 36px;
}

Since Twitter went online, beside the early adopters enthusiasts, I always heard many people debating on its actual usefulness.
Still, it is one of the fastest growing platforms, despite its weaknesses, its extreme vulnerability to spam, or its 150 characters limit…

This very last point has been thoroughly debated: 150 characters are not enough to deliver any message and force people to limit the scope of the message they can send.

A few weeks ago, Johnathan Schwartz, former Sun Microsystem CEO, resigned via his his twitter account.

Within 150 characters he managed to say that we resigned from his position, and also gave an explanation for his resignation with a haiku:

Financial crisis

Stalled to many customers

Ceo no more

This should be the right way people should use twitter, and haikus, because or their ability of defining a whole world within a few lines, just fit perfectly this media. Johnathan just seems to have understood this pretty well.

When resigning from a position we often send plenty of emails out, to co-workers, colleagues or acquaintances: Johnathan just exploited the speed and efficiency of Twitter, with no need to waste that much time on writing emails, also getting positive results for his personal brand, communicating directly with the right audience and successfully delivering the message.

Next time we twit, let’s just make sure it is for something meaningful..!