semwired

This video show how serious Google takes the performance optimization issue with webpages. This is basically a comprehensive explanaition of the methodology on how build quicker mobile website There’s also some really valuable insight which confirms the correlation between loading times and conversion rate, pointing out web performance as a crucial factor in increasing revenues.

Besides that, it makes you understand quite well the strong drive Google employees have for constant optimization, something you don’t see in that many companies after all…

Here’s the full presentation: building faster mobile websites

So quite a few months ago, after getting pretty tired of not being able to find a decent sitemap validtor, I decided to code my own. Sitemap Inspector checks your sitemap for errors and generates a new one free from broken links. It also pings all major search engine once it validated your sitemap.

…or how almost everybody takes user-end security for granted.

It’s been quite a long time since I haven’t had the chance to play around with any potencially “mainstream” kind of vulnerability and this is due to two main things: I’m pretty busy with consulting and I left the “security” scene years ago (and to be honest, I have never been really into it, except for a few contributions to sourceforge, a linux kernel module, some rootkit and a script to operate massive smurf attacks, highest point of my script-kid career).

Being pretty busy with consultancy makes me often forget the importance of the “lower” layers of the tcp/ip stack, those which makes this whole thing work, from the dialup cables to your ethernet controller up until your browser javascript libraries.

Who holds the knowledge of all this levels would master this whole thing (well robably not) but sometimes I’d like to examinate CEO and digital marketing manager (I become pretty familiar with this very type of human being lately) on their proficiency of the internet. Most of them just jumped on the internet bandwagon without any knowledge of what lies behind their screens, they’re obviously more keen on understanding the end result, since this whole thing turned into a wonderful money making machine and that’s what they are after and, as we all do, we do take this whole thing for granted. We never imagine that there might be a f* huge zero day vulnerability ready to be exploited straitgh out of your browser, messing everything up.

Back in the days ip spoofing was quite a common feature of the most common script kiddie. Still it reaquired some skills, or at least a good list of updated proxies and some scripting.

According to this article from @bilawalhameed, it seems quite an easy thing to exploit, nothing like a buffer overflow with memory handling and all that, its just about a few lines of code. Thanks to himself pointing this out to the community, relevant fixies to major browser and on their way, so this will be soon fixed, no worries, you can keep shopping safe.

Anyway, to me here lies the morale: do ever f* take any of this for granted. It is great and beautiful and shiny and it gets more usable and friendly day by day, but there’s a lot of work behind, lots of code and a complex but logical structure of layers which makes all these wonders happen and this might not work perfectly forever. Please be considerate while using this, and most of all be aware that it is as fragile as complex. I say be aware, because it seems that most people running this nowadays completely ignore its complexity and inner vulnerability.

Nowadays video counts for an impressive amount of content. Making this content available to search engines is therefore a crucial aspect in SEO, so that they can be correctly indexed and bring some more traffic to your website. If SEO often focuses on text content, there’s plenty of things which can be done to improve your video content and gain a good amount of organic traffic.

According to a study recently released by Nielsen, time spent online by users watching videos increased 45%. Also overall number of streams and streams by users increased significantly on month-to-month and year-to-year basis. If videos are considered this important by users, SEO on-site video optimization becomes a necessity, not just a secondary task to a more traditional search engine optimization.

First things first: file types currently crawled by Google

Google can crawl the following video file types: mpg, .mpeg, .mp4, .m4v, .mov, .wmv, .asf, .avi, .ra, .ram, .rm, .flv, .swf, so long as the files are accessible via HTTP. Metafiles requiring a download of the source via streaming protocols are not supported. Just make sure you’re video is available in one of the mentioned formats and you should be fine.

What to optimize videos for?

Videos can searched through Google Video, Youtube or generic Social Media platform.

However the same optimization focus might easily be applied to all of these sources, considering that Google alone and Youtube make up for a 90% of all video search queries. A slightly different approach might be considered if we want the video to spread virally through social networks, hence some strategic planning ahead of the launch and  strict

URL structure

As for generic pages, the video URL must comply with the most typical URL optimization tips: avoid too many nested folders, keep your video file name clear and with relevant keywords separated by an hyphen.

Page text

Content surrounding the embedded video is considered relevant as well, so make sure you add some relevant text description to your video in the same frame or page area. It must be something related to the video, able also to spark some interest on the users and make sure your keywords are always present.

File names

Always keep your keyword list at hand, you’ll have to make sure that the video file name contains at least some of the keywords you want to be ranked for.

Create a video sitemap

If your website features a significant amount of embedded videos, you’d better get a video sitemap. A video sitemap would definitely help Google when going through your website trying to index and categorize your content, making sure no video gets lost or not indexed.

How to manually create a video sitemap

1. Create a text file and save it with an .xml extension.
2. Write the following lines at the beginning of the file:

<?xml version=”1.0″ encoding=”UTF-8″?>
<urlset xmlns=”http://www.sitemaps.org/schemas/sitemap/0.9″>

1. Write the following to the bottom of the file:

</urlset>

1. Create an entry for each URL. The <loc> tag is required; the others are optional.

<url>     <loc>http://www.yoururl.com/</loc>     <lastmod>2011-01-01</lastmod>     <changefreq>monthly</changefreq>     <priority>0.8</priority> </url>

1. Upload your Sitemap to your site.  The file should be located at www.yoururl.com/sitemap.xml

Google’s webmaster central states, “Video content includes web pages which embed video, URLs to players for video, or the URLs of raw video content hosted on your site.  If Google cannot discover video content at the URLs you provide, those records will be ignored by Googlebot.” As such, each video URL entry in the sitemap must contain:

• Video Title
• Short Description
• Play page URL
• Thumbnail URL
• Raw video file location and/or the player URL (SWF)

Further information on the topic available here.

On the 21st september, at 2.54 PDT, Twitter has experienced a attack through a XSS (Cross-side scripting) vulnerability. Due to malicious code being executed, a massive retweet spread though all users,

Generally speaking XSS attacks exploit a lack of control on HTTP GET and POST requests. Malicious code is injected through a URL pointing to the affected website, allowing most kind of queries to be executed. Defacement should not be worst in case of less visited website but as the outcome can incredibly grow in magnitude if considered the amount of visitors.

This is the code used:

http://t.co/@%22onmouseover=%22document.getElementById(%27status%27)

.value=%27RT%20Matsta%27;$(%27.status-update-form%27).submit();
%22class=%22modal-overlay%22/

When you move your mouse pointer over a link and you are logged into your Twitter account, your account will post a new RT (ReTweet) that points to a link to the Twitter account of the user “Matsta”.

The worm spread over all terminals with javascript activated. Some people obviously panicking at Twitter Headquarters (or probably just laughing their ass off for being fooled by a script-kid), for a few minutes internet went back to be a less noisy, content based network, as it originally was. Considering the amount of uselessness spreading through twitter these days, a smart worm is for sure an improvement in content quality.

Back in the years you were like if you could score a shell on a *.ac.kr server, with a PHF or ftp-bounce attack. Script-kiddies nowadays can just hit the news with a smart URL… I’ve never though that web security would have grown according to the number of visitors and variety of services and protocols available, but is probably time to catch up more than ever.

On a side note, attacks like these may also show what the really security attitude of these companies, definitely in need of a real improvement.