Archive for the ‘black hat’ tag
An article recently published on Fast Company has caused a bit of a stir in the content marketing and search engine optimization (SEO) communities. Written by Veronica Fielding, CEO of Digital Brand Expressions, it explains how the recent Panda and Penguin Google algorithm updates mean that social engagement rather than search engine trickery yields top results.
While her heart is in the right place (encouraging active, useful social engagement by brands), neither the algorithm updates nor Fielding’s interpretation of them reveals a direct correlation between social activity and SEO relevance. Though extremely important for an effective content marketing strategy, simply interacting with your fans on Facebook, sharing relevant tweets, and uploading useful videos won’t (in and of itself) boost your brand website’s SEO ranking.
Let’s take a look at what Panda, Penguin and social media really mean for brands.
Panda and Penguin
The 2011 Panda update aimed to remove low-value websites from Google rankings. These are the sites that repurpose (or copy word for word) content from other sites and those that are used solely for linking: in other words, sites that a user couldn’t or wouldn’t want to interact with. The update affected 12 percent of listings, penalizing, for the most part, overly optimized sites that provided a poor user experience. Since Google wants users to use its search engine repeatedly, that users have a positive experience throughout the content search, including when they click on a result, is paramount.
The 2012 Penguin update was driven more by users’ experience. The update, which affected only 3 percent of listings, focused on eliminating the sites that use black-hat web spam SEO tactics, like keyword stuffing, cloaking and link scheming. Together these updates cut the legs from under those sites that weren’t offering searchers any value, leaving the high-quality, content-rich sites still standing.
This is good news only for brands that are continually focused on creating highly useful and relevant content across a variety of channels.
Social Media and SEO
Social media, including Facebook, Twitter, Pinterest, Google+, YouTube and LinkedIn, also plays a role in the updated algorithms but not in the exact manner Fielding described in her Fast Company article.
First, some social-media channels weigh far more than others, mainly because of technical barriers that search crawlers see when indexing them. The weight of these channels are based on how much information Google can crawl without being stonewalled by the social channels.
For example, because of privacy constraints, what you post on Facebook isn’t seen by Google and has no bearing on your Google SEO listings. Google sees just your Facebook profile and info tab. And if your description on your FB profile and info tab has keywords and links to your other brand properties, you have used that channel for SEO.
?When you use Twitter, the keywords in your user handle and bio, as well as the link included in your bio, help searchers find you. What you tweet can be seen by the engines (not Google as much as Bing, because of a partnership deal), but most tweets by brands that tweet often may never be seen by an end user, because search engines display only a handful of their latest tweets. ? ?YouTube is a lot like Twitter, except that its individual “posts” are videos that have a longer shelf life than that of a timely tweet. One can optimize YouTube profile pages as well as individual video clips that are seen by the engines (especially Google).
Ultimately, no one knows (or at least, nobody has proclaimed publicly) how significantly these social channels are affecting search results. Only a handful of Google employees even know the algorithm at this point. ? ?
The Strategy is This:
Create useful, relevant and shareworthy keyword-optimized content, share across other owned properties, and don’t worry about what Google may or may not do. As long as your brand always keeps the end user in mind and commits to putting out great content, it will be fine.
Even with a blog rich with high quality content and a free giveaway to incentivize people to join your email list, it can be frustrating watching the number of subscribers increase at a snail’s pace.
Wouldn’t it be great if there was a way you could quickly and easily add interested subscribers to your newsletter without having to wait months for them to come naturally?
Luckily, there is a way to accomphish this, without resorting to spam or other shady black-hat tactics. Using a technique called list swaps, you can easily add hundreds of new targeted subscribers to your email list overnight!
How do List Swaps Work?
Imagine you and a friend both have blogs on a similar topic. You each know that having a large, responsive email list is one of the best ways to profit from your blog, so you have each been building email lists since you started. Let’s say that you each have about 300 subscribers on your list.
One day you and your friend are hanging out and you start comparing email lists. You notice that almost all the names on his list are different than yours, despite each of your newsletters being about the exact same topic! You both realize how great it would be if you could just add each other’s lists to yours.
Of course just taking the emails from each others lists would be a poor decision; nobody wants to recieve a newsletter they didn’t opt in to. Many people would consider these emails spam, and some would probably report you. Having a profitable email list depends on having a good relationship with your readers, so giving away their emails to anyone else without their permission will hurt you in the long run.
List swaps are similar to trading email lists with a friend, but in a way which lets readers of the other list decide whether or not to opt in. When you and another list owner decide to perform a list swap, each of you send out an email to your lists advertising the other person’s squeeze page. Not everyone will sign up of course, but assuming both of you have lists on similar subjects you should get a decent amount of new subscribers.
How to Perform List Swaps
There are a number of different web sites which help people interested in doing link swaps meet up. These sites often list different categories which allow people with similar email lists to easily find each other. Simply make an account and browse different listings until you find one which seems like a good fit.
Many of these sites have ranking systems in order to track the size and responsiveness of their user’s lists. This allows you to only do business with people who have large and converting email lists. This cuts both ways of course, if most of your list doesn’t even open your emails other people won’t be very likely to want to work with you.
If you can build up a small but enthusiastic list of subscribers, you can then use list swaps with other high rated people to quickly build a powerful and well converting list.
Leveraging a Large List
Once you’ve built a large list, and hopefully a good rating on one or two different list swap sites, you can really start to profit from your list. For example, if you sell an ebook you can have someone advertise it on their list in return for you running an ad on yours.
The larger your list, the larger the lists of the people who will run your ad on them. If you can get ads for your ebook on a few large relevant lists you could easily sell hundreds of copies overnight.
How to Add Hundreds of New Subscribers to Your Email List Overnight is a post from: We Blog Better. © 2012. Share it freely, but please link back to this source.
I’m also available for blog startup, content writing and consultation services.
Visit my other blog, Highly Favored for Christian inspiration and church newsletter tips.
Become a Better Blogger
Def Con and Black Hat, while both security conferences held together in Las Vegas, are two very different beasts. One attracts the corporate security type, another the hacker underbelly.
Black Hat could almost be described as mellow in comparison to Def Con, one of the largest running hacker conferences in the world, often attracting up to 12,000 attendees. The con is held at the Rio in Las Vegas, compared to Black Hat, which is held at Caesar’s Palace on the strip.
The two conferences attract chief security officers, hackers, Feds, and press alike. Because of the that, the talks vary too, from those like former FBI executive assistant director Shawn Henry who spoke about finding and getting rid of “the adversary” to hacking planes in mid-air. Indeed, there is a nice mix of preaching to the choir coupled with vulnerabilities and exploits that may or may not have been found illegally.
But both conferences are important to a community of CSOs and hackers that generally are pretty segregated. Black Hat celebrated its 15th year running last week, and Def Con celebrated its 20th.
Check out our gallery below comparing tell which one you’d rather go to next year.
Filed under: security
Over 80 percent of iOS users are running Apple’s latest operating system, which the company says is the most secure version of the mobile operating system available. But that’s not enough for Apple.
The company’s head of platform security, Dallas De Atley, spoke at the annual Black Hat security conference in Las Vegas today, stepping out of the company’s normal comfort zone of not telling much to anybody — but not too far. The talk centered around a white paper the company released in early June titled “iOS Security,” the same title of his talk.
De Atley reviewed the process of protecting phones from the very bottom of the operating system up through to app-protections, and into the most obvious security feature: the passcode. According to De Atley, Apple was concerned with the differences between a phone and a laptop and how some of the functions of the latter would be unnecessary — or even dangerous — in the former.
“When you close your laptop and it goes to sleep and you put it in your bag, it’s fundamentally done doing work on your behalf,” said De Atley during the session. “But in the case of an iPhone, you’re going to put it in your pocket and it is going to be always on, always connected, it’s got all your data, and if it’s doing work on your behalf, you’re probably not going to notice.”
To this point, Apple specifically excluded the ability to log in remotely from iOS. It also did not include a shell, which gives users access to the base of the operating system — two features found in laptops.
Apple also ensured that everything in its operating system is signed by Apple, that is, approved by Apple and assigned a security certificate to prove it’s safe. This includes the applications built into iOS, as well as any third party applications.
All iOS devices are also equipped with the ability to check with Apple to see if any of those certificates have been revoked, leaving the application distrusted, and thus, unusable.
Apple plans to release the next installment of its mobile operating system, iOS 6, sometime this fall.
Photo of Dallas De Astley courtesy Black Hat Events.
Near-field communication helps you pay for things using your phone, quickly get through subway turnstiles and more. But NFC could give a hacker access to your phone just by standing next to you.
NFC interacts using small tags that can be as thin as stickers. These tags have a small antenna in them that detects the incoming interaction. Realistically, you need to be very close to your target if to successfully get the NFC interaction going. Charlie Miller, principal research consultant at Accuvant Labs, showed a video at the Black Hat security conference in Las Vegas of him following a friend, with his hand awkwardly close to his buddy’s back pocket. But you only need to consider how many pick-pockets exist in the world to realize how real this attack could be.
Miller admitted the attack is difficult to perform, and many of the bugs he found in NFC are not too extensive. Indeed he blamed this on the fact that NFC chips are small and only have so much space to hold data.
But he was able to exploit a bug in Nokia’s N9 smartphone that really showed the power of an NFC hack. The N9 has a feature in it called “pairing,” which allows the phone to connect to other devices using Bluetooth and NFC. In the N9′s case, you can use pairing to transfer the song you’re listening to on your device to a dedicated speaker.
If a hacker creates a tag that can pair the phone, she can have access to the Bluetooth network and eventually make it into the rest of the phone. Miller demo-ed the hack and pulled all the data from the phone, including the photos and address book. He also showed that you can sent text messages to other phones using the hacked phone, as well as make calls.
His message to the mobile security community? Make phones prompt the user before accepting an NFC connection.
“NFC attacks are really hard to test,” said Miller at the Black Hat conference. “The biggest takeaway is before you push a webpage to me or something, for God’s sake, give me the option to say no.”
Image via Meghan Kelly/VentureBeat
To celebrate the 15th anniversary of the Black Hat Conference here, a panel of experts got together to expound on what they see as the privacy and security mess of our times, and they had plenty to say about the U.S. government, cyberwar and Google. Read more » about Black Hat panel: Which do you trust less with your data, the U.S. government or Google?
The 2012 Black Hat conference is kicking off in Las Vegas, and this year’s session will see Apple presenting for the first time, as well as a reunion of some of the team behind the first briefings 15 years ago.
Apple, the biggest and arguably one of the most secretive companies, usually likes to do events on its own terms. But it looks like the company is heading into the lion’s den, hosting its own talk at Vegas security conference Black Hat.
Bloomberg spotted the event on Black Hat’s schedule today. It is hosted by Apple’s manager of patform security Dallas De Atley, who will give a talk simply titled “iOS Security.” The talk’s abstract only touts that Apple baked security into the core of iOS (no, serious, they used “core”) and that De Atley would cover how iOS is protected.
This could be an attempt to show IT and security professionals that Apple really is a safe choice for corporations supporting BYOD (bring your own device). The company recently released a set of “guidelines” for iOS that addressed concerns that reassures IT departments that iOS already has security built right in, and that some of its security features are not configurable.
“Many security features are enabled by default, so IT departments don’t need to perform extensive configurations,” says Apple in the guidelines. “And some key features, like device encryption, are not configurable, so users cannot disable them by mistake.”
Corporations are starting to adopt iPhones into the system more, though concerns over not having as much control over the system do make CIOs balk.
Other than BYOD, this could also be an attempt to show people that Apple is interested in the security community. Bloomberg notes that Apple is no longer thought of as impervious to malware after the Flashback Trojan infected hundreds of thousands of Mac computers earlier this year. The company also saw its first iOS Trojan app slip through the security review process.
Whether De Atley will address these issues will be revealed on Thursday, July 25 at Black Hat. VentureBeat is headed to Las Vegas to cover both Black Hat and Def Con from the front lines. Check back to get the word on how the security industry is keeping up with its adversaries (or, at least, trying).
via Bloomberg; image via Tom Cheredar/VentureBeat
For the first time ever, Apple will be presenting at the Black Hat security conference this week, highlighting key security technologies in the iOS mobile operating system.
Posted by Dr. Pete
Since Google’s “Penguin” update, hysteria over negative SEO has exploded, with people blaming it for every problem from falling rankings to their hands turning orange (Pro Tip: Check to see if you just ate a bag of Cheetos). I feel roughly the same way about post-Penguin negative SEO as I do about aliens. I’ve created the following graphic to illustrate my beliefs:
Ok, maybe that sounded a little harsh, but here’s the point – while I believe negative SEO is possible – and I’ve seen a handful of cases where I’m pretty sure it was effective – it’s usually not the root cause of a ranking drop. In other words: most people who think they’ve been hit by negative SEO haven’t been. This post is an attempt to ease your fears and help you find out if you’re one of the 0.1% who really saw that UFO.
What Is Negative SEO?
Broadly defined, “negative SEO” can mean anything malicious someone does to harm your site’s rankings. Rand’s recent video on negative SEO covers many examples and is a great recap. Within the context of the Penguin update, though, negative SEO really only means one thing – that someone has launched an organized effort to make your link profile look bad. This usually means that they’ve hit you with a ton of low-quality or clearly black-hat links across a large number of domains.
I don’t want to downplay attacks on your site. If you’ve had a security breach, such as a DDoS that is taking down your site or an SQL-injection attack that has modified your content or added outbound links, take it seriously and handle it quickly. With link-based “attacks,” though, the situation can get a lot trickier, and the cures can sometimes be worse than the disease. If you just start hacking at links or throw all of your time and money into fighting a perceived threat that’s not the root cause of your problem, you could set back your SEO efforts months.
What Are The Signs?
Let’s say you wake up one morning to find that your cat’s gone missing and your rankings have dropped. Does that mean that your competitors are up to no good? It’s possible, but I think it’s critical in 2012 SEO to step back and assess the problem. Solving the wrong problem can be catastrophic – at best, it’s just a waste of time and energy.
Even if your competitors are trying to cause trouble, that doesn’t mean that what they’ve done has caused your problems. I’ve seen people do ridiculously ineffective “negative SEO” – one client’s competitor hired a low-rent firm to create a copy of the client’s site. That copy sat on a staging server in India with no links and all but the home-page blocked in Robots.txt. Was it malicious? Sure, but malicious idiots are still idiots. It wasn’t worth an international incident to take that one rogue site down. Real negative SEO takes a concerted effort and a fair amount of know-how.
When someone is really attacking your link profile, and if that attack is going to be effective, you’ll typically see unexplained, low-quality links from a variety of root domains. Just slapping your link in the footer of one bad site isn’t going to bring you down – low-quality links happen in the wild all the time. You need to see a large-scale pattern. Typically, you’ll also see a sudden spike in these links. An aggressive attempt at negative SEO isn’t going to happen over years – it’s going to be done in weeks. When you see massive, unexplained growth in low-quality links, then you may have a problem.
I’m not going to dive deep into the tools, but there are multiple good ones for getting different views of your link profile (and using more than one is generally a good idea):
The new Bing Link Explorer replaces Yahoo! Link Explorer and seems promising, but you’ll need to sign up for their webmaster tools. Both our paid campaign management tools here on SEOmoz and Majestic's tools will track historical data about your links. Keep in mind, though, that link counts can spike for a lot of reasons. You’re not just looking for a jump in the numbers – you’re looking for a clear pattern of malicious links.
Even if you do see a spike in malicious links, the impact of an attack is often temporary. Many times, people use methods that get quickly removed or discounted (such as injecting links on other sites). When the links go away, the problem often goes away. It’s not of much comfort in the short-term, I realize, but it’s easy to be so aggressive that Google spots the attack and devalues the links. Getting the balance just right isn’t easy – many attempts at negative SEO fail.
Are Aliens Among Us?
About 70-80% of the time someone comes to me having just spotted a bunch of unexplained low-quality links to their site, a little digging turns up that it was the result of bad SEO by either their own team or someone they hired. If it’s your own team, that’s good news (even if it doesn’t feel that way) – you might be able to undo those links more easily or even have a record of them. If you hire an outside link-building firm, make sure you get a record of what they’ve done. Once you realize they’ve trashed your link profile, it may be too late. Monitor new link builders closely and insist that they track links. If they refuse, fire them. It’s that simple.
Can You Prevent It?
If someone really is out to get you and wants to spend the time and money, there’s no doubt they can do a lot of damage. In most cases, though, it’s just not cost effective, and building up a wall of defenses and monitoring your links every hour isn’t cost effective for you, either. So, what can you do to prevent the most common forms of attack?
Probably your best defense is to have a clean, authoritative link profile. Google is looking at your entire pattern and history of links, and if your site is strong with generally high-quality links, it’s a lot harder to do you damage with a short-term attack. The most vulnerable sites are new sites or sites that already have engaged in too much low-quality link-building. If 80% of your links are junk, it’s not going to take that much for a competitor to push you over the edge.
At the risk of oversimplifying: do good SEO. I’m not trying to downplay the possibility of negative SEO – it does exist and it can do real damage. I’m trying to drive home the point that it’s still very rare, and most people are spending far too much time and money on tinfoil hats. In 99% of cases, the SEO problems of websites in 2012, even after Penguin, are self-inflicted. Start with what you control, and build a better mousetrap – it’s still your best protection from anything the competition can throw at you.
Sign up for The Moz Top 10, a semimonthly mailer updating you on the top ten hottest pieces of SEO news, tips, and rad links uncovered by the Moz team. Think of it as your exclusive digest of stuff you don’t have time to hunt down but want to read!