fachebook

How To Mimic White Hat

Okay.. Here is my rant about white hat seo. If you are a hardcore white hat SEOer, you should probably leave before I hurt your feelings.

White hat seo is for chumps. Anyone doing anything white hat is basically sitting on their ass hoping to rank organically which will never ever happen. Either you listened to SEObook or Mr. Matt Cutts, you are clearly going to fail. Why? Because white hat SEO is the means of basically doing nothing and hoping people link to you naturally. Okay, how do sites know I exist if I am not ranking and if they do not know that I exist then how would they link to me? Exactly!

Matt Cutts wants you to pursue white hat techniques so that you end up failing at SEO and giving up all together or moving to PPC so you can buy Matt more donuts. There is obviously less risk when doing white hat because you are completely off Google's radar because you have no links for one and two, you aren't ranking. Google doesn't care about sites not ranking because they aren't making money so therefore they won't be able to pay for Google adwords and make Google more money. They want the sites that are ranking #1 for tons of terms and sites that are cleary making money off Google and not paying their dues.

So really, there is no such thing as white hat tricks because white hat doesn't work. However, there are ways to mimic white hat but staying off Google's radar. I however, suggest to go fully blackhat and start scaling your sites to alleviate the risk. This works wonders when you have tons of sites and if Google penalizes your site (which it will), you will be making enough money with all your sites that were unaffected that you won't even notice.

White Hat Vs. Black Hat

The differences are obvious. White hat requires no backlinking and no violating Google's TOS since building ONE single backlink is against Google's policy. Blackhat obviously violates that policy and is usually done with automating the backlink process so you aren't manually building links. Some people even think doing manual link building is whitehat but really it is not since you are building a link to your site. This is usually a safer method because you are buiilding less links then you would be able to with an automated program but is less efficient and less effective (in my opinion using my methods).
How To Mimic White Hat

You can mimc white hat without actually doing white hat and that is with the use of buffers. Buffers are set up so that you do not directly link to your main site and Google will most likely not punish your main site but your buffers. Remember, Google can penalize any site and has penalized the cleanest of clean sites in the past, so just know you are never safe from Google's wrath.

When you use buffers, you can use them as funnels to actually rank these sites and send traffic to your main site. Buffers allow you to scale and spread the risk so thin that when Google does an update, you won't have to worry. I go over the buffer/funnel method in a previous thread and I really urge you to take a look at it.

The best part about using buffers to build links to is that you build more authority and link juice through this method. You can create these types of sites so quickly. At the moment I can do about 10 a week. If one goes down, you already got 10 new ones the next week.

White Hat Blackhat Whatever Hat

Regardless of what hat you are, we are all in the same game. We are all trying to rank and we are all trying to manipulate the search engines. We are all trying to take a peice of Google's pie and make money. If we are all business men and women, we should understand the fact that we are looking for ways to improve ROI and be more efficient and cost affective with our online marketing. Doing white hat is not cost effective, not efficient and brings the worse ROI.

So… YOu make the choice? Have you decided which is for you? If you haven't signed up for my free ebook, do so to the right and you will be glad you did!

What is wireless?

Wireless networks are a wonderful invention. They give us the ability to easily deploy a complex network of computers without the need to physically wire them up.

However, this ease of use can also mean that, without proper precautions, neighbourhood parasites can leech bandwidth and generally use your network against your wishes. Trapping such people is easy with a little thought and some borrowed equipment.

What is wireless?

What's usually known as Wi-Fi belongs to a family of wireless networking technologies called IEE 802.11. These all use the same protocol for transmitting and receiving data over short distances.

Home wireless routers and hubs (commonly called wireless access points) conform to the 802.11g variant of the specification. This uses transmission frequencies centred on 2.4GHz. Each transmission channel gives a raw data throughput of either 54 or 65 Mbps, depending on your equipment.

However, the useful data transmission rate is more like 19 Mbps, with the rest of the available bandwidth being used for error correction, encryption and packet collision detection.

Wireless LANs operate on one of 13 channels. If you're getting low data transfer rates, it's worth switching your wireless access point to a different channel – the chances are that another network in the neighbourhood is using the same one. Using the same channel won't cause data leakage onto other networks, because each is also uniquely identified and should feature strong encryption.

Encrypt to survive

Encryption is vital for wireless networks. There are two main standards in popular use. The first, which is older and decidedly less secure, is Wired Equivalent Privacy (WEP).

The original idea behind WEP was that it would be as secure as using a wired network. However, it's been widely known for around half a decade that if you can capture enough data packets from a secure connection, WEP encryption can be cracked using freely available hacking tools.

After cracking WEP encryption on a target network, it's possible for a hacker to read the login credentials required to connect to that network. After that, he will discover and exploit whatever vulnerabilities can be found on the network to consolidate his hold over it, possibly by deploying a keylogger to snatch identities, as well as using your computers for the storage of files he doesn't want on his own network.

The core aim is to leech your bandwidth to download undesirable content. For this reason, WEP should no longer be used. In its place, your wireless network should support WPA (Wi-Fi Protected Access).

This features far stronger encryption and the tools used to crack it are still either at the proof-of-concept stage or take so long to run that updating your passwords regularly will mean that your wireless network remains a very slippery target indeed.

If your network still uses WEP, stop reading immediately, log into your wireless access point's web interface, go to the admin page and select WPA (or, if available, the stronger variant WPA2) and save the configuration. Now disconnect and reconnect your computers to the network and they'll begin using the stronger encryption.

That done, let's now explore your neighbourhood.

Network discovery

The first thing a hacker will do when scouting for Wi-Fi targets is check the networks in range to find the best one to attack. While you could simply use your PC's Wi-Fi connectivity software to discover local networks, there are better tools available online that will show you far more.

One such tool is the free Inssider from MetaGeek. Installation on a computer with a wireless network card is as simple as running the installation package and clicking 'Next' a couple of times.

You don't need to be a member of a wireless network to run Inssider. Run it and select your wireless network interface from the dropdown list at the top of the Inssider window. Click the 'Start Scanning' button and the interface will begin to fill with networks.

At the top of the screen is a table containing a line for each network that the program discovers. This contains information including the wireless access point device each network uses, the name (called the SSID) of the network, the signal strength and the type of security used.

In the lower section of the interface are real-time graphs showing the signal strengths of each network as they change over time. Water in the atmosphere absorbs radio waves, so if the weather's bad, signal strengths may be lower than on a bright, dry day. Such fluctuations in atmospheric interference will cause networks on the edge of the detectable range to occasionally pop up and disappear again.

On the right-hand pane is a chart showing the signal strengths as the height of a set of bell curves centred on the channels used. If you're not getting very good bandwidth, try changing the access point's channel to one that isn't in use by the networks around you, then reconnect.

As a general guide, the RSSI (Received Signal Strength Indication) column in the table is a useful measure of the distance between you and each network's base station. This can be used to get a rough idea of whose networks you can see if they've not been identifiable from their SSI

On the right-hand pane is a chart showing the signal strengths as the height of a set of bell curves centred on the channels used. If you're not getting very good bandwidth, try changing the access point's channel to one that isn't in use by the networks around you, then reconnect.

As a general guide, the RSSI (Received Signal Strength Indication) column in the table is a useful measure of the distance between you and each network's base station. This can be used to get a rough idea of whose networks you can see if they've not been identifiable from their SSID.

The SSID is the 'service set ID'. This is the user-defined name of the network. When you buy a new wireless access point, the SSID will usually be set to a default. If you leave this as it is, it gives people a good indication that little if any configuration or security work has been done. If the network is also using WEP encryption (or worse, no encryption at all), it is open to easy abuse.

Inssider gives you a great way to see what Wi-Fi networks are in your neighbourhood. However, if you find a network that has no protection at all, don't be tempted to join it and leech bandwidth.

It may well be that an incompetent neighbour has set it up and doesn't realise that it's open to abuse, but it may equally have been set up like that deliberately. It's possible that someone may have set up a data collection utility such as Wireshark on the open network. If you connect to the network, the person who owns it will be able to see everything you do.

The term hacker may be used to describe people who steal information from

The term hacker may be used to describe people who steal information from computers, but that's just the dark side of the story.

Like the cowboy heroes of childhood, there are white hats as well as black, and the former are legal hackers: security professionals who aim to make the wilds of the internet a safer place for us all, tracking down and rounding up the exploits that endanger our computers.

The movie Sneakers features a team of hackers who are employed to show businesses just where their weak spots are.

The film may be a little dated, but security experts agree that it's still one of the best depictions of just how they go about their work, which involves examining both networks and systems to find exploits based on both social and technological weaknesses.

The US Military runs exercises where 'tiger teams' of good guys think like bad guys in order to penetrate secure facilities, testing just how secure they really are.

That's the idea behind network penetration tests, where security consultants are challenged to get inside a system or network in order to find holes, which are then filled with patches, policies or other security measures.

Penetration test teamteams include people with a wide-ranging mix of different skills, from social engineers and network specialists to hardware and software engineers. The exploits that they find vary, but they all share one fundamental element: they are ways into a network that compromise both data and computer systems.

The making of a legal hacker

Not everyone is cut out to be a security analyst; for one thing, it's not easy to develop that level of professional paranoia. One of the most famous security analysts, Bruce Schneier, tells a story about how as a child he realised that a company that sold ant farms (and mailed out tubes of live ants) could be used to send ants to anyone, anywhere.

That's a very different mindset to that of most of us, and essentially it means looking at the world to see how it can be broken or subverted. A security analyst would walk into a shop and think of three different ways to rob it and another dozen to defraud it. It's a good job that those minds are on the side of good and serve to help protect us against their less than honourable counterparts.Opportunities are everywhere. You might see a USB charging port at an airport as a quick way of getting your phone or iPod charged between flights, but a security analyst will be counting the connections in the port and wondering just how much data someone could steal from an idle phone using nothing more than a USB connection.

Penetration tests capitalise on that security mindset. White hat hackers working for security companies attempt to use their skills (and the tools that the black hats use) in order to find ways into a business network.

If you're running a big network that carries data that needs to be secure, you're likely to need certification from one of the big security consultancies before you'll get any insurance – and that certification is going to require one or more major penetration tests.

These tests aren't simply restricted to the computer side of things. Network security is about people, policy and technology. While you may be thinking about encrypting your network traffic and using two-factor authentication, your penetration testers may well be gaming your social network, tracking down backdoors into your network through staff who might have forgotten passwords one time too many and tailgating their way into the office building.

The slightest crack in your network's armour and all the passwords in the world are rendered next to useless for keeping that precious data safe.

Penetration testing

One thing to remember about a penetration test is that it's not just a glorified game of Capture the Flag. Many of the tools and techniques that are used by the security team doing the test have been used before – and not by the good guys.

Even so, the black hats out there use many more techniques, social engineering their way into systems and networks, and exploiting zero-day and little-known flaws in software and hardware.

A penetration test will reveal many of the problems in a network, but not all of them. A tested network may be more secure than others, but it's certainly not safe from every possible attack.

Schneier implies that good security analysts are born, not made. Even so, you can work to inculcate some of that useful paranoia. Plenty of puzzle games allow you to challenge yourself against imaginary computer systems. Games like Cypher and SlaveHack simulate the dark side of hacking, helping you to develop the puzzle-solving skills that can help you find ways of deconstructing your own networks and systems. Then therechneier implies that good security analysts are born, not made. Even so, you can work to inculcate some of that useful paranoia. Plenty of puzzle games allow you to challenge yourself against imaginary computer systems. Games like Cypher and SlaveHack simulate the dark side of hacking, helping you to develop the puzzle-solving skills that can help you find ways of deconstructing your own networks and systems. Then there's the other option: finding software that can be paranoid for you and letting it loose on your network.

Network-analysis tools

You don't need to hire a professional to break into your network – there's software out there that will do it for you in the shape of network-analysis tools.

Dan Farmer's SATAN (Security Administrator Tool for Analysing Networks) was one of the first of these tools. Written in the mid-1990s by Farmer and IBM security guru Wietse Venema, SATAN bundled up a whole raft of network vulnerability testing tools into one package. Administrators could load it onto a Unix machine and let it rip, delving into holes that even the most diligent network engineers had forgotten to patch.

The result of SATAN's investigation was a comprehensive report that detailed where the problems were and how to fix them. No one had seen a tool like this before – especially one this easy to use.

Panicked articles focused on the tool's name and declared that it was a tool for hackers, completely forgetting that SATAN was actually a tool to help stop crackers breaking into systems and that all it did was bundle up existing black-hat tools for over-worked system administrators.

In the resulting furore Farmer lost his job, but the foundations for a new class of security tools had been laid.

Scan your network

You can use the current generation of network-analysis tools to test your own network both inside and outside your firewall.

Tools like Nessus are easy to use and free to download. You'll find packages for most operating systems, though the Unix versions are often the most mature.

Commercial security scanners like GFI's LanGuard also help show up flaws, though they may not be as thorough as the more wide-ranging Nessus. Some of the latest generation of network-analysis tools will even manage to patch your systems for you by downloading system updates and remotely installing them on the machines that are most at risk.

Once you've downloaded a network scanner, install it on the machine that you intend to host your tests on. A laptop is a good idea because you can use it to scan any always-on broadband connections via a mobile broadband connection or from a friend's network. The result is a very detailed report of system vulnerabilities and a surprising amount of information about the systems you're running.

We ran Nessus over a typical small business network that supports a handful of laptops as well as numerous desktops, servers and network devices. The resulting report found several vulnerabilities that could have easily allowed someone with access to the network to quickly steal information and disrupt the network.

Not all the problems were ones we could solve (some were baked into NAS box and wireless router firmware), but all could be mitigated by locking down the network and increasing the security on its firewall.

Crack it to win it

One area where cracking tools and techniques have helped to secure the rest of the industry is the cracking contests held at major hacker conventions.

The format is simple. A group of machines running popular operating systems are set up in a secure area. Attendees are then given hacking tasks such as installing a certain file on the machines' hard disks.

At a convention contest, attackers are initially denied all access to the machines, meaning that they have to attack them through their networking stacks and default applications and services. If the machines survive the first round of attacks, restrictions on access are removed one by one until a machine has been compromised using driveby attacks.

The attacks used can be published (unless a sponsor has a non-disclosure agreement in place), and security researchers keep a careful eye on the results. PR teams also keep track of the contests, as a win or a fail can affect how their products are perceived by an influential part of the market.

There are some problems with these contests, however. The winners get to keep the hardware that they compromise, so contestants are often more inclined to attempt to break into the more attractive machines. Cash can also make a difference, as if there's more than one machine on offer, the attacker will go for the easiest machine to compromise.

That was the case at the PWN 2 OWN contest at CanSecWest in March 2008, where $10,000 was offered as a prize alongside three PCs. The winners broke into a new MacBook Air rather than attempting to gain access to Windows and Linux systems. While the exploit in question was a simple browser attack, it was kept under wraps by a security research company in order to give Apple time to clear it up.

These secrecy agreements aren't put in place just to spare an individual company's blushes. Releasing the details of an exploit before there's a fix available would be irresponsible, instantly putting every vulnerable system out there straight into the firing line.

Rewarding the honest crackers

The contest was sponsored by TippingPoint, a security consultancy that runs its own Zero Day Initiative. This program is designed to keep significant exploits from leaking out into the black hat community.

Rewards are offered for exploit, and the more that you submit, the more you earn. It works like a frequent flyer program: you get points (as well as cash) for submitted exploits, and the more points you get, the more bonuses you receive – including access to the main security and hacking conferences, Defcon and Blackhat.

TippingPoint isn't the only company that rewards security researchers for finding problems with their products. Most operating system vendors are rumoured to pay well for undisclosed exploits (and they also have the legal wherewithal to make sure that non-disclosure agreements stick).

The goal of these payment systems is to patch the holes in the software before a piece of zero-day malware gets out there, ready to use the exploit to compromise systems all over the world. If it means paying for an exploit, then that's what it takes to make sure that millions of users are secure next time Patch Tuesday or its equivalent rolls around.

We may not all have our own tiger teams of security analysts and hackers, but the legal hacking tools and legal hackers out there certainly make our networks and PCs safer. They're everyone's penetration testers, finding the weak spots in our increasingly important – and always vulnerable – networks and making sure that the white hats get the information about them first.

Vulnerabilities need to be discovered and patched to avoid being turned into exploits. If there were no legal hackers out there, black hats would have even more ways to threaten our PCs.

Creating a Learning Organization: 10 Actions For a Leader

http://qaspire.com/2011/01/27/creating-a-learning-organization-10-actions-for-a-leader/

The Next Youtube - By Microsoft

Have you heard about SELA Developer Practice.

It is about about Windows Azure Media Services.

It's a SaaS offering for uploading, encoding, managing, and delivering media to a variety of devices, scaled by the power of Windows Azure.

Win $1000 worth of PSD/HTML to WordPress conversions

Got a great idea for a site, but don’t know how to create a WordPress theme? Maybe you’ve already built a site but your client wants a CMS and you’re not sure where to start. Or perhaps you know exactly how to theme WordPress, but you don’t have time to track down what’s causing that bug.

If any of these scenarios sounds like you, then we’ve got a great competition for you: 10 lucky winners will receive $100 of credit to spend with CodeInWP which you can use for PSD/HTML to WordPress conversions.

CodeInWP are specialists in PSD or HTML to WordPress conversions. All you need do is provide them with the design in a PSD file or an HTML file and they’ll convert it to a responsive WordPress theme for you. They can even upload and configure the theme to your server.
They’re a team of over 10 coders located in Bucharest, Romania with over three years of experience in developing custom WordPress themes. They use the latest coding technologies for these conversions and can handle retina ready sites, parallax scrolling, media queries and anything else you can think of. While they may not be the cheapest option in the market, they choose to focus on quality work. They also offer psd to html and psd to newsletter on dotmarkup.com and newsletterize.com

Here’s a bit more about them from their website:

We start by slicing the PSD file manually, writing the html code needed, and then integrating the new code into a WordPress theme.
You will then be able to edit posts, pages and menus easily. If you request, we can make other areas of the website equally easy to edit.
Once we begin the project, you will be able to track our progress, and you will be in touch with your project manager every day to be sure we are on the right track.
All you have to do is upload your files, tell us what you need, and the rest is up to us. We will make sure that you receive a pixel-perfect WordPress theme.

Programmers: Impress your Boss Today

By following the rules below who knows, you might end up being the favourite of your boss and the centre of attraction in your organization.

1) Don't hesitate to ask questions

Some programmers hesitate to ask for help from the very first days in the company, e.g. when they encounter problems with the project environment set up or when they work on a task but don’t fully understand the business flow behind it.

It’s not a big deal – just ask for assistance or clarification.

Otherwise you’ll waste a lot of time struggling with a typical project-related problem or guessing what should be the correct application behaviour in this or that particular case.

2) Search for a niche

It often happens that several company projects or project modules lack resources. This means that either when you just start working for a company or finish your current project, there’s a chance that you’ll be able to choose or at least let your manager know about your preference project- and task-wise. Many people tend to join the newest project or feature.

It’s better to do the opposite – choose a project or a feature that’s not known by many other fellow developers. Spend more time getting familiar with the business flow and existing code. And later on, when you know the module well enough, it turns out that there’s a lot of new stuff to be implemented in it. More and more new features have been requested by the managers. Not surprisingly you can be asked to implement many of them as well.

3) Get familiar with the “Big Picture” of the application

Nowadays almost all of the enterprise applications are fairly complex and consist of many modules that might be using completely different technologies. For instance, assume the following application modules:

1. a module that interacts with social networks and collects data;

2. a module that processes all the collected data;

3. a UI module

Each of the modules is developed and maintained by a separate team of developers. The modules are different technology-wise but related business-wise. This means that whenever a new feature is introduced, it affects in most cases all the 3 modules.

There aren’t that many people, though, who understand the whole business flow. So, whenever a new feature is discussed, the managers tend to involve people who can make a top level assessment of changes that will be required in each of the modules. So, if you know the big picture, you have a better chance to get involved in such discussions.

Besides, when you know the big picture, you understand the kind and complexity of tasks that are being performed in each of the modules. Thus, there’s a chance that some tasks and technologies, used in one of the modules, will become particularly interesting for you. Remember that it’s much easier to switch to a new technology within the company where you’re already considered a senior developer, than to start searching for a new job.

4) Do what you need to do, not what you like to do

Some very talented programmers suffer from a serious issue – they have a specific field of interests and whenever they’re asked to do something different, they show poor performance and quality, because they can’t concentrate on the stuff they don’t like to do. For instance, people might love experimenting with Scala, but have to deal with Hibernate or native SQL; they might love concurrency, but have to assist with the front end-related work.

If you’re one of such programmers and have to permanently deal with the technologies that you can’t stand – you probably need to change the job. Otherwise, if you just temporarily need to help other developers in the areas you don’t really like – you have to show the professionalism and do a good job anyway. Just remind your managers about your preferences, so that they don’t ask you to work on that stuff too often.

The same is applicable to the tasks with different priorities. It might sound obvious, but remember: you have to pick up the one with the higher priority, even though the one with the lower priority looks way more interesting to you. Be a professional!

5) Share your knowledge and help your colleagues

Have you ever encountered colleagues who are way more productive when working alone? This might be an indicator of poor communication skills. Sometimes it gets even worse – believe it or not, some developers don’t really want to share their knowledge. Kind of a selfish attitude, eh? Such people wish either to be irreplaceable or to make sure their colleagues face all the issues they had to face to make their life as hard as their own. No wonder that such behaviour gets noticed fairly quickly by fellow developers and managers and doesn’t give any credit to such “lone wolfs”.

Moreover, when you’re working in a regional office, remember: if one of your colleagues doesn’t do his job well, the whole office suffers in terms of reputation. So, if you can help your colleague – just do it, it’s a win-win solution.