A Cross-Browser, Bookmarklet Speed Reader

Yesterday, via both Digg and Reddit, I came upon Spreeder, a wonderful speed reading app. However, it has a major drawback. To use the application, you actually have to perform the speed reading on spreeder.com, taking you away from the page you need. You can either cut-and-paste content into their application, or use their bookmarklet that redirects you to their site after highlighting the text you want to read. So, I took a few minutes to cobble together this app, which I think is a lot easier to use and far more simple. It is also cross-browser compliant for FireFox, Opera and Safari, no luck in IE as of yet. Just simply drag the link below to your browser’s bookmark bar. Then, when you want to speed read your favorite blog or magazine article, just...

Hold Your Ground, Rand.

Rand Fishkin at SEOMoz has made a call to his readership to determine the future of black and gray-hat content on their blog. Being a staunch advocate of information openness in the Search Engine industry, I have decided to chime into a handful of the issues/questions which Rand poses to his audience. I have quoted liberally, but you ought to read his post in its entirity. We’ve received some harsh criticism from those who engage in black/gray hat practices and been asked to STFU about these topics. Spam, obviously, succeeds more when less is known about it, so its natural for those with a potential interest to keep it close to the vest. If SEOMoz knows about these techniques, then the search engines already knows about these techniques. No effective or...

In Defense of Hats: White, Gray, Black and Blue

There has been quite a bit of talk lately about the resurgence of gray and black-hat panel discussions at the SMX Advanced conference held recently in Seattle. I posted a lengthy comment at the trail end of Matt Cutts’s post regarding the matter, but I felt that it deserved a little more attention. In short, any advanced SEO conference should not shy away from the full gamut of SEO techniques, regardless of the stigma attached. Black Hat is Beating You: Regardless of your position on the ethics of black hat techniques, it does not change the simple fact that these techniques exist in the wild and they are being employed by your competitors. If the only information you gather from a discussion on these techniques is how to identify and out those activities,...

Google Adds Yet Another Way to AdWords Bowl

Every now and then Google adds new features that, supposedly, help users get a better experience from Google Search. More often than not, this has been a shameless attempt to explain some new hassle webmasters and Adwords advertisers must undergo so that Google can make a few more bucks. The latest in this list is that Google AdWords will soon be rolling out a modification to the Quality Score based upon your landing page load times. This addition, while seemingly innocuous, actually makes it quite easy for a competitor to force your Quality Score lower, thus causing you to pay much more per-click. All a competitor needs to do is send a ton of bogus traffic to your website and, voila, your page load times will increase due to server load and, subsequently,...

It Sucks to Have Friends in High Places

Meet Matt Cutts at WebmasterWorld. Draw attention to yourself with Matt Cutts posts. Forget to remove some of your “experiments” and “research” before the ensuing Googler traffic. See your Google traffic tank No tags for this post.

Stumbleupon Cross-Site Scripting Vulnerability

While I have previously identified XSS and/or CSRF vulnerabilities in both Digg and Reddit, Stumbleupon has largely remained innocuous to these types of attacks for multiple reasons. First, the primary method of user-login and authentication is through the toolbar, which makes it substantially harder for malicious javascript intercept. Furthermore, because many of the many valuable user functions are triggered through the individual’s personal subdomain (user.stumbleupon.com) and www.stumbleupon.com, it becomes quite difficult to execute complex functions such as auto-voting or friend-adding. That being said, there are still work arounds that exist. In the proof of concept I was able to execute, the vector of attack was the invitefriends.php file which does...