There is a draft post in my Wordpress system called “Hand over your Lupins”. I never published it. I haven’t finished it yet. I don’t want anyone to read it in the current form, because it contains notes and suggestions for further development, including references to some key figures in SEO Celebrity Land. If that was published as it is, I’d get some heat for sure. But isn’t that the case for most “draft” posts? Certainly you would not expose your draft posts to the public, right?

But the only thing between those draft posts and the public is a Wordpress front controller that checks a “publish” bit and passes over the drafts. On every page load. Those draft posts exist in your Wordpress database, the same as your public posts do. That database is readable by the public-facing Wordpress, and it is very reasonable to think that they might be “exposed” by a clever hack. Ever hear of a vulnerability in a Wordpress plug in? Sure you have. It’s only a matter of time before somebody builds a popular plug-in which enables access to draft posts. It’s not terribly difficult… virtually any access hack could enable it.

So what would that reveal about you and your business? What do you have lurking in your drafts folder? What does your competitor potentially already know about your desire for Lupins, which until now you have been so careful to conceal?

I just read about HP’s board hiring investigators to find the source of a boardroom leak, and admitting that pre-texting was used by the investigators to obtain the cell phone records of reporters and board members. Pre-texting is the name given to a social engineering technique - you call the phone company and pretend to be the cell phone owner, and ask for the records. In this case, someone used Yahoo! email addresses to claim the online accounts of the cell phone owners, knowing as little as their names and last 4 digits of their social security numbers.

HP’s board found their leak, and 2 people so far are not expected to be on the board anymore. The attorney general people of course are now involved, and I assume the investigators are in for some hot water. Small price to pay to find two board members and an information leak? If it seems so, that might just fuel a handful of million dollar lawsuits (I hope).

Everyone should claim their own online account, even if they don’t use it. And also tell (don’t ask… tell) the cell phone company to put a password on your account that only you know. I did this with Verizon a year ago after reading about some Colorado Senator who had a company that re-sold cell phone records obtained through pre-texting (yes, it really is true). Verizon locked my account with a password, and it has been a hassle ever since because I picked a hard-to-pronounce password (what was I thinking… duh!). Anyway, at least it is safer than normal.

Is claiming your account secure enough without the extra password, which some cell companies might not be prepared to handle? No. The cell phone device is used as a token, so that if you process a “lost password” sequence and have the device in your hand, you can reset the password. All you need is two minutes with the device, which is easily done by “making a call”. Maybe not easy for some overseas hacker to get your cell records, but a piece of cake for a fellow board member (ahem) who just needs to make a quick call.

Oddly, the CNet article actually published the IP address used to execute the pre-texting. It was 68.99.17.80, which appears to be a Cox cable IP address in Nebraska. The IP is assigned geocoordinates 41.2603, -96.0463. If that is correct, not too smart, guys. There goes the neighborhood, at least. Unless it was a zombie proxy, which I suppose we’ll find out in the next few weeks as the privacy concerns are addressed in the media. oh, and isn’t it coincidental that the FBI has offices in that same neighborhood?

One of the more interesting aspects of my work is competitive intelligence. Who is competing in the market, using what tactics, and with what success? When limited to online activities, CI shows you what they *have been* doing, not what they may be doing now. However, as I learned quite well during my 10 years working with neuropsychologists, past behavior is indicative of future performance when it comes to humans. People will do what they’ve done before.

So when I see an SEO in his late forties with a new yacht, I am desperate to examine his web properties and PR image. Where did he find his success, yes, but more importantly is his success built upon a foundation of outdated websites and a circa 2001 online business model? or even better, *one* outdated website in one vertical?

What are the odds that a comfortable #1 spot holder with a family of teenagers and a world-capable yacht will rise to a modern day SEO challenge to his top spots?

One argument is he has the funds to kick into gear and hire the best staff to retain that top spot in the face of a threat. True. But that human behavior thing suggests that he did not hire the best and brightest on the way up. In fact, it appears he kept things very close to his chest (including profits). Odds are very strng that he would do as he has done before, having been reinforced for the behavior with a yacht.

Another argument is that he will sell his holdings rather than fight, even if he doesn’t act until he is #3 and #4 in the SERPs having lost the top placement to my challenge. I accept that possibility, but it has nothing to do with me as competing SEO. All that does is further distract him from meeting the competitive challenge, or further underline this as an opportunity for me. A perfectly ripe pear hanging from a tree branch must be picked or it will rot. Someone has to eat it.

Modern day SEO can overcome many current top placeholders in the SERPs. I have had clients approach me after they watched their business lose the top spots to a newcomer over more than a year’s time. What were they doing for that year? You got it: watching their properties drop from the #1 spots, and watching the new guy get energized with his success as he rose to the top. What they see now is a new guy at the top, but they don’t see what he is doing now. What he did before is indicative of what he will continue to do - challenge the incumbants, compete, and dominate. What will they do now, after watching themselves get overrun for a year?

It’s not a pretty picture. I encourage them to hire some quality SEO talent and get out of the way as much as possible.

I wrote this post because I have always viewed SEO as a form of competitive webmastering, while many webmasters consider SEO as a set of tricks to rank in search engines. Webmasters don’t need to hire SEOs. Business owners should hire SEOs to out perform other webmasters.