John Andrews is a Competitive Webmaster and Search Engine Optimization Consultant in Seattle, Washington. This is John Andrews blog on issues of interest to the SEO community and competitive webmasters. Want to know more?  Competitive Web & SEO
March 25th, 2008 by john andrews

Facebook Penetration Testing is Illegal Legal Permitted Investigative Reporting

My how things change in just a few years. Today, AP reporters proudly proclaim their “investigation” of a security loophole on Facebook, describing how they used the hack to peruse materials that clearly were posted to Facebook with an expectation of privacy:

“A security lapse made it possible for unwelcome strangers to peruse personal photos posted on Facebook Inc.’s popular online hangout, circumventing a recent upgrade to the Web site’s privacy controls. The Associated Press verified the loophole Monday after receiving a tip…Using Ng’s template, an AP reporter was able to look up random people on Facebook and see the most recent pictures posted on their personal profiles even if the photos were supposed to be invisible to strangers. The revealed snapshots showed Italian vacations, office gatherings, holiday parties and college students on spring break. The AP also was able to click through a personal photo album that Facebook co-founder Mark Zuckerberg posted in November 2005. —

Just a few years ago, Adrian Lamo was hunted as a fugitive for justice for similar URL playfulness:

“Lamo has become famous for publicly exposing gaping security holes at large corporations, then voluntarily helping the companies fix the vulnerabilities he exploited — sometimes visiting their offices or signing non-disclosure agreements in the process. Until now, his cooperation and transparency have kept him from being prosecuted. Lamo’s hacked Excite@Home, Yahoo, Blogger, and other companies, usually using nothing more than an ordinary Web browser. Some companies have even professed gratitude for his efforts: In December, 2001, Lamo was praised by communications giant WorldCom after he discovered, then helped close, security holes in their intranet that threatened to expose the private networks of Bank of America, CitiCorp, JP Morgan, and others.

They ordered Lamo to pay $65,000 for so-called “use” of Lexus Nexus (even though the usage was on an unlimited plan) and 6 months home confinement, plus probation. Truth is, when he hacked the NY Times and exposed their sloppy-at-best online security, he demonstrated how unworthy the Times was of trust, and thus how foolish some very high profile people were for trusting the New York Times:

“…he penetrated the New York Times, after a two-minute scan turned up seven misconfigured proxy servers acting as doorways between the public Internet and the Times private intranet, making the latter accessible to anyone capable of properly configuring their Web browser. Once inside, Lamo exploited weaknesses in the Times password policies to broaden his access, eventually browsing such disparate information as the names and Social Security numbers of the paper’s employees, … a database of 3,000 contributors to the Times op-ed page, containing such information as the social security numbers for former U.N. weapons inspector Richard Butler, Democratic operative James Carville, ex-NSA chief Bobby Inman, Nannygate veteran Zoe Baird, former secretary of state James Baker, Internet policy thinker Larry Lessig, and thespian activist Robert Redford.

Today it’s not only OK for the AP reporter to browse around inside, but to write about it as if it were good investigative reporting. We only know what they tell us they looked at… they could probably have looked at anything on Facebook, which I believe, is why legislators made that sort of activity illegal years ago:

“Lamo has been charged in New York under Title 18 U.S.C. 1030 and 1029…The federal laws prohibit unauthorized access to a protected computer, and illegal possession of stolen “access devices” — a term that encompasses passwords, credit card numbers, and the like. —″

★★ Click to Share!    Digg this     Create a Bookmark     Add to Newsvine
December 3rd, 2007 by john andrews

mobile phone novels (keitai shousetsu) – not in the USA

When my American friends discuss innovation, I often get annoyed at their dedication of passion to their uninformed opinions. If only they would put some of that energy into study, eh?

TechCrunch (today’s version of Red Herring, according to some lol) is reporting that “In Japan, half the top selling books are Written on Mobile Phones”. (I am not sure if this headline is a play on the old “In JAPAN…. ” jokes, like the original, “In JAPAN, the HAND can cut like a KNIFE!” but I appreciated it anyway).

So half of the top-selling books are written on mobile phones. Wow. Of course there is so much detail to examine behind that headline, but first let’s look at the story to better understand how this country labels pop culture pornography and how in this country big business stifles innovation in order to preserve the needed time to manage control of it:

With all the talk about Amazon’s Kindle, there’s a bigger revolution taking place and those who studied classic literature will be horrified. In Japan, half of the top ten selling works of fiction in the first six months of 2007 were composed on mobile phones.

TechCrunch cites a real newspaper, so we know this story is true:

According to the Sydney Morning Herald, mobile phone novels (keitai shousetsu) have become a publishing phenomenon in Japan, “turning middle-of-the-road publishing houses into major concerns and making their authors a small fortune in the process.”

I will assume that, IN JAPAN! they have mobile phones that work better than my $499 HTC/Audiovox/Verizon Winblows Mobile device, even if they don’t suffer the horrors of Verizon crippling for a mere $135/month over in Japan. They must, because otherwise, how could they write much more than a page or two before the battery dies, the phone needs a hard reset, or the screen goes too dim to even.. find the slider to increase screen brightness?

But I digress. There is more about what those popular “books” really are:

One book, Koizora (Love Sky) about high-school girl who is bullied, gang-raped, becomes pregnant has sold more than 1.2 million copies since being released. …. another book Moshimo Kimiga (420,000 copies) starting with installments uploaded to an internet site and sent our to “thousands of young subscribers.”

Well well well. In JAPAN, stories of teenage sex, rape, and brutalization sell. Imagine that! In this country, we don’t even count “adult literature” or even “graphic novels” when we cite best sellers. They don’t count (even if they do drive innovation, e.g. online publishing). Okay so maybe this Love Sky is not pornography, but it’s not great literature like our own best-selling-novel-of-all-time “Valley of the Dolls” either. Ooops. Valley of the Dolls is arguably the most popular (selling) novel of all time, but it does indeed address themes of “art films” culture in the 60’s. Hmm… but that was back in the sixties, and anyway, is this real literature or just scandalous text?

Regardless, the Japanese can buy stuff easily over their mobile phones today. Aspiring pulp fiction writers in Japan can sell their stuff through those same channels more easily than I can navigate my CCBill affiliate income reporting screen (no, I am not an adult publisher, but I did side step my way into one CCBill account a few years ago.. it’s a long story).

I think we’re still arguing about micropayments over here, far from enabling citizens to pay a buck or two to read some trashy text. Also the Japanese can upgrade their phones and phone plans and such as they desire to consume innovative technology. Over here, as a consumer unhappy with my 18 month old Verizon Winblows Mobile 5 device and willing to pay to get the latest stuff, I am offered a “new” version of the HTC with Winblows Mobile 6 that was actually announced last January, is finally available this month (late November, actually), and will require a 2 year commitment from me to the network plan with at best an 18 month upgrade cycle on the technology.

I’d have to be stupid to pay another $300 for another obsolete device, with a 2 year commitment. That’s a lot of money I could be spending downloading trashy novelettes.

My consulting business is increasingly receiving calls from overseas for Search Engine Optimization services. Wow… I’m World Famous now. I am an Internationally known search engine optimization consultant. In demand world wide. Or maybe it’s just because I’m cheap as hell with the dollar trading at less than half a British pound, and less than 2/3 of a Euro.

History tells us this country won’t wake up until the situation is very painful.

★★ Click to Share!    Digg this     Create a Bookmark     Add to Newsvine
November 28th, 2007 by john andrews

Rose Colored Glasses and Rose Colored Kool-Aide

Someone emailed me today and called me curmudgeon-y. So I looked it up. Grumpy old man. Hah. I am not that old, and I am not grumpy. And I dislike that SearchEngineLand has labeled it’s hard-core SEO blog roll as “Old Fart SEOs”. I like appearing there, but I don’t like the label. Yeah yeah, all in fun. I also go this email today after my last post:

Looks like you’re doing everything possible not to get invited to the “select” PubCon parties

I suppose my blog is not as “SEOMozy” as many search industry blogs. I read this comment on SEOMoz today :

Showering love on a community is one of the best ways to generate a reaction – it’s a win-win proposition for the author and the readers!

followed by this:

linking out and praising the community is a great way to generate buzz! Some quality links there too – everyone should check out the whole list.

and this:

As to this being one of the best communities – I’m totally in agreement. Particularly as far as the signal to noise ratio goes – this community has the highest signal and the least noise in the industry. Both in the blogposts and commentaries.

Really? Let’s all just praise each other and everything will be win-win for all of us, eh?

Well I come from a background in real research and hard core Engineering (Big E, not little “e” like all those Google “engineers” and “software engineers”). Accountability is built-in, not optional. And when everyone just says “everything’s positive”, it sets that stage for complacency, laziness, and other tools of deception. If in fact SEOMoz is the highest signal to noise ratio search industry community alive today (a claim I do not make), it is surely not because of a stellar signal to noise ratio. It might be because the politics of the search industry prevent a truly high signal to noise ratio community from thriving. Is that win-win?

What happens when everyone is rosy and everything is great and we all pat each other on the back and say “good job!” and nobody is curmudgeon-y? Well, in the news this week we see :

Last week, the UK government announced the biggest loss of personal information in the UK’s history. Two unencrypted computer disks containing the personal records of all families in the UK with a child under the age of 16 went missing en route from the Revenue and Customs department to the National Audit Office. UK’s Information Commissioner, Richard Thomas, stated that, “[t]his is an extremely serious and disturbing security breach.”

The disks comprised Revenue and Customs’ entire collection child benefit payment data. The disks were being sent to the National Audit Office using an internal courier system, but documentation of the transmission was not recorded or registered. The child benefit data listed on the disks includes name, address, date of birth, National Insurance number and, where relevant, bank details of 25 million people. Revenue and Customs chairman Paul Gray resigned after the announcement of the breach.

That’s financial and personal data on every family in the UK with a child under 16, lost to accountability. Over 25 million people were legally required to hand over personal information and bank account information to their government, and that government shipped the data around unencrypted, unscheduled, untracked, and lost it. Based on the comments made by the government officials, including the one that resigned immediately, that same government assumes it is the hands of criminals. And the follow up is they plan to limit what they collect next time, but include your biometrics. Let me ask you this — can you revoke your biometric? Is it physically possible for you to get a re-issue of your biometric if it is stolen? And this will be better?

What’s going on? We can assume that if criminals wanted that data, it is valuable. The system keeps going, and you lose.

Complacency. Things are ok. It’s win-win. Everything’s good. That curmudgeon-y guy who was complaining  last year about having to hand over personal data for central archiving, with no legal assurances for protection? Just an old fart, probably.

A few years ago every complaint about Google was labeled a conspiracy theory. Posters who cautioned of trusting Google were labeled “contrarians” and said to wear “tin foil hats”. AdSense was buying webmaster loyalty for pennies on the dollar. Now, in 2007, things have changed. I won’t point to some of the available information sources I have now, because they are ridiculously irresponsible. Want to know every domain ever registered by PUT-YOUR-FAVORITE-SEO-HERE? It comes cheap today. Want to find out the affiliate tiering of PUT-YOUR-FAVORITE-AFF-MARKETER-HERE, with her upline and downline? It can be had for pennies on the dollar compared to its value. The public tools for competitive intelligence are a joke compared to what can be had through “channels”, and what Google has because you all give it to Google for pennies on the dollar.

But this is the competitive SEO/Search marketing industry. What about us?

Is it possible to knock someone’s web site down in the SERPs without their involvement? No, of course not, right? Everything’s good, everything’s ok. Good job all around. And when a business is knocked out and loses 65% of the traffic it had, what then? That loser should have diversified, right? Big mistake keeping all the eggs in one basket, right? And of course no accountability for why Google dropped the site. If your search marketing contract is worth $100k per year, and generates $1million in client revenue, is it worth $25k to knock you out?  That’s $100k in Chinese money, and much more in other currencies in locations where very talented people operate computers attached to the Internet. Services can be procured.

The majority of my professional work involves working with corporations that hired advertising and marketing and SEO agencies but soon found themselves stuck with unexpected dependencies, large bills, ill-defined contracts, and Internet performance below expectations. My work is very positive — identify the fluff, trim the fat, help the corporation find the loopholes and hold the providers accountable for the initial goals and objectives. It is interesting and challenging work, to say the least. If you are a search marketer or SEO chances are good that I am on the other side of one of your contracts, helping your client to help you do your best work, while they adapt to help provide you with what you need to do your best work. The goal is success, as it was supposed to be when you were hired.

So keep doing good work and working hard. In the mean time keep asking the hard questions, and reconsider how quickly you might be “rewarding” those in our community who “showering love on the community”. Word on the street is, there’s an agenda being played. Did you know?

★★ Click to Share!    Digg this     Create a Bookmark     Add to Newsvine

Competitive Webmaster

Wonder how to be more competitive at some aspect of the web? Submit your thoughts.

SEO Secret

Not Post Secret

Click HERE


John Andrews is a mobile web professional and competitive search engine optimzer (SEO). He's been quietly earning top rank for websites since 1997. About John




comments policy



Recent Posts: ★ SEO Industry Growth, Widespread Failure, and SEO Industry Challenge ★ Do you want to WIN, or just “Be the Winner”? ★ 503: GONE ★ Cloud Storage ★ Identity Poetry for Marketers ★ PR is where the Money Is ★ Google is an Addict ★ When there are no Jobs ★ Google Stifles Innovation, starts Strangling Itself ★ Flying the SEO Helicopter ★ Penguin 2.0 Forewarning Propaganda? ★ Dedicated Class “C” IP addresses for SEO ★ New Domain Extensions (gTLDs) Could Change Everything ★ Kapost Review ★ Aaron Von Frankenstein ★ 2013 is The Year of the Proxy ★ Preparing for the Google Apocalypse ★ Rank #1 in Google for Your Name (for a fee) ★ Pseudo-Random Thoughts on Search ★ Twitter, Facebook, Google Plus, or a Blog ★ The BlueGlass Conference Opportunity ★ Google Execs Take a Break from Marissa Mayer, Lend Her to Yahoo! ★ Google SEO Guidelines ★ Reasons your Post-Penguin Link Building Sucks ★ Painful Example of Google’s Capricious Do Not Care Attitude 


☆ about

John Andrews is a mobile web professional and competitive search engine optimzer (SEO). He's been quietly earning top rank for websites since 1997. About John

☆ navigation

  • John Andrews and Competitive Webmastering
  • E-mail Contact Form
  • What does Creativity have to do with SEO?
  • How to Kill Someone Else’s AdSense Account: 10 Steps
  • Invitation to Twitter Followers
  • …unrelated: another good movie “Clean” with Maggie Cheung
  • …unrelated: My Hundred Dollar Mouse
  • Competitive Thinking
  • Free SEO for NYPHP PHP Talk Members
  • Smart People
  • Disclosure Statement
  • Google Sponsored SPAM
  • Blog Post ideas
  • X-Cart SEO: How to SEO the X Cart Shopping Cart
  • the nastiest bloke in seo
  • Seattle Domainers Conference
  • Import large file into MySQL : use SOURCE command
  • Vanetine’s Day Gift Ideas: Chocolate Fragrance!
  • SEM Rush Keyword Research
  • ☆ blogroll

  • Bellingham SEO
  • Domain Name Consultant
  • Hans Cave Diving in Mexico
  • Healthcare Search Marketing
  • John Andrews
  • John Andrews SEO
  • SEMPDX Interview
  • SEO Quiz
  • SEO Trophy Phrases
  • SMX Search Marketing Expo
  • T.R.A.F.F.I.C. East 2007
  • TOR
  • ☆ categories

    Competition (39)
    Competitive Intelligence (15)
    Competitive Webmastering (547)
    Webmasters to Watch (4)
    domainers (63)
    Oprah (1)
    photography (3)
    Privacy (16)
    Public Relations (187)
    SEO (398)
    Client vs. SEO (2)
    Link Building (3)
    Search Engines vs. SEO (1)
    SEO SECRETS (11)
    SEO vs. SEO (1)
    ThreadWatch Watching (5)
    Silliness (24)
    Social Media (7)
    society (31)
    Uncategorized (23)

    ☆ archives

  • November 2014
  • September 2014
  • December 2013
  • October 2013
  • September 2013
  • August 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • November 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • November 2011
  • October 2011
  • September 2011
  • July 2011
  • May 2011
  • April 2011
  • March 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • April 2007
  • March 2007
  • February 2007
  • January 2007
  • December 2006
  • November 2006
  • October 2006
  • September 2006
  • August 2006
  • July 2006