2009

Twitter Exploit Still Works

by James Slater

Yesterday I posted an article about a serious vulnerability I found in Twitter. As it was a bit on the geeky side, it may well have gone over a few people’s heads, so I thought I’d try to explain it in a bit more detail. Incidentally I don’t think Twitter really got it either, as we’ll see in a moment.

Twitter Exploit Video

Why should I care? With a few minutes work, someone with a bit of technical expertise could make a Twitter ‘application’ and start sending tweets with it. Using the simple instructions below, it can be arranged so that if another Twitter user so much as sees one of these tweets – and they are logged in to Twitter – their account could be taken over. Imagine that for a moment. Simply by seeing one of these tweets, code can be run inside your browser impersonating you and doing anything that your browser can do. Perhaps it may simply redirect you to a pornographic website? Or maybe delete all of your tweets? Send a message to all of your friends? Maybe it would delete all of your followers, or worse still, just send the details needed to log in to your account off to another website for someone to use at their leisure. All of that, just from seeing one of these tweets. If I tweet something, all of my followers will see it instantly. Do you trust everyone you’re following? I could mention a few of the trending topics of the moment, and there’s a good chance that someone will see one of my tweets that way. Maybe I could just drop your name into my tweet and see if you look at it to see why I’ve mentioned your name?

Read It All

Massive Twitter Cross-Site Scripting Vulnerability

by James Slater

[NOTE: As if the attention-grabbing title ruining the surprise for you wasn't bad enough, I've got some more bad news. We let Twitter (via Kevin Rose) know about this before it went live but we think  somebody saw the Test ! . ] So as I’m sure everyone heard about

Read It All

Link Building Techniques & Tips

by Paul Carpenter

Ever since I arrived here at Bronco (Britain’s brightest search engine marketing company – sign up today!)  it’s been bugging the hell out of me that a post (now deleted) on Dave’s blog  ranks for ‘link building’. Not that it’s atrocious or anything, but it’s titled as “top 20 tips”

Read It All

SEO Explained in a Picture

by Paul Carpenter

Because everyone loves a diagram, right? Should be self-explanatory, but here’s the gen: if you don’t invest in content, you won’t get links. If you don’t get links you won’t get traffic – either through rankings or referrals. And if you don’t have traffic you don’t have any money to

Read It All

Google will remove toolbar Pagerank

by David Naylor

For quite a while now in the Bronco office we’ve been saying “how much longer before Google TBPR stops showing?”, well Google finally started the process IMO when they removed Pagerank from Webmastertools Susan Moskwa (Google Employee) said : We’ve been telling people for a long time that they shouldn’t

Read It All

rel=canonical tag and Affiliate links

by David Naylor

So here is my issue, I have a big web site with lots of pages indexed and we run an aggressive affiliate program in fact it was the affiliate program causing dupe content issues. We can’t redirect the ?afid=123  so we decided to test out the rel canonical. http://www.mysite.com/landingpage But,

Read It All

The Content Pyramid

by Paul Carpenter

I was thinking about the different types of content the other day and how you to organise your approach to it – in terms of both building content and acquiring links from that content. And now, I present to you the result of my deliberations: The Content Pyramid. The Originators

Read It All
Get in Touch

Things are better when they’re made simpler. That’s why the David Naylor blog is now just that; a blog. No sales pages, no contact form - just interesting* info about SEO.

If you’d like to find out more about the Digital Marketing services we do provide then head over to Bronco (our main company website) to get in touch.

Get in Touch Today * Interestingness not guaranteed
Part of the Bronco family