Accelerate your eCommerce ambitions with adeptCommerce Suite

SEO Egghead Consulting Group is a web development firm dedicated to creating custom, search-engine-optimized web site applications.

We specialize in eCommerce and content management web sites that not only render information beautifully to the human, but also satisfy the "third browser" - the search engine. To us, search engines are people too.

image description image description image description image description
Jun 17
image description
Author:
Jaimie Sirovich

Archived; click post to view.
Excerpt: You've done it. I've done it. We've all done it. PPC can be hazardous if it's not carefully watched. Sure, you can hire a PPC management firm and dispense the buck and responsibility to a third party. But that doesn't actually dispense with any of the liability … No. That's just an illusion. You can fire the firm, but Google won't give you your money back. They might like your money so much that they send you some Google swag — but that's about all you can expect to numb the pain. Wow,…

Tell an amigo:
  • Sphinn
  • Digg
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Facebook


Jan 19
image description
Author:
Jaimie Sirovich
Tags:

Archived; click post to view.
Excerpt: Getting hacked is a total bummer, right? Right. But you can stop it with this plugin — WordPress Firewall. It won't stop every determined hacker from zapping your blog — but it's definitely worth installing if you're maintaining more than a few blogs. After all, you simply can't upgrade every blog instantly every time a vulnerability is published for WordPress or any of the plugins you've got installed. So this plugin might buy you some much-needed time … and sanity. It investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks. Here is…

Tell an amigo:
  • Sphinn
  • Digg
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Facebook


Jan 16
image description
Author:
Jaimie Sirovich

Archived; click post to view.
Excerpt: Circuit City was a terrible brick-and-mortar store, don't get me wrong — but is it just us that noticed they had one of the best online experiences of any electronics retailer? Great categorization. Search that worked. Faceted search that also worked (mostly). Checkout with pretty context-sensitive illustrations to let you know where your CVV code is — not a #@#$ link that bounces you out! It ran circles around BestBuy's online store for a long time. I think it was still better — but now it's dead. In fact, just last week when writing requirements for an eCommerce…

Tell an amigo:
  • Sphinn
  • Digg
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Facebook


Jan 6

Archived; click post to view.
Excerpt: … for spammers, anyway. Upgrading WordPress often might just help! On the other hand, you could still wake up and find out your blog looks like this after a zero-day attack — That's probably a bad thing. But, in fact, many of us in the blogosphere have enjoyed this particular problem. And it's not quite as much fun as the blue pill. In the worst case, it's not just spam, it's badware or viruses. And then Google won't want to cohabit with you ever again. Well, you're still alive, and you're sick of getting attacked. We are, too. So, at least…

Tell an amigo:
  • Sphinn
  • Digg
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Facebook


Jan 2

Archived; click post to view.
Excerpt: You thought cheap webhosting was a bargain. Maybe … but bad webhosting isn't just a bummer — it can get you delisted, added to badware lists, etc. And it doesn't have to be your fault (directly, anyway). Use IX Web Hosting | ixwebhosting.com web hosting at your own risk. One day you might just get hacked and/or defaced. Even worse, you might be — courtesy of some Turkish hacker — installing malware on users' computers by proxy. The hackers seem to be pretty good, if a little mean. Fix it, and then it just might happen the…

Tell an amigo:
  • Sphinn
  • Digg
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Facebook


Oct 5
image description
Author:
Jaimie Sirovich

I guess I think like a hacker, because I thought of this before seeing RSnake's post about finding vulnerabilities with Google Code Search.

If you want to find lots of PHP-based web applications that are likely vulnerable to HTML injection, try this search out:

lang:php (print\(|echo)\s\$_(GET|REQUEST)

This says "Find all PHP code that calls 'print' or 'echo' to display $_GET or $_POST (likely) without escaping anything.  What a great way to find places to inject stuff!  This is useful to find XSS vulnerabilities as well.

Organizing the world's information is useful — for many things :)

Tell an amigo:
  • Sphinn
  • Digg
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Facebook


Sep 21
image description
Author:
Jaimie Sirovich

Archived; click post to view.
Excerpt: This recent article mentions that XSS and HTML injection are quickly eclipsing the traditional stack smashing and SQL tainting attacks in popularity.  But why?  I posit that the reason is simple — XSS & HTML injection vulnerabilities are frighteningly trivial to find.  I will demonstrate the relative ease of finding injection points in this article.  I wrote a script that sniffs out hundreds of such vulnerabilities rapidly and automatically, in fact. Both XSS & HTML injection vulnerabilities are the result of similar flaws in web application software.  Typically, a programmer forgets to properly escape or sanitize user-defined data presented in…

Tell an amigo:
  • Sphinn
  • Digg
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Facebook


Aug 8
image description
Author:
Jaimie Sirovich

Archived; click post to view.
Excerpt: I was playing around with the What is Hosted on that IP? tool I just published, and some of what I found is a bit scary.  I see cases where there are a few relatively legitimate sites nestled on the same IP with hundreds of spammy sites.  Needless to say, this is a liability.Suppose I am a devious SEO who does not like my competitor very much.  My competitor is also a big cheapskate.  He uses the "Beginner Hosting" package from some fly-by-night web hosting company that, like everyone else these days, oversells.  He pays $2.95 USD per month.  That's…

Tell an amigo:
  • Sphinn
  • Digg
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Facebook