.:kenneth's:findings:.

Friendpaste is a web-based clipboard tool that can quickly shares snippets of plain text and computer code with friends or co-workers.

Friendpaste supports simple text sharing for revision, or you can lock your pastes against viewing and editing with a password. You can use formatting for dozens of different kinds of code, and it has a revision and annotation system so the friends you share your code with can leave smarter comments. One of the great code-centric features is the ability to leave a comment based on the line number of the code you are reviewing making it easier to reference comments to their appropriate place. If you have a trick or service up your sleeve for sharing your clipboard contents with friends and colleagues, sound off in the comments below.Thanks Steve!

Friendpaste

This is a list of tried and true ways to improve your web site presence.

1. If you’re launching a new site, or new content, write an introduction and submit it to social bookmarking sites like Digg, Reddit and Netscape. See 23 Top Social Bookmarking sites for more great places to submit your content.
2. Create a Yahoo Group in your niche.
3. Create a MySpace account and use it to publicize your site.
4. Bookmark your site on Del.icio.us and if you’re really keen, add a Del.icio.us button to your homepage.
5. Create a Technorati account and “claim” your blog.
6. Submit your site to free, search engine friendly directories. An excellent list can be found at Info Vilesilencer.
7. Conduct a survey. This is an excellent way to generate offline publicity.
8. Place a free ad for your company on Gumtree.
9. Syndicate your sites content by using an RSS feeds.
10. Submit your RSS feeds to aggregator sites like FeedBurner, Squidoo, Feedboy, Jordomedia, FeedBomb, FeedCat, rssmad, Feeddirectory and Feedfury.
11. Write an article related to your site and submit it to article sites.
12. Sign up to StumbleUpon and get your friends to Stumble your site.
13. Create a custom 404 page so that even if someone encounters an error on your site, they are re-directed somewhere nice.
14. Set up a 301 redirect to take traffic from your non-www address to your www address. See here for more info.
15. Add a link to your site in the signature of any forums posts.
16. Tell your friends about your site. It’s free advertising.
17. Spell cheek your stile. Nothing appears more amateur than a site with typos or spelling mistakes.
18. Test your site and make sure it appears correctly in all major browsers.
19. Buy enough hosting. No one likes a slow site.
20. Don’t worry about Page Rank.
21. Offer something for free. Free is good. People tell their friends about free stuff.
22. Tell your neighbors, you never know what contacts they might have.
23. Offer your users as many ways as possible to contact you. MSN, Skype, Yahoo etc all complement email, phone and a real address.
24. Advertise your site on Craigslist. It’s free, relevant and localized.
25. Do NOT use frames.
26. Submit your site to DMOZ.org and forget it.
27. Create an XML site map of your site and submit it to Goggle.
28. Get a custom t-shirt made with your web site url on it, and wear it often.
29. Ask a large breasted lady to wear one too.
30. Sign up with an affiliate program to sell your product, or if you’re a publisher, make some cash!
31. On your Contact Page ask people if they mind receiving your newsletter.
32. Send out a newsletter!
33. Go to a free seminar for Web site owners. You might learn something.
34. Find quality and relevant blogs and leave a comment (with a link back to your site of course).
35. Don’t pay people to submit your site to search engines. It’s a waste of money.
36. YouTube and Google Video are excellent portals on which to launch a viral campaign.
37. Giving away an ebook is an excellent way to generate traffic to your site.
38. Sponsor a Wordpress theme or a phpListDirectory template.
39. If you sell products that are advertised on television by the manufacturer, add “As Seen on TV” to your site!
40. Avoid proprietary technologies like Java and Active X.
41. Put downloadable content on your site, but make sure it’s not manufacturer specific - so mp3 rather than wma.
42. Learn about CSS. It’s the new HTML.
43. Contribute to related subject areas on Wikipedia.
44. Ask bloggers and other Web site owners to review your site and/or products.
45. Have user friendly page names - most tools comes with some way to avoid www.yourdomain.com/pgInfoPages.cfm?cx=50799399822B393B
46. If you must have a Flash homepage, make sure you have a “Skip Intro” link.
47. Tell your local rag about your site. These newspapers are desperate for stories.
48. Become a leading authority on your chosen subject.
49. Donate money to a charity and most will place a link on their site back to you.
50. Abide by the W3C standards - it will help your site in the long term.
51. Your local community sports teams offer cheap, but highly effective sponsorship opportunities.
52. Publicize your site on related forums - but don’t spam!
53. Ask bloggers to write about your site or product - in return for a link of course.
54. Offer a competition related to something in the news - so football around the time of the World Cup etc.
55. Add a “Tell a Friend” function to your site so people can easily recommend you to their mates.
56. Have a Site map on your site to allow users to navigate around quickly and to aid the search engines.
57. Have a nice keyword rich title at the top of each of your pages. Users and search engines both like descriptive titles.
58. Include a Feedburner button on your site so people can easily subscribe to your feed.
59. If you use PPC then create a landing page for each of your AdWords - it’ll boost your conversations no end.
60. Appear on Dragons Den.
61. Create a Press section on your site where can you store all your press releases, logos and banners.
62. Add a link to your site from within your eBay profile.
63. Ask your friends to give you honest feedback on your site.
64. Gain exposure by submitting photos and pictures to Flikr.
65. Share your banners on banner exchange sites.
66. Make sure it’s easy for your users to subscribe to your RSS feed.
67. Create a “lens” for your site on Squidoo
68. Ask friends, colleagues and associates to “Add to Favorites” your blog on Technorati.
69. You can add a Bulletin to your MySpace account promoting your site that all your MySpace Friends will see.
70. Respond to your customers emails promptly. No one likes to wait 3 or 4 days for an acknowledgement of their contact with you.
71. Get a professional Copywriter to give your site a once over. If you are on a tight budget, limit it to just the homepage.
72. Make a list, Top 10’s work well. Update it regularly to give your visitors a reason to return.
73. What did you learn today? Tell other people and they might learn something too.
74. Do you have really hot content on your site that geeks would love? If so Slashdot will bring you a mass of traffic.
75. Deep link directories are an excellent way to promote inner pages of your site.
76. Meta tags might carry less weight than previously, but you should still have them on every page.
77. Ask your Gran for feedback on your site. Never ignore the silver surfers.
78. Include a “Add to your Technorati favorites button” on your site.
79. Google Analytics is free and will tell you all you need to know about who’s visiting your site.
80. Search engines will find you. Don’t pay money for your site to be submitted.
81. Don’t be afraid to link to other sites, especially if they are relevant and to highly respected sites.
82. Keep It Simple Stupid: use CSS to control layout, style and colors and use HTML text rather than graphics to represent text.
83. Validate your HTML and CSS. It’ll help ensure your site displays well in all browsers.
84. Small page sizes and optimized graphics will give your site a snappy feel and won’t require users to wait around for it to load.
85. If you plan to submit your site to lots of directories or article sites, create an email especially for this. Delete it when you’re finished to avoid spam.
86. Link baiting means, to write killer content that people will want to link to. Like a 101 Tips to Improve Your Web Presence list!
87. If your chosen field is technology related then write a white paper. That’s a posh name for an article.
88. Google receives roughly 50% of all search requests, Yahoo 25% and MSN just 10%. That’s a good rule of thumb as to how much emphasis to put on each.
89. Make sure you have a robots.txt file in the root of your Web site. You can use this to control search engines, but if nothing else it’ll reduce the number of 404 errors in your Weblogs.
90. Free online games, a forum or chat rooms will give your users a reason to come back to your site.
91. Ebooks with re-seller rights make an excellent free gift for your site.
92. Upload your product feed to Froogle. It’s FREE!
93. This is an excellent list of Top 25 Social Bookmarking Sites
94. Search out unanswered questions on Yahoo! Answers and add your site as the source.
95. PageRank is vanity, ranking is sanity.
96. Yahoo are catching up with Google with an excellent set of webmaster tools called Site Explorer.
97. Don’t buy traffic. It’s un-targeted and won’t convert.
98. Pay Per Click advertising gets you fast results - and if it’s handled well can be very profitable.
99. Upload a favicon.gif file so that your users have a nice icon when they bookmark your site.
100. And that’s it!

Google significantly increased my quality of life recently. How? Let me explain.

While I am a firm believer that cloud computing should never be viewed as a replacement for the current desktop/ model, I must say that I am now a huge fan of storing my data on the internet. Not all of my data, keep in mind, but information that needs to be accessed by multiple computers, of course – but that goes without saying.

I have always had the problem of not being able to keep track of all my data. I switch computers and operating systems so often, I can’t keep track of my contacts at all. And when I update one, I have to go through and update many different databases – not the most efficient method.

So, the ultimate solution is – obviously – to consolidate all of my contacts into one database. I used to keep all of my contacts on my Samsung Blackjack cellphone. This worked well, since I could easily sync it with a computer. This caused a problem, however: I could only sync it with one system. If I was at work or on another system, I had no way to get to my friend’s email addresses.

Last month, Google Contacts started to support Exchange Syncing, which happens to work flawlessly with my Windows Mobile 6.1 install.

My life will never be the same. Thank you, Google. I am eternally grateful.

More details soon!

56K Modem Emulator

(A.K.A. Sounds Broadband Users Never Hear)

connect

[home|huh?]

For $40, anyone can purchase a cheap wireless AP and plug it into the company network. Often, employees do this simply for the sake of convenience, not realizing that it opens the company to attack. Criminals also deliberately plant wireless access points, which allow them to bypass the pesky firewall and remotely access the network later on. These days, disgruntled employees can easily hide an AP behind the file cabinet before cleaning out their desks, and then access the company network months later from the parking lot.

Many companies conduct regular “war-walking” scans to detect rogue access points (ie. using Kismet or Netstumbler), or invest in commercial Wireless Intrusion Detection Systems (WIDS). However, there are sneaky ways to bypass traditional war-walking and WIDS systems. Recently, I took Josh Wright’s excellent “Wireless Ethical Hacking” SANS class, and he touched on a number of tricks that attackers can use to foil your company’s rogue WAP detection efforts. Here are a few:

1) Channel 14

In the United States, the FCC has licensed 11 channels for 802.11b/g, which have center frequencies between 2.412 GHz to 2.462 GHz. However, most of Europe allows 13 channels (up to 2.472 GHz), and Japan allows 802.11b all the way up to channel 14, or 2.484 GHz.

Cards manufactured for the United States often don’t support channel 14, since it’s illegal to transmit on that frequency. There’s overlap between the channels, but at 2.484 GHz, channel 14 is far enough away from channel 11 that network cards are unlikely to pick up much signal on channel 11. If an attacker were to configure an AP to illegally transmit on Channel 14 and export data at 2.484 GHz, security teams monitoring US channels would probably never detect it.

2) 802.11n Green Field mode

The IEEE has been hard at work on the 802.11n (“MIMO”-based) specification, which allows much greater throughput than 802.11a/b/g (100Mbps or more). The draft 802.11n standard specifies two modes:

• “Mixed-mode,” which allows it to work with legacy 802.11a/b/g networks;
• “Green Field” or “high-throughput only” mode, which takes full advantage of the enhanced throughput but is not visible to 802.11a/b/g devices. Older devices will see GF-mode traffic only as noise.

Not visible to 802.11a/b/g devices? That means if you’re war-walking with an 802.11a/b/g card, you can’t see 802.11n devices operating in Green Field (GF) mode. The specification hasn’t even been finalized, but 802.11n devices are already available for as little as $50– easy to buy, easy to plug into your company’s network. However, most companies have not yet purchased 802.11n-compatible equipment and hence can’t detect GF-mode 802.11n rogue APs.

Josh published a vulnerability report explaining this, in which he wrote: “With the inability to decode GF mode traffic, an attacker can position a malicious rogue AP on a victim network using the GF mode preamble. This would allow an attacker to evade wireless intrusion detection systems (WIDS) based on non-HT devices. This includes all WIDS devices based on 802.11a/b/g wireless cards.”

3) Bluetooth Access Point

If you’re like me, when you think about Bluetooth you envision your tiny little headset which crackles and hisses every time you walk too far away from your phone. That’s because your Bluetooth headset is designed for a Class 2 Bluetooth network, which is fairly low-power and has a maximum range of ~10M.

However, there’s more to Bluetooth than your rinky-dink headset. Bluetooth Class 1 devices are much more powerful, with ranges similar to 802.11b wireless APs. A Bluetooth Class 1 device can transmit up to 100mW, with a typical range of ~100M (or miles, if the receiver has a directional antenna).You can buy a Class 1 Bluetooth AP for $100-200.

Can you discover Bluetooth APs while war-walking? Not if you’re just using an 802.11 card. Even if you’re using a spectrum analyzer like WiSpy, you may not notice it. Bluetooth uses Frequency Hopping Spread Spectrum, and hops 1600 times a second throughout the 2.402-2.480GHz band. Because it’s spread out across the spectrum, it can be hard to notice and easily mistaken for noise by the untrained eye. Most Wireless IDS systems and security teams simply don’t look for it (yet).

4) Wireless Knocking

This is my favorite. Remember port knocking? Instead of installing a backdoor to listen on a particular port (where it might be noticed), l33t h4×0rs installed rootkits that would wait for a particular sequence of ports to be scanned, at which point the knocker’s IP address would be granted access. “A three-knock simple TCP sequence (e.g. port 1000, 2000, 3000) would require an attacker without prior knowledge of the sequence to test every combination of three ports in the range 1-65535, and then to scan each port in between to see if anything had opened… That equates to approximately 65535⁴ packets in order to obtain and detect a single successful opening. That’s approximately 18,445,618,199,572,250,625 or 18 quintillion packets.” (Wikipedia)

With wireless knocking, a rogue AP sits on the network in monitor mode, listening for probe requests. When the rogue AP receives a packet (or sequence of packets) with the preconfigured SSID, it awakens and switches to master mode. The program “WKnock” is designed for this purpose, and it can be installed on any AP supported by the OpenWRT framework. During times when the rogue AP isn’t active, it is silent and can’t be detected using common wireless scanning tools.

Sneaky!

WOW!