Thursday, February 26, 2009

Too Much Online Advertising

Sometimes, websites go a little too far with their online ads - to the point that you can't find the content you're looking for; or even sort the content from the ads.

A couple months ago, my wife and I visited my family, back on Long Island, for the Holidays. We had dinner at the Maine Maid Inn, in Jericho, NY, which was built in 1789. This afternoon, my mother and sister contacted me to tell me they had heard that the restaurant had closed down. But, they couldn't find any information about it.

My first stop was the leading Long Island newspaper, Newsday. I ran a search for the Maine Maid Inn and I was surprised that I couldn't find anything about it. So, I turned to the best place to get real time information, online: Twitter.

Here is what I found (click image to enlarge):
Hey, wait, there was an article published online by Newsday. Why didn't I find it? Well, I did, but didn't know it.

Can you find the article here? (click image to enlarge)
I'm sure, now that you know the search results I was looking for are really on that web page, you can see the article at the very bottom of the page. Unfortunately, for me, it wasn't very obvious. Should the Favorite Inns Guide, The Match, and the latest Newsday corrections really be the Top Results? Of course not.

Obviously, well placed ads are the key to getting results - unless you simply intend to bombard your viewers with as many ads as possible. There are more than half a dozen ads on that Newsday web page - I'm sure six, well placed ads, could be more than ten times as effective.

Twitter Search
If you search for most anything on Twitter you'll find what people are saying about it right now - and what they ever said about it. Next time you're watching a significant event, live, on T.V., do some searches on Twitter - you'll be amazed.

Update 3.1.2009
I just read this article about Newsday - they will probably end free access to current news articles on their web site. I just don't think they get it.


Tuesday, February 24, 2009

Security Hole Found, Fixed, and Deployed

Just before 10 am PST, today, a security hole was discovered, by chance, in Adjix2Twitter by Sam Nguyen which allowed him to post this tweet to Guy Kawasaki's Twitter timeline. I'd never heard of Sam or his company before today - he is the CTO at InsideWork which "infuses business innovation with biblical insight".

Since Twitter is about as real-time as it gets, the following happened within an hour of the problem being discovered by Sam:

1. I saw the tweet as soon as it was sent and I immediately reviewed the logs to discover that Guy hadn't posted it from his own Adjix account.

2. NEENZ, who is Alltop's Chief Evangelist, DM'd me about the tweet and called Guy.

3. A number of Guy's followers @'d him regarding the tweet - and many also RT'd it, seemingly "in the blind".

4. Twenty minutes after Sam discovered the problem he sent an e-mail to me outlining what he had done and I called him to get the details.

5. Guy, who was in a meeting when this happened, called me after the meeting to find out what was going on and what he needed to do.

6. Guy disavowed the tweet and proclaimed his love for Adjix.

Security Hole Details
While no one likes bugs, the one that Sam found was reproducible which makes it easier to fix.

To reproduce the problem, someone only needed to attempt to "reshrink" an Adjix link using Adjix2Twitter. Adjix2Twitter prevents an Adjix link from being "reshrunk" again and simply returns the original link. The problem was that the Twitter credentials associated with the original link were being used to post to Twitter. No Twitter user info and no Adjix user info was compromised or exposed. Exploiting this security hole only made it possible to post to someone else's Twitter account and it happened exactly once.

To fix this problem, our servers now ensure that the Linker's credentials of the user who clicked on the Adjix2Twitter bookmarklet are used and not the credentials associated with the link.

The Adjix2Twitter fix went live at 12:15 pm, about two hours after Sam first discovered the problem. All is well.


Mysterious Clicks

Last Friday I was talking on the phone to an old buddy, Andy, from high school. I wanted to show him a web page on the Adjix website so I created an Adjix link (redirect) to it and gave it to him over the phone. He manually typed the link into his web browser without any problems.

After we got off the phone I checked my Adjix link stats and noticed that there were two clicks on the newly created link. One link click was registered about 40 seconds after it was created which was obviously Andy typing it into his web browser. But, about 15 minutes later, while we were still on the phone, there was a second click from this IP address:

Who is
This IP address is registered to Japan Network Information Center. This strikes me as a little odd since I live in San Diego and Andy lives in L.A. The only other useful thing I can tell you about this link click is that its user agent was Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1).

How did someone or, more likely, some bot, find out about my link within 20 minutes of it being created? I don't know. My best guess is that maybe Andy has some spyware on his Windows computer.

I'd love to hear you thoughts on this. Tweet them to me @Adjix or via e-mail: