Warning: Serious MSIE Security Risk Discovered – AGAIN!

If you’re using the web browser Microsoft Internet Explorer (which 7 out of 10 internet users are) then you are exposing yourself to a SERIOUS security risk – even if you’re using the most recent version!

The Guardian reports:

Users of Microsoft’s Internet Explorer have been warned of a flaw that could let hackers gain access to their computers and steal personal data, and told them to swap to a rival browser.

The flaw was spotted last week when hackers started attacking users of IE 7. The flaw, however, has also been found in earlier versions of Microsoft’s browser, IE 5 and IE 6.

The Guardian reports that so far, the security hole has only been exploited to steal computer code from rival gamers – but a security hole is a security hole and once the dam has been breached – expects other data to “leak”.

Chris over at Monty’s Mega Marketing blog warns:

The flaw in IE allows criminals to gain control of computers that have visited a website infected with malicious code designed to exploit it. While restricting web surfing to trusted sites should reduce the risk of infection, the malicious code can be injected into any website. Users do not have to click or download anything to become infected, merely visiting an infected website is sufficient.

Obsessable.com reports:

Over 10,000 websites have been compromised since the threat was discovered and security experts are recommending that Internet Explorer users switch temporarily to another browser until Microsoft addresses this security hole.

P2Pnet News reports:

Usually, in attacks of this kind, victims have to actually click on something to set a process in motion

But not this time, says Heise. All they have to do is merely open an innocuous seeming page.

“It targets a particularly dangerous hole in all versions of the Microsoft browser,” it states,  warning there’s no patch and, “a Windows PC can become infected with malicious software through the simple act of opening a web page.

What can you do?

The answer is quite simple Download and start using Firefox.

While you’re at it – dump the other Microsoft product that is constantly under hacker attack that you’re probably using to manage your email – Outlook or Outlook Express – and pick up Thunderbird.

By the way, switching your browser to Firefox is one of the daily lessons covered in the 8 Week Power Blog Launch course.  If you’re still using Internet Explorer – this recent security alert (which was also issued for the last TWO versions of MSIE by the way – that’s why there’s the little “AGAIN” in the title) should be the final nail in the coffin.

Not only does Firefox offer some incredible plug ins to make your web surfing more efficient – using Firefox is also the best way to make sure the data on your computer STAYS on your computer and doesn’t “leak” out via a hole in your browser.

What is Alexa? It’s a Website Traffic Spy Tool

One of the GREAT things about being involved in a “social networking site” such as Biznik is that people can communicate PRIVATELY with you.

I recently got a question privately there from someone who visited my blog and read my post Business Success Isn’t Determined by Your Alexa Rank. A well respected marketing expert, he wasn’t familiar with the Alexa tool and asked me to blog about it. Since I’m all about educating my clients and other readers, here we go.

What is Alexa?

Alexa is a product developed by Amazon (yes, the internet book selling giant and internet retailing pioneer). It’s a way to “spy” on the traffic of other competing websites.

increasing site trafficAlexa “ranks” websites in order based upon traffic from 1 to 24+Million. (I’ve seen TWO sites in the past 2 weeks that were in the 24 Million range.)

The last time I looked, Yahoo was #1, Google was #2 and YouTube was #4 according to Alexa.

If your Alexa ranking is above 1Million, you can congratulate yourself. You’re in the top 5% when it comes to rating traffic of the 24+ Million sites indexed by Alexa.

With that said, Alexa doesn’t get real interested in your website until your site breaks into the top 100,000. Once you break into the top 100,000, you can see your daily reach, rank and page views.

A Brief History on Alexa

The way Alexa used to collect the information it needed was via a plug in for MSIE (Microsoft Internet Explorer), Window’s internet browsing software. The plug in installed a toolbar in the user’s browser. While it offered a way for users to “spy” on the traffic of other websites, it also provided a way for Alexa to TRACK toolbar users movements on the web.

If you think about it, it makes sense that the only people who really CARE about what kind of traffic other websites are getting tend to be part of the techno-geek crowd. Very few sales training professionals CARE about the web traffic of any particular website. On the other hand, people who create websites are PASSIONATELY interested in the traffic ranking for a site. As a natural progression of events, in the early days the Alexa tool bar was used almost exclusively by web professionals or devoted web amateurs.

increasing site trafficAs the web has grown, so have the number of “non-tech” users. Many of these “non-tech” users didn’t have the Alexa toolbar installed in either MSIE or any other browser. As a result, the results of Alexa’s ranking became rather “skewed” statistically. Sites targeted towards technical users tended to do much better than websites that dealt with non-techy matters such as organic foods.

Meanwhile, new Web 2.0 businesses are popping up left and right. With the explosive growth of blogs has come advertising management services which will allow you to sign up and place ads on your blog via their network. Since ads are sold based on the number of impressions, many of these networks rely heavily upon the Alexa ranking of a website to determine traffic. (Log files can be altered, but Alexa is an unbiased third party.) Also, bloggers are popping up who aren’t blogging about the latest Tech Toy who are developing quite a following. These popular “non-tech” blogs were crying “foul” when it came to Alexa’s method of collecting data.

Recent Changes in Alexa

Back in April, Alexa responded, either to these cries or to the increased competition they were facing. (Compete.com comes quickly to mind.) Alexa changed the way it gathers data for its rankings to try to reflect what was happening in Web 2.0, where it’s not only geeks who roam the web for hours on end. ( Read more here Alexa’s New Ranking System Hurts Some and Helps Some.)

If you go to Alexa, you too can install this tool bar in your web browser. When you do, you’ll be contributing to Alexa’s data collection efforts. In other words, you can spy but you’ll also be spied upon.

blogs as money making marketing toolsThere’s actually a plugin for WordPress which will display your current Alexa ranking in your blog if you want the world to see. (Personally, I’m waiting to break into the top 100,000 to activate that one.)

If you don’t want to install the toolbar, you can always go to the Alexa.com site and type in the URL you want to check.

The most important thing to remember with Alexa is:

a) It’s an estimated traffic count

b) It’s a NUMBER and nothing more.

There are people whose blogs were ranked in the Alexa top 100K who have shut down their blogs and gone on to get real jobs because they weren’t making money from the traffic they had. On the other hand, I recently wrote about a business who is RAKING in the dough whose website is ranked in the 24 Million range.

For me, checking Alexa rankings could be called an addiction. I have a similar addiction to Diet Coke and coffee. (Caffeine FREE Diet Coke… I’m trying to be in “balance” because I drink a pot or two of coffee every morning. Screw moderation, I’m seeking “balance”.)

It’s only recently that I’ve come to recognize NEITHER my drinking habits or my Alexa checking behavior is productive. So before you install the Alexa tool bar in your browser, proceed with caution!

Google Adwords Phishing Email is TOP RATE

Today in my in box there is a phishing email which is TRULY a work of art. It’s good and thank goodness the email box this landed in is not the one associated with my Adwords account or I might have been fooled. It’s THAT good! It appears to be a plain text email which reads:

Dear Advertiser,

We were unable to process your payment.
Your ads will be suspended soon unless we can process your payment.
To prevent your ads from being suspended, please update your payment information.

Please sign into your account at http://adwords.google.com/select/login,
and update your payment information.

Thank you for advertising with Google AdWords. We look forward to
providing you with the most effective advertising available.

Best Regards,

The Google AdWords Team

This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message.

I’ve removed the link from the text above because while the link SAYS it’s going one place, it’s really going another. This is a common phishing trick.  Just because the text DISPLAYED says a link is going one place, doesn’t necessarily mean that the link is ACTUALLY going there.

Often, in lower quality phishing attempts, the actual URL is an IP address.  However, in this case the actual destination is VERY similar to the stated one.  Even if you LOOK at the coding, it’s not obvious that this is a phishing email. Everything looks legit even in the url except for this tiny little addition of a jumble of 9 characters embedded within the legitimate code.

At first glance, the displayed URL is ALMOST exactly the same as the URL where this link will take you.  In this case, close is the difference between giving your credit card information to a legitimate site and turning over your credit card information to a thief.

I didn’t follow the link, but I’m sure that it looks EXACTLY like the login page for your google account… because these crooks are smooth criminals!

As a general rule, don’t EVER click on a link inside an email… EVER!  If paypal, google or anyone else who has access to your money and/or passwords wants to get in touch with you… go to their website DIRECTLY!

Don’t EVER follow a link embedded in an email.

Go to http://www. [insert domain name here] . com and sign in there.

If the URL is long, then copy the words from your email and paste the DISPLAYED URL into your browser’s address bar.  In this case, doing that it takes you to the REAL Google site instead of the phishing site.

Domain Name Registry Scam

The bastards are on the loose again.  You know, the CREEPS  who send you a very official looking “invoice” regarding your domain name registration.   Obviously a LOT of people fill in the form because it looks so damned official.  I’m a “professional” and I have to admit, if I didn’t know better… I’d sign it as well.

It’s bad enough that you have to worry about security online… now you have to guard yourself off line as well.  It’s a form of snail mail domain name phishing.

In case you don’t know, here’s the scoop.   In the fine print it is written that by signing this form you’re authorizing the  transfer of your domain name to THEIR service.  Want to point your DNS to another hosting program.  TOO BAD!  You can’t.  Want to transfer your domain name… can’t do that either… you signed away those rights.

I’ve gotten two emails this week from clients asking about the letters they’ve received via snail mail regarding this scam.

“But I thought my domain name was registered through you?”

My reply, “It is and will be unless you fill out that form and send it in.  Then all bets are off.”

In case you can’t tell, one of my clients made that mistake a few years back.  I don’t think we ever got control of the domain name back.

It INFURIATES me when some slimy bastard tries to use FUD (fear, uncertainty, doubt) to make a buck.

Well, obviously the scam isn’t working so well anymore, so the slimy bastards have hired a call center to telemarket their service.

I got just such a call this morning.  “Hello.  I’m from Domain Name Registration Services and you will be getting a notice in the mail about changes to your domain name account.”

“Why will I be getting that?” I asked.

“Uh, because there are changes in your domain name registration account,” she replied.

“Why?” I asked again because I can be a horse’s ass sometimes.

She started stumbling so badly it was literally incoherent jibberish.  I began thinking of the dear, sweet woman who wrote to me earlier this week and thought about how different this phone call would be if she were in my place.   That visualization set me off and with that,  I let loose on that poor telemarketer.

You know you’ve reached a new low when a telemarketer hangs up on you.


  • Don’t click on links in emails regarding your domain name .  Go to  the web site where you registered your domain name and renew it.
  • If you didn’t register your domain name via snail mail, don’t respond to snail mail messages regarding your domain name.
  • Your domain name registrar will NOT be phoning you about your domain name… even if you haven’t paid the bill.

By the way, these rules apply to your CREDIT CARD, YOUR BANK and YOUR PAYPAL accounts as well!!!

It’s only classified as paranoia if they ARE NOT out to get you.

Who owns your web site?

Yet another less for the “Web Based Horror Stories” file.

Way back in 2003, Bill (not his real name) hired a company to create a web presence for his brand new business. Bill wasn’t real web savvy, so he was grateful when his developer took care of everything for him. His web developer registered the desired domain name for him, built the site and hosted it for him. All was well for a while…. then, Bill wanted to make changes to his site.  He called, he emailed, he wrote but his requests to his web developer went unreturned and unacknowledged.

As his frustration mounted, he took a class with my colleague. My colleague offers teleseminars on web marketing and during the class Bill learned about Word Press blogs. He learned that with a self-hosted Word Press blog that he could have it all. He could have an attractive web presence that was easy to update and maintain without having to contact his web developer every time he wanted to add content or change current content on his web site.

He contacted his web developer. He wanted to move his site.  He wanted to use the same domain he had been using for years to promote his business and he wanted to use key images as well.  That is when his horror story began.

Bill’s web developer replied quickly to this request.  The web developer informed Bill that he didn’t own the copyright to the site, they did. (Intellectual property must be transferred in writing and since Bill never signed a development contract with the web developer, they were right. It was still technically THEIR web site.)

More bad news, the helpful developer had registered the domain name in THEIR name. Not only did Bill not own the web site he’d paid to have developed, he didn’t own the domain name either. The four year old domain name could have provided a nice launch pad for Bill’s new blog… but he didn’t own or have rights to the domain name.

Believe me, I UNDERSTAND the temptation to just register everything in my name . It would be SO much easier not only for me, but for the client as well. However, it’s times like these when I want to point out to MY clients why I “force” them to go through the indignities of registering their own domain name.

Bill finds himself starting from scratch all over again with the whole web development process. His content… lost. His domain name… was never his.

Who owns your web site?  Who is listed as the administrative contact on YOUR domain name?  Did you sign a contract with your web developer?  Does it transfer ownership of the content of your site to you in writing?

I’ve heard it said that business savvy is acquired through experience.  Why is it that experience is most instructive when it’s most DESTRUCTIVE?