Carter Cole LinkedInCarters Twitter PageCarter Cole on Facebook Carter Coles RSS

Monday, March 29, 2010

Cooler default avatars for Blogger comments... all in one line

Ive felt bad for not posting so heres another quick fix i just added to my Blogger blogs (i know you can barely tell but it is) Heres how it goes... the comments use the default def blogger profile or def open id.

Like this:

but thats not very pretty so i wrote this small little script up real quick its fast easy to implement and only injects itself when its needed... the conditional statement makes sure it will only display when comments are showing...

i found this really cool service Retro Avatar i told it to generate with transparency so it will go with any design and works with only one line of code

to add it simply go to "Edit HTML" under "Layout" in your Blogger dashboard and add it somewhere above the </body> tag

and thats it no more ugly comments and the cool thing is they will all be unique to the username that commented because the design is generated from the users name... way cool

thats it ill be on twitter as @cartercole if you need me ill try to come up with something else for your real soon...
comment so you can test it and see your icon (but it only works if you dont have one set)

Sunday, March 28, 2010

An attack on a Flickr based photo Captcha

The other day i was minding my own business running around the internet and then i came across a blog with an awesome picture CAPTCHA... i wanted to know how it was done and took a peek at where the image was served from... Flickr!

So how would I have created this service? Tags on the images from the API... so if we can find the photo used then we can reverse the process and break the CAPTCHA...

Well lucky us theres an API that does exactly what we need... the urls for the images look like this...

first number is the picture id and the second is the secret... we pass these to the (documentation) and get back exactly what we need... the picture's info and tags associated with it...

ive wired this up so it will pull a random test from the CAPTCHA's server and boom we can not only break the system but we can bypass it... this will return the answer every time :)

so just to be clear this page is actually breaking a captcha each time it loads... its pulling the remote captcha, parsing the results and sending off requests to Flickr to pull the tags for each image detected (all in javascript)... the green borders represent the images it has detected as answers to captcha

The code that gets displayed must be viewed on the original post

I actually really liked using this captcha it went must faster than other ones but the problem is I was able to reverse the process of image selection and break the CAPTCHA... i knew this wasn't the first of the Flickr based system that I had heard of so i went out and found another one but it was protected... it proxies the image through a PHP script on the blog to hide the original Flickr url and prevent my attack from working...

This WordPress plugin has a few thousand users and i was able to bypass the test in just a couple minutes, this just further proves the idea that security is hard because you have to fix every hole in the system and the hacker only has to find one.

Monday, March 1, 2010

The external keyword data in Google Webmaster Tools

Update II

we've added even more features to enhance SERPs read about the update with things like personal search status and Insights for search integrated into Webmaster Tools and SERPs of the major 3 search engines


Well thats funny... @merrillg pointed out this is the data from the anchor text tab in the links section... makes sense its there considering it is anchor text but it shows in the keywords feed and not the keywords section which is where i got confused... I was wrong about it not being published anywhere else but this data is still pretty important... I cant believe I didn't notice that tab before... I guess I was distracted by the link data... sorry :(


The keyword data that Google Webmaster Tools shows you is only part of the data that exists for your site... its up to 200 internal keywords, this comes from your pages and you can manipulate it based on the keywords you use in your content. But thats not whole story, what about that all important anchor text? Now of course you could go look at Open Site Explorer but wouldn't it be great to see what Google sees as your anchor text? I found the other keywords, the external keyword data hiding in a little known feed in webmaster tools... now aside from this guy who sounds a little like a consparicy nut and a short mention in the feed documentation nobody is talking about this data... Unfortunately i couldn't get pass through authentication so you have to put in your password but thanks to my new extension SEO Site Tools for Google Chrome you can navigate this data all from the safety of your favorite browser :)

heres how easy it is to get the data... open the tool from the Page Terms / Tools section

put in your login and it will present you a list of sites associated with that email addresses Google Webmaster Tools... choose one and you will see something like this
it will show you up to 100 external keywords... but what is this data that is published nowhere else any why is it so valuable? well lets take a look at bit of the list from my blog...
carter cole
carter cole developer
http blog cartercole com 2009 10 awesome syntax
16.52 del icio us easily embed tweets in
this feed is from my technology blog
embedding your google profile social icons
my technology blog
http blog cartercole com 2009
some code for asp and php

you know how sometimes when you do a search and look at Google's cache and see that "These terms only appear in links pointing to this page" thats what this keyword data is... its the external keywords Google has associated with your site... when I searched for some of the unique ones like "this feed is from my technology blog"

my site was the first result... i append that text with a link back to my site at the end of my rss feed so if someone republishes my content i can get credit for creating it... so the scrapers are sending that anchor text back to my site and whats even more interesting is that some of these keywords are from links that are no-followed so it might be that those links while not passing juice are passing something possibly even more valuable... their anchor text

the tool is still super beta and has some errors so please send me feedback to the email provided in the tool with any ideas/thoughts you may have about this very interesting data feed thats hiding in the webmaster tools data feed

again you need SEO Site Tools to get to this data and aside from doing some HTTP Gets yourself i know of no other tool that shows users this data


i found some screen shots of the old tool on SearchEngineLand before it was removed