Collating and ranking startups according to their sectors and challenges.

Security leak affects thousands of companies who use clickbank and other payment services

Recently a security leak has been published in full detail which effects thousands of companies who use services like Clickbank to take their payments but who fail to incorperate any real security on their sites, instead relying upon obsecurity for security. As a result many of these companies are now finding that anyone can download their premium content with a simple search of Google.

The security leak affects thousands of these ebook sellers who often work with affiliates (or are affiliates) promoting everything from guides on how to make money online to guides on how to get laid (and everything in between).

There are over 12 thousand sites who use Clickbank payment affiliate system, of which many will be caught with their trousers down on this one. Ironically the site which exposes the 'secret' security flaw is also in a similar business by way of actually firstly exposing the security flaw then cheekily offering to sell those affected a solution by way of a security guide which includes copy and paste scripts which they can use on their sites to ensure that no one can gain access to their premium content without paying for it (for 29 dollars)!

There is a video on the site which explains in full detail how the security flaw works and how anyone can check to see if there is premium content just waiting to be read without paying for it. It basically consists of using the site: command on Google and is a pretty sneeky way to find the premium content which would normally cost 30 bucks or something for some ebook. This sort of makes all these ebooks a try 'before you buy' offer now...

Yahoo confirms it will be shutting down many SEO tools with the closure of their open site explorer developer API.

Yahoo updated their site explorer FAQ on the 18th August (Full document Here) and tucked away at the bottom they state:

7. I am using the Site Explorer Webservices API. How am I impacted?
As part of the transition to Bing content systems, we will be shutting down the Webservices API by the end of 2010.

This API is used by many SEO tools to provide back link data of any website.

This API has been widely adopted by the SEO developer community because of the quality of the data it delivers, which is organized excellently by relevancy and quality. Also being this was a free API obviously helped see its adoption spread far and wide.

This bad news comes at the end of much speculation by the SEO community as to the future of this API. Ever since Yahoo announced the alliance with Microsoft many foresaw the end of the site explorer API. It is also generally accepted that MS has no interest in supporting developers who make tools geared towards SEO just like Google who actively go out of their way to block all use of their data for such activity.

What does this mean? It means that SEO tool developers (like me) will need to find alternative sources of indexing data. SeoMoz linkscape now called 'site intelligence service' found Here is a welcome alternative, unfortunately though the Seomoz data is not yet as fresh nor as relevant as the Yahoo data.

This means that unless Seomoz can rapidly improve the quality of their indexing to reflect accurately the current state of the web (i.e where links are pointing and if they are still live) and organize these results so that the most relevant quality links are correctly ordered at top, then SEO tool developers and the SEO people who use this data will suffer. This is a mammoth task and it will be a tall order for a smaller company to achieve this goal. Indexing is one of the hardest parts of search to do right, Google are exceptional at indexing with Yahoo struggling to keep up.

Great news for Seomoz? Not Just Yet! Yahoo Boss Site Explorer Lives On.

Yahoo announced on the 17th of August (full article) that Yahoo Boss will live on, however this will no longer be a free service! They state:

"Search remains critical to Yahoo! and we’re happy to announce that we will continue to offer the BOSS program (Build your Own Search Service). In the not too distant future, BOSS will provide web and image search results from Microsoft along with other search-related services and content from Yahoo!, such as news. In the next 30 days, we will announce the specific details about how BOSS will evolve. We are exploring a potential fee-based structure as well as ad-revenue models that will enable BOSS developers to monetize their offerings. When we roll out these changes, BOSS will no longer be a free service to developers."

We will know in the next 30 days (or so) how Yahoo Boss will change and what will be the resulting feature set, but the only thing the SEO community will be caring about right now is will the BOSS Site Explorer service remain and what will be the cost of using this API?

I predict that all of the FREE SEO tools will soon be effectively provide much lower value results, since they will be forced to rely on older less reliable index data from other sources, and many will just die!

The only hope for the long term is that Yahoo continue to support Boss Site Explorer and charge a reasonable sum for its usage! The value of this data to the SEO community is simply imperative to their survival and for many the costs will be swallowed without any question making this a lucrative residual income for Yahoo but there is always more politics at play in such large organizations and it is still uncertain how this will play out.

I am currently making the changes for all my unique SEO tools to use Yahoo Boss Site Explorer and we will see what happens in the next 30 days. One thing for sure is that according to the price structure they introduce there may well be changes in pricing for the SEO tools which I provide Here:



Online Marketer rakes £25k Profit In Under 3 Months Selling Info Videos - (Im So Jealous I'm Giving Up Developing Apps)

I don't have any successes to talk about from my own projects so this online marketers success has not only spiked my interest but is challenging my core beliefs. What's pretty amazing/annoying in this case is that the work involved to achieve his success has been of such low magnitude that it really makes me wonder (and consider very seriously) what on earth I have been doing wasting in some cases years on applications and projects which have never made a dime.

The type of projects which I enjoy working on are difficult technical challenges, I enjoy solving problems elegantly and what gives me some satisfaction is when I can deliver something comparable to over-funded VC backed companies who I often see wasting thousands to achieve the most simple goals.

That's what really gets me fired up is doing something hard on the cheap, but for me the projects and problems I tend to tackle are rarely financial successes. This has been for a number of quantifiable reasons ranging most notably from being out gunned by other well backed companies, to making projects which have scared potential investors due to the possibility of legal ramifications.

Yet I have always poopooed the so-called simple methods of making money, but now I am seriously considering abandoning or at least reevaluating all the prejudices I have picked up from somewhere? which have lead me to avoid even considering such techniques.

Behind my thinking and to get into why I'm considering doing a personal audit of all that which I hold dear, I will take you through my thought process which has recently been rocked to its core by a number of events:

1) watching the fantastic interviews on Mixergy. You know sort of thing "22 Year Old Makes 1 Million In 6 Months" - scratching beneath the surface shows that the most profitable ideas are often based on the most simple concepts and technology.

2) reading HackerNews and seeing the huge number of intelligent and accomplished people announcing their projects on HN and behind these startups I often see every possible advantage (backing, contacts, shit hot developers, partners, finance, solid educations in CS, etc.) yet which more often than not struggle to gain any traction and profits.

That's not to say there are no large successes on HN but they generally differer widely in contrast to the types of companies which Mixergy typically covers and this is why I'm challenging my own thought process.

The straw that broke the camels back

An online marketer in the company reputation business (I used the the service a few months ago for a friend who had similar troubles) announces a roaring success which I calculate to have netted him a cool £25k in the last 3 months by selling a simple solution via a video about removing fake reviews a common but dreadful problem facing many companies online.

New PCI Compliance Regulations For Online Merchants Fail To Secure Card Data!

The latest security regulations put forward by the PCI Security Standards Council fail to prevent even the most basic vulnerabilities online. What's particularly disturbing is that the new regulations which are said to be mandatory as of April 2010 are costing small companies thousands of dollars to comply, yet even after PCI compliance has been achieved, online companies could still be putting their customers card data at risk!

This stems from a simple feature of most browsers, where the use can simply press the down key in any form and it will reveal previous entries entered into that form. Try many of the online forms where you enter your login details, addressees, names etc. including sensitive card data. According to this article the security flaw is not covered by the extensive PCI regulations which have been developed to give people a sense of confidence that they can trust online companies, yet if personal details are not protected by even the most basic exploits, are the PCI Security Standards really doing the job intended?

This seems to be such a simple but fundamental flaw of the new PCI standards and a quick fix would go a long way to improving online trust if this potential exploit was included in the compliance regulations.

Is The New Flash 'Payer' Widget / Application From Karsa Going to Save Online Video?

Online video is having a bad time with some of the largest media companies pulling out of streaming video, namely Stage6, 'voluntary' shutting down (after loosing 12 million USD in 12 months), Google Video halting uploading and some pretty major implosions such as Veoh burning through 70 Million USD and filling for bankruptcy, to name just a few.

The problem being that the video vertical is a very difficult one to make money from, given the CPM from advertising is almost worthless and bandwidth costs are so high.

Flash PayerEnter The New Flash 'Payer' Application:

The traditional approach which attempted to solve the 'free dilemma' has been to put premium content behind pay walls, this has resulted in piss poor results for all who have experimented as openly published by this New York Newspaper.

The reason for such miserable failures being simply that people don't miss what they never had and usually only pay for something once they are hooked on it (crack for example). This is where the 'Flash Payer' comes into the picture solving the most difficult problem, that of getting users hooked. The widget and application works by allowing viewers a limited amount of free daily viewing time (decided by the publisher), then once their free bandwidth has been used viewers are paused. At this point the system opens a new page where they can choose a payment option, 1 day, 7 days, 90 days, or 365 days. Viewers pay the price indicated (decided again by publishers) and then the viewers can go back and continue watching where they left off.




In my own trials with the Flash Payer on my popular documentary video porthole Doc-Film-Net sales increased by more than 90% over the pay per view (premium pay-wall model previously implemented). This is a site which has had many near death experiences and is now off death watch and is now being placed into the party ward with all the living, breathing and thriving with the help of the Karsa Flash Payer widget and application.

What this application does is take care of all the technical hurdles, building the Flash widget, the management system and taking the payments, making it possible for video publishers to profit from their content without having to set up their own complicated processing systems and who can now start profiting with no technical knowledge or investments and immediately implement this system on their own sites and start profiting with no costs or technical hurdles to overcome.

The other players in this space include the JW player by Longtailvideo who offer a flash player which can be used freely for GPL use and a licensed version is available for commercial use. Also there is the FlowPlayer who also offer a similar concept as JW player. Both of these latter players rely upon advertising as the source for generating income for video publishers.

How My Online Video Site Went From Being On Death Row To Financial Successful.

We are in a strange era with some of the largest media companies pulling out of streaming video, namely Stage6, 'voluntary' shutting down (after loosing 12 million USD in 12 months), Google Video halting uploading and some pretty major implosions such as Veoh burning through 70 Million USD and filling for bankruptcy, to name just a few.

The obvious problem here is that the video terrain is a very difficult one to make money from, given the CPM from advertising in this vertical is so low (almost worthless) and bandwidth costs are simply so high.

I have personally had plenty of my own struggles in this sector with Doc-Film-Net (a documentary film streaming porthole for controversial documentaries) which has been put on death watch numerous times as one CDN after another pulled the rug from underneath it (having offered free bandwidth then relinquished). Ultimately in order to survive it had to pay its own way and hence I was forced to explore every possible payment method to pay Highwinds the new CDN.

In my trials I experimented for a long time with pay per view, which was extremely disappointing since I found when the content is behind a pay wall, viewers simply did not miss what they had never seen and would not pay even small fees. In this model there was no pain being alleviated, as this New York Newspaper discovered too!

This got me to thinking long and hard and inspired this post on my own blog: Painful Ways To Make Money Out Of Free which led me to experiment with a Megavideo style payment system, in this system viewers are allowed limited free daily viewing time (60 minutes) and are then cut off and required to pay for unrestricted access.

I then developed a similar concept for Doc-Film-Net where users where allowed limited daily viewing access but had to pay for more than 60 minutes and the results were extremely encouraging, so much so that sales increased over those pay-per-view trials by about 90%. The reason being simply that people didn't miss what they never had and only usually pay for something once they are hooked on it (crack). Needless to say with the new limited viewing system in place Doc-Film-Net is now no longer on life support and is accruing healthy profits!

Flash PayerEnter The New Flash 'Payer' Application:

This has led to the development of a third party plugin & application for all video providers with the same dilemma where they can offer this feature on their own sites, it has more features and is fully customizable. It's called the 'Flash Payer' and is now being provided by Karsa.co.uk. Video content providers can now use this widget and application to charge for their content in the same way, setting their own price points and limits.