As more information was released into the nature of the attacks by Chinese cyberwarriors against U.S. companies, the "smoking email" appears to be lax security procedures on the part of Google, but more importantly on the part of the companies that were successfully attacked (only two are known at this time).

Google quietly started forcing all access to Gmail to be rerouted over secure (SSL) connections recently...as it became apparent that Gmail accounts were compromised in order to discover users' corporate account information. As is all too often with webmail accounts, users fail to realize that the entire contents of an email viewed over webmail is easy to intercept at any point ("hop") between the webmailserver and the client. The convenience of webmail far outweighs the security concerns...until now. For the record, most corporate webmail systems, e.g. Outlook Web Access, use secure communications between the server and client for this reason.

Encrypted connections between the Gmail server and client would provide a much higher level of protecting the data in the emails, but it takes a performance toll on Gmail servers that Google probably wanted to avoid. Gmail users had the option of securing communications between them and Gmail's servers, but few took advantage of it.

Of greater concern is the actual cyber attacks, which used a vulnerability in Adobe Reader (the "zero day" vulnerability) to embed a trojan in a PDF, which when downloaded to a user's computer was activated when the PDF was scanned by Windows' Indexing Service. Apparently this vulnerability was used to compromise corporate computers, leading to the security breaches cited recently. Google admitted that at least 32 companies had been attacked...but likely the numbers are much higher.

But the tragedy here is that the vulnerability was announced 9 months ago, prompting both Microsoft and Adobe to release security patches shortly thereafter. It is likely that the companies were attacked more recently, having left these vulnerabilities unpatched, as is so often the case...pity the IT directors who will soon be posting their resumes on Linked In.

Google reported an attack tonite against accounts of known human rights activists in China, and said that in response to these attacks, it would close down it's chinese-language portal. Tellingly, Google claimed the accounts were not hacked due to any inherent weakness in it's gmail.com website, but rather the break-ins were achieved through phishing attacks that led to Gmail accounts being compromised through key-capture or other methods on the Gmail-user's computers.

Google's taking a political stance to what is likely Chinese-government censorship and manipulation is telling in and of itself, in light of the Obama Administration's recent deference to, and dissing by, the Chinese gov't in terms of trade relationships and environmental issues.

Is Google picking up the mantle of defending the free dissemination of information throughout the world via the internet? Or does this boil down to a trade dispute over access fees and censorship in the Chinese market? It remains to be seen.

Google's new search indexing algorithms, colloquially referred to as "Caffeine", are slowly being rolled out to Google's datacenters around the world. This is causing sudden shifts in SERP rank and much anxiety among SEOs. Over the past 6 months, Google had been testing the new search engine over the past 6 months, but it seems to be rolling it out in earnest since January 6.

Not Your Cup of Tea?

According Matt Cutts of Google, Caffeine is a complete rewrite of much of Google's indexing system, in an effort to make it more responsive and more accurate. It will better incorporate results from more real-time sources such as facebook and Twitter, but it will also perform more filtering of duplicative content to make the first page results more meaningful. 

Without delving too far into the semantics of Matt Cutts' blog...he did say that he "went off caffeine" for the month of December...should we read into that statement? 

Preliminary keyword tests have shown that the results can differ significantly from existing rankings, leaving SEOs scratching their heads on how to respond. But this early "Google Dance" should settle down and allow for better SEO assessments, and hopefully marginalize certain greyhad techniques that are still somewhat effective at beating the SERP algorithms.

Ouch...it's bad enough being hacked, but having it rubbed in your face on Google is never fun. One of our favorite long-time Google-sitemap-building tools, Sitemapbuilder.net, with 1st position in SERPs for "sitemap builder", apparently was hacked by Silent...and while the site has been repaired (somewhat), Google is still caching the hacked meta data and returning it in search results:

This illustrates how security and search rank go hand-in-hand...the better your SEO, the more damage can occur to your brand through a security breach.

What to do if you're hacked!

The fastest way to repair this damage would be to force an update of the sitemap using Webmaster Tools, and use the "Remove URL" request in Webmaster Tools to request the cache be updated (see below):

Google's Webmaster Tools is your friend in this case, and removal requests are read by a human, so the damage can hopefully be minimized if caught early enough.

The ever-changing Google homepage logo took a sweet turn on Halloween, starting off with the last "e" being replaced by a piece of wrapped candy. Subsequent clicks on the logo revealed the following progression, from the logo spelled out in candy, to a whole lot of candy, and finally to a tummy-ache's worth of candy.

The new armageddon film by Roland Emmerich "2012" opens tomorrow, and they've been running a Flash-based promotional game on the dedicated website WhoWillSurvive2012.com. To win the game you need to answer about 20 questions in a given time period, and your winning score will be added to a leader board. The game allowed you post your score to Facebook. Having successfully navigated the game in a respectable 1 minute and 4 seconds, I went to the leaderboard to compare my score with others. Here's the current leaderboard:

It would be pretty much impossible to post a time of less than 20 seconds, so my guess is "RSV" found a way to bypass the Flash interface and post answers using the known set of questions (it looks like there are about 50 questions in all). If anyone figured out the hack I'd love to hear about it.

Google officially announced today that it does not use the META Keywords tag at all in its search rankings. While it certainly did use this META tag earlier in the search engine wars 5-10 years ago, the tag has lost all relevance (to Google) because of rampant spamming and abuse of this tag.

The META Keywords tag was part of the "essential" hidden META data that search engines originally relied on when indexing pages. It provided a shortcut repository in which to list all the search words a webmaster felt were relevant to the webpage they appeared on. Like all META data, the keywords were embedded in the HEAD area of the webpage and were invisible to everyone except the search engines themselves.

META Keywords had significant value before search engines had the capacity to read, parse and index the entire content of every page they visited. For a time, it was believed that properly crafted keywords added to the overall relevance and ranking of a page, when they were in close agreement with the page content itself, but Google is slamming the door on that notion moving forward.

Google hastened to clarify that not all META data is "bad" or "ignored", and took pains to remind everyone that they still use the "Description" META tag in search results, when it is the best content summary of the page itself. A good META description is still very important to SEO, because when properly written and displayed in search results, it provides additional information to the user that may influence their likelihood of clicking through on a link. Without this description, you are leaving it up to the search engine to try to find the sentence that best synopsizes the page, and the results are usually poor when this happens.

So, from the horse's mouth, don't bother with the Keywords META tag, and focus your SEO skills on the Description tag instead.

Google's Matt Cutts posted a video reply recently on whether a server's physical location affects search rank...surprise...it does!

Matt pointed out that in the early days of Google (ca. 2000) the only locational reference used was the TLD (top-level domain) of a website, so if your URL ended in ".FR" then it was assumed your website was franco-centric and would be more relevant than a website ending in ".UK". 

The explosion of TLDs of late makes it harder to pinpoint relevance based on URL, so Google is also using the IP address (and parent NetBlock) of the server to identify it's location...so a server located in France will receive more weight for french queries than a server located elsewhere. How much this contributes to overall rank is debatable, but likely it's more important for local search results.

So if you have a web presence in multiple countries, it might make sense to locate servers locally to your markets...certainly it might improve the latency of queries (although again, it would depend on the ISP). There are also IPPs that offer hosting on multiple netblocks in specific territories to achieve the same effect.