Immortal

I have just been getting myself aquianted with a couple of recent web phenomenons. Fiverr isn’t exactly new, but it is still a very current trend which I definitely think deserve classifying within the realm of ‘most recent’ internet trends. In case you don’t know what Fiverr.com is, it is all about ‘what would you do for a fiver?’ Basically, it is a giant list of ‘services’ of sorts being offered for the price of $5. And of course, you can request services for $5 too, if you can’t find exactly what you are looking for.

I think I like this website and trend. Superficially it seems to offer a LOT of really useful services for very cheap. And if you can use any of those services, then they are all bargains. I have taken a few deals out already, but am still waiting for delivery of them all, so I will have to report in again on what I thought of those services. I hope to continue exploring and finding really good services through fiverr for a while to come.

The second phenomenon I have found, thanks to Fiverr, is called Twiends. Now this one I am far less sure about. In fact, I am pretty sure it highlights exactly my biggest complaint and annoyance with the overall social phenomenon scene created by Facebook and Twitter et al. That you end up with giant crowds of people – who don’t really care…

I guess I will have to explain this – How Twiends works, is basically you follow people on twitter, or like pages on facebook and in return you get ‘seeds’. These seeds then allow you to ‘pay’ other people to follow your twitter account and like your facebook page. Pretty simple, apparently completely within T&C of both organisations (since they aren’t actually being ‘bought’ or ‘sold’) but completely pointless too…? I mean, what is the point of getting people to follow you who are only following you so they can get more people to follow them… Surely the people who have blindly followed you have blindly followed many other people too? So how are your tweets and updates even going to get through the noise of all of their other follows and likes???

The analogy which comes to mind is of these social networks being like a large party, where there might be 1000 people, but everyone self-organises in to smaller social circles where they can have discussions with one another. You can’t talk to everyone, but at least the 5-10 people in your circle can hear you. But with Twiends, it feels like we are trying to turn that party in to a rave where everyone is free to talk, but it is so noisy, no one can hear anyone at all. You might accidentally hear what the raver next to you says, but it is by accident more than design.

What is the point of all of it all anyway?

I am making some good progress with SydneyToHobart.com.au. A few days ago I came up with a decent purpose for it – basically it can solve the problem I had last year when I tried to go in to the city to watch the start of the race: I had no idea where to go! So SydneyToHobart.com.au is all about helping people to figure out where to go, when to get there and how to get there to watch the start of the Sydney to Hobart Yacht Race. Simple enough, and hopefully enough people will be interested in that same problem as the Sydney to Hobart race approaches.

Monetisation is still not settled. It might just be an adsense blog, or if I can sort it out well, I will try to sort out advertising deals with local cafes and restaurants. There is also scope to affiliate with the numerous boats who offer spectating from the water for a fee.

Not a big issue at this point. First challenge is actually to get adequate information together. I’d love to be able to find a few Sydney to Hobart spectating veterans who would like to help out. But until they offer themselves up to help, I am all on my, like with all of my projects

I am very happy to report my first ever Flippa.com purchase. I am even happier to (tentatively) report it as a complete success. I will have to write another entry about my evolving Flippa strategy because this post is about my new website, a global news syndication network, KLTNews.com.

Not a bad domain name. The KLT doesn’t really stand for anything, it is just ‘cool’ (I guess???) but basically it makes a short, somewhat easy to remember domain name for a simple automated news syndication blog. And it actually looks really good. I sort of broke all of my own basic rules when purchasing this one, but it was really very cheap, and so the risk didn’t seem to be very big.

My job now will be to develop it a little bit further, bring in some more traffic and help improve its overall penetration in to the news market. With a design as well made and intuitive as it has, there is good scope for return traffic and visitor retention.

Wish me good luck with my new website!

Been doing a bit of canyoning lately, and so I have updated the guide article entries on Dalpura Canyon and Kalang Falls. I have also added entries for Boyd River Camping Area and Kanangra Boyd National Park.

In other news, I am still a bit stuck with Immortal Outdoors. Working on it still though. I will make this site, and it will be worth the wait.

I have also been doing a lot of work on Sports Arbitrage Guide lately. I have added a forum finally, and am just letting it grow of its own accord. You can see the forum here: Sports Arbitrage Guide Forum

I am also working on the website schematic plan for the Helping People website. I was able to find someone who offered to build it with me, so we might as well throw it up and see what happens.

All in all, lots of stuff happening.

And continuing on from the last post, I have continued to add guidebook articles from my Madagascar trip to TDMSKP. I have just added a rather large article for Lake Kinkony, the second largest lake in Madagascar found to the west of Mahajanga in northwestern Madagascar. If you are into bird watching, then you absolutely want to visit Lake Kinkony one day – that is of course, assuming that you have a stomach for that sort of travelling

I also added an article for the Grotte d’Anjohibe the other day too, but I was unable to visit these caves myself, so the information provided on TDMSKP is necessarily quite scant. Oh, and of course I created an entry for Riverwood Downs because I was camping there over the long weekend – I hope to get many more articles created for activities in the Barrington region because I think the area is quite spectacular.

Just a quick post to say that everything is on track and doing really well lately. I am actively working on a major development for Sports Arbitrage Guide which I really hope to have in place in the next month. Following that I will be working intently on the new embodiment of TDMSKP.com which will be huge too. So I am very busy at the moment, and hope to be making more posts in the near future as I have some actual results and announcements to make (rather than filler posts).

Watch this space!

Shane

A quick follow up on my previous article about my Gmail account being hacked.

I was trying to log in to my stumble upon account, but seemed to have the password wrong. So I submitted a “Forgot your Password” form, and received an email from stumble upon with my actual password in it. Not a password reset option, or a new randomly generated password, but my actual old password (which I thought i had already changed).

As if that alone wasn’t bad enough, when I then go and change my password they email me and tell me what the password has been changed to (in plain text of course) and state:
“Please keep this email for future reference.”

I actually messaged StumbleUpon and recommended they reconsider this method of dealing with passwords. I’m sure most people will do what they say and keep the email, and then some of them will live to regret it one day too…

I have just been put through the unfortunate experience of having my Gmail account hacked. I don’t know for sure how they got my original password, but I will discuss that bit and offer some of my lessons learned through this experience at the end of this article. First I want to warn everyone about the huge disappointment I felt at trying to resolve this issue when dealing with Google.

What is your Google Account Worth to You?

First of all, take a second to understand the impact of someone hacking into your Google account. For me, it was huge. I have 4 years of my personal life and business life in that email account – and now some arsehole has access to it all.  They know everything about me. Worse than that, numerous websites which I have created accounts at have emailed me my username and password over the years – so they have access to several of my passwords (something I didn’t think about straight away which came back to bite me on the arse, and which I am still trying to deal with). And more than that, my Gmail account is linked to all of my other Google applications. My YouTube account. My adsense account, my Adwords account, my Analytics account, my google search history, google finance account…etc. Every google account that I have, was linked to that one email address, and they are all now under the control of a criminal with bad intentions towards me.

That is serious.

The Google Account Tug Of War

So what can you do? You click on the “I forgot my password” button – but the hacker has already changed the secondary email address and SMS phone number – now they just know that you are aware of them. So you use the obvious option and select “My Account Has Been Compromised” on this page and end up at this page: “Contact Us – Accounts Help”

Hooray. A solution! A way to get your account back! You fill in the form, answering a series of questions that only the account holder could know the answer to and you get your account back…right…? Wait a minute – what about someone who has simply had access to the account long enough to collect that appropriate information from the account?

Yeah, thats right – you use this form, get your account back under your control once “someone  at Google” (almost certainly software) inspects your answers against the information in your account, and then sends a password reset link to whatever email address you chose while filling out the form – completely bypassing all of the security measures in your account. You get back into your account with your new password and while trying to deal with what damage the hacker has already done, they fill in the form again and before you know it, they have your account back under their control again.

I did this three times before I realised what was happening. I mean, the first time it happened, I was trying to figure out how this “Hacker” knew my new password so quickly. Did they have a keylogger on my computer? Were they watching my network? Ha. If only the person who hacked my account had such skill… No, it was just a retarded account recovery system that Google has in place, and NO accountability of the uselessness of it all.

The Lack of Support

Here is the real problem with this situation – remember above, just how IMPORTANT this account is to me? Well when I found my account had been compromised, all I wanted to do was pick up the phone and call someone and say “HACKER IN MY ACCOUNT, STOP THEM!!!!”. I mean seriously private information, financial information, financially contracted accounts and everything available to this criminal…I think some immediate support should be accessible. But no. You can find a phone number for your local Google office, but you get a message system designed to deal with questions relating to the Google brand, or employment options. There is an option for assistance with Google Mail etc, but when you select that, you get told that “Sorry, there is no live support available at this time, please see our online Help Centre”. A help centre, which is just a series of articles about how to keep your account secure – Not a bit of help once you are stuck in a tug of war with someone who has already compromised your account.

The only option available is the User Forums. Yeah, your whole life on the line, and you can go somewhere and kindly ask a stranger to help you – someone who is not employed by Google, has no access privileges, and essentially no power to actually do anything. But they can talk you through it…

I am not the only person to have suffered through this, as this thread on the help forums shows:

• Compromised account. Hijacker uses recovery form to reset the password

While these threads again highlights Googles complete lack of help or concern on this issues of lax security with their accounts system:

• gMail Account COMPROMISED, Hacked!
• Account compromised – can’t get my account back

And there are a heap more posts out there by people incredibly dissatisfied with the lack of support (complete lack!) offered by Google when things go bad.

Two Suggestions for Google

So first of all, my suggestions to Google (wouldn’t it be nice if someone listened…)

1. At least ALLOW a heightened security option in Google accounts.
   • Heightened Security state should require that in order for any change in information of your google account, you have to enter a received SMS code, or received secondary email code. So if someone has your password, they still need access to your mobile phone or secondary email address in order to gain COMPLETE control of your account.
   • Not everyone needs heightened security, but some people (like myself) have a LOT on the line when it comes to their google accounts, and will happily tolerate a little more security in order to keep their information safe. So make it an option in account settings.
2. Have a real person step in if an account has had 2 account recovery forms submitted for it over the course of a few days.
   • Clearly, if a single account keeps having this form submitted for it, then there is a problem. It seems obvious to me that the form is currently handled completely by software, but a human looking at IP address of the people submitting the form (compared to historical ip address of the account user), combined with a combination of other evidence (and preferably combined with a text box on the form for “More information”), then a human could sort this out very easily in most cases (or at least LOCK the account – which is a great outcome for the account owner – much better than letting a criminal have control!)
   • Again, make the number of submissions a personal option in your google account settings. This account recovery form is too powerful as it currently stands, and needs to be controlled. Yet ironically, it is also too lacking, because it is easy to change the information in the account and block out the real owner, or, sometimes the owner really has no idea how long ago they opened their various accounts etc (while a hacker would actively seek out this information upon gaining access so they know they can get back in)

I think if just step one was implemented, then everything would be fine actually. Having a help desk would be brilliant, but it would be unnecessary if there was two layers of protection. You need the password to get in. You need the mobile phone in order to change the secondary email address. You need the secondary email address in order to change the mobile phone.  You need one or the other to change the password.

Oh, and just to be clear, I mean you REQUIRE access to the secondary email account and/or phone in order to make changes – I am sick of watching all of my accounts email me and telling me “Your password has just been changed – you don’t have to do anything, we’re just letting you know”. Thanks. OK, its better than not telling me, but I think simply requiring a verification click would make that email so much more worthwhile – don’t you?

Lessons Learned

1. Use multiple passwords, divided Sensibly
   As stated above, I don’t know how the ‘hacker’ got my password to begin with, but I used this one password too widely on too many websites which I should not have. So now I have numerous different passwords, and I have absolutely unique passwords to my vital accounts. Now, if someone steals my password from a second rate insecure website, then they cannot use that same password to gain access to my vital email and financial accounts.
   I have always had multiple passwords, but they were not divided sensibly. Keep your vital accounts with unique, strong passwords!
2. Don’t let your email inbox be a password repository
   I have HUNDREDS of accounts online. Online forums, email accounts, social media, video sites, photo sites, blog sites, my own websites, my admin accesses, my ftp accounts etc. It became easy to let my email inbox be my storage method for the passwords to all of these accounts. The problem with this, is that most people do not have a unique password for every single account. So if you sing up at some random online forum with one of your standard passwords, and that forum then ‘kindly’ emails you your username and password (yes, plenty of them do it), if you do not delete that email then a hacker now has one of your standard passwords.
   So the advice here is to search your inbox for all of your own standard passwords – and DELETE them all.

I have just stumbled across a nice easy to read article on eHow about how to create multiple income streams. It is an article I have thought about writing numerous times myself, mostly because I give that advice to just about everyone I know. It shocks me that more people (particularly the ones who complain about their jobs, or about not having enough money) never display any interest in creating extra passive income streams.

The basics covered in the article are to create a blog on a topic which you are interested in. Start posting regularly on the topic of choice. While doing that, create a product on the same topic; an Ebook, Video series or something which is sellable. The article provides links to additional tools on how to create these products, and on how to set up the automation of the sales process. Once done, work to drive traffic to your blog, and raise awareness of its existence.

This isn’t exactly what I do – I don’t have my own product yet, and haven’t been trying to sell anything. I have quite a few blogs, but my small income all comes from affiliate marketting on  Sports Arbitrage Guide and SureBetBookies. I need to expand my income quite a lot, and am hoping to improve my blogs significantly over the coming months, but am still not sure if I want to make my own product. What I want to say here though, is that you do not need to have, or make, your own product in order to generate a passive income stream in this way…

An alternative to creating your own product is to simply affiliate market someone elses product, or provide simple ads. These are potentially less profitable than selling your own product for 100% of the profit, but it is also much easier – it is also not necessarily the case that it is less profitable, maybe your product sux while a reputable brand name product sells easily under its own name?. Amazon operates one of the most famous affiliate programs online – maybe selling “The Da Vinci Code” is easier than selling your own ebook…  Or if you aren’t sure anyone visiting your website is actually looking to buy anything, then Google ads are the easiest method of generating an income that I know of. You register, get code, paste code, wait for clicks. Simple, simple, simple.

Unfortunately, you need a LOT of traffic in order to get a few clicks, but that is normal for most business. If you do your job well enough setting up your own blog/website, and then do a good enough job drumming up interest in it, then you are creating a passive income – even if it is only a small amount, a passive income is worth MUCH more than an active income ever will be. If you keep working on it, and working it, then you could grow it into a substantial income in its own right.

You have to be daft to not follow this general advice. Make your own website. Start that blog. Monetise it. Drive traffic to it. Yes it is work, but it is only work once, and it pays forever.

See the original article here.