WTF. You’d think after the humiliation and financial risks caused by social sharing site Blippy.com that we reported earlier this week, they would have either fixed it right, or shut the service down until they were certain everything was secure. But as reported on Blippy’s own blog, another four credit card numbers showed up in Google search results yesterday.

Possibly more disturbing is that Blippy is claiming only four individuals’ accounts showed up altogether, whereas other reputable sites like Mashable are reporting the number is closer to 200.

Hundreds of credit cards exposed.

UPDATE: Blippy responds in their blog.

As reported by Mashable today Blippy, the online “service” that allows you to see what others have purchased and share your purchases, had an embarrassing and potentially dangerous security issue today. According to Mashable:

“Tipster Trey Copeland wrote to us with a link to results for the search: site:blippy.com +”from card”. That search returns results showing detailed purchase information for transactions. Each result highlights that there was a “debit card transaction” or “card transaction,” the amount spent, the specific location (address included) and the full card number.”

Mashable included a screenshot of Google’s search results, which show a number of compromised credit card numbers exposed. Don’t bother trying that search query: you’ll get an error message from Google instead.

The social media team I run at C-E has long speculated that this would happen. We couldn’t imagine why on earth anyone would share their purchases and trust all their credit card numbers to a social site that doesn’t sell anything.

TIP: As we warned a few weeks ago, there’s no reason to join Blippy. You do not ever need to share your purchases. It makes you a target. If you are a member, take immediate action to remove your financial information.

A generous nod to Gary Olson for the story.

We’ve been exploring the issues we’re facing in social media and Dave and I have been talking about how we got here. One of the common issues we continue to see are links that claim to give access to a resource of interest, when in fact it’s a link to a piece of malicious software (malware).

Thinking back to how we got here, I recalled the first time I accessed a resource on the Web. It was with an early browser called Lynx. I went to a website and clicked on a link to a map of a building. Except, the browser couldn’t render the image file, I had to download it and open it with another program. The crude nature of this process made it very clear that the file I was accessing, picture.gif, was exactly that:  an image file.

Today, we access the same resources through increasingly confusing naming conventions. We used to tell people to pay attention to the URL they’re accessing. Today many of these addresses are encoded so that it’s impossible to discern what they are or where they’re located. When we started using Twitter, we had limited character space so we started to shorten the URLs, obfuscating them further.  This has made it very difficult to give guidance to people about safe practices in regard to URLs.

It’s still important to look at the links you’re clicking on and make an effort to determine if the destination appears to be legit.  www.gmail.ru is probably something you shouldn’t trust.

I’m not sure anyone is working on a solution for this and it’s probably going to get worse before it gets better. In the mean time, pay attention to the things you CAN recognize:

• Microsoft’s page on recognizing malicious URLs
• My favorite:  Carnegie Mellon has comic strips and a game to teach how to recognize phishing links

Do you have thoughts about how to improve the issue with URLs?  Do you know of anyone who’s working on this?

Another click-jacking scam has surfaced on Facebook. Click-jacking scams like this are getting more clever and harder to detect each week. Unlike the previous farmville cash scam, this one is bold enough to use the copyrighted name and graphics. This makes it all the more insidious as thousands of FarmVille players will unknowingly click on this, assuming it to be legitimate.

Here’s the attribute to watch out for:

1. Despite the proper spelling and artwork this time, the scammers still gave a huge clue: FarmVille has a capital ‘F’ and ‘V’. Their version is all lowercase.
2. No logo on the “Allow Access” screen
3. Hundreds of negative reviews, but only two fans.
4. The “Allow Access” screen says that farmville is for “Sending buildings to friends.” Since when?

TIP: Always check the link and reviews of any app before adding it. If an app has thousands of players, but only a few fans, or hundreds of negative reviews, it’s a scam. It did not come from your friend. Your friend’s account was either unknowingly compromised, or they were tricked by it as well.

A large number of WordPress users are noticing that they cannot log into their blogs this weekend. Or if they can log in, their site has an iframe that points to a malware site (networkads.net/grep). Original posts on the story pointed it at blogs hosted by Network Solutions. NetSol, however, claims it is not just them—that other hosts are being infected as well. They mention a “rogue plugin” however they will not say which one it is, and so far, the only complaints have been from NetSol blogs. Another early “fact” claimed by many was that this attack was only hitting 2.92 users, but comments indicate other versions have been hit as well.

Sucuri Security has a fantastic write-up of the attack, details and the fix, which will likely scare those unfamiliar with PHPMyAdmin. According to Sucuri:

“What is interesting about this attack is that it does not create or modify any files, so the average security advice does not apply here. The only thing is does is to modify your “siteurl” inside the “wp-option” table to point to http://networkads.net/grep/, breaking the site layout completely.”

If you find yourself infected, and are confused by the directions, do yourself a favor: ask a geeky friend to do this for you. It’s not beginner stuff.

TIP: One thing you can do immediately without accessing your wp-options table is turning off, then simply removing your xmlrpc.php file from your WordPress install. It’s always at the top level (root) of your WordPress install.

Has your blog been hit by this attack? How did you fix it?