When Apple introduced its Voice Memo feature as part of iOS, it gave iPhone users reason to rejoice. This was an easy-to-use dictation app that saved your memos on your phone as voicemail, and were backed up offline as MP3 or AAC files on iTunes.

Apple also introduced its “Shared Library” feature on iTunes a while ago. This allows users to share their iTunes library for legal listening purposes across a network. This can be great at workplaces with lots of creative types who have great music collections.

Just one small problem. Put these two features together and you have a potential security nightmare. And we don’t mean in the theoretical edge-case way. This is a very real possibility we have encountered “in the wild” more than once.

Here’s the issue. Once your library is shared across a network, so are your private voice memos. That may not be a big deal at home or if you work at a small company, but if you happen to be on a shared network like a coffeehouse or a hotel, or work with confidential data? Now you have a real problem.

Conversely, this could be a simple method for corporate espionage. Find out what hotel your competitor is staying at and log in to the WiFi. Granted, this assumes your competition uses iTunes at work (uncommon) and has sharing on (common).

Our advice: if you use the Voice Memo feature on your iPhone, turn off iTunes Library Sharing! It’s not worth the risk of others hearing—or worse, sharing— your private memos.

Wow, busy week for feds and hackers alike!

Mariposa Botnet netted and doused in formaldehyde

UPDATE: New details have emerged about the size and complexity of the Mariposa botnet. Apparently Mariposa dwarfed the attacks from Estonia and Georgia, and contained details on over 800,000 people.

Investigators in Spain shut down the Mariposa botnet, finding out the perps weren’t the sophisticated geniuses they expected.

“They’re not like these people from the Russian mafia or Eastern European mafia who like to have sports cars and good watches and good suits — the most frightening thing is they are normal people who are earning a lot of money with cybercrime,” said Cesar Lorenza, a captain with Spain’s Guardia Civil.

Blippy = TMI

For the life of me, I cannot figure out why anyone would use this service. Blippy allows you to post your purchases—in real time—to credit cards, ecommerce sites, etc., publicly and let your friends like or comment on your purchases. Seriously. Dancho Danchev’s post, Does Blippy really pose a security risk? is a must-read wake-up call for anyone using or planning to use this service. Hint: Don’t. Even Web Celebs like Leo LaPorte post rather sizable purchases on Blippy, making question whether or not he realizes what a target he is making himself into.

Botnets are ruining your inbox

Good lord. As if Mariposa wasn’t causing enough mischief, two other botnets, Grum and Rustock are accounting for nearly half of all spam, most of it Canadian pharma scams.

iPhones users targeted for scams

This scam is pretty ingenious in an evil way. According to the MarkMonitor blog,

“This recent attack also stands out because it utilizes some advanced technologies and suggests possible directions of future cybercriminal activity. First, the attack uses server-side logic that hides the phishing site unless it is accessed through the browser produced by the smartphone company. Second, the attack uses additional protective technology in the form of a fast-flux network, which hides the phishing site behind a dynamic network of ever-changing proxies. These two smart technologies demonstrate how cybercriminals continue to focus their efforts on making their attacks targeted, stealthy, and resilient.”

Choosy hackers choose PDF

According to a recent report of more than a trillion Web requests, PDFs were responsible for a staggering 80% of all exploits targeted at Adobe Reader vulnerabilities. The report (ironically itself a PDF) mentions that Flash-based attacks actually dipped from 40% to 18% in Q4 2009 while malicious PDFs rose from 56% to 80%.

More stories tomorrow. Lots going on! What do you think of Blippy? Too much info? Let us know!