Apple Voice Memos App

Apple also introduced its “Shared Library” feature on iTunes a while ago. This allows users to share their iTunes library for legal listening purposes across a network. This can be great at workplaces with lots of creative types who have great music collections.

Just one small problem. Put these two features together and you have a potential security nightmare. And we don’t mean in the theoretical edge-case way. This is a very real possibility we have encountered “in the wild” more than once.

Here’s the issue. Once your library is shared across a network, so are your private voice memos. That may not be a big deal at home or if you work at a small company, but if you happen to be on a shared network like a coffeehouse or a hotel, or work with confidential data? Now you have a real problem.

Conversely, this could be a simple method for corporate espionage. Find out what hotel your competitor is staying at and log in to the WiFi. Granted, this assumes your competition uses iTunes at work (uncommon) and has sharing on (common).

Our advice: if you use the Voice Memo feature on your iPhone, turn off iTunes Library Sharing! It’s not worth the risk of others hearing—or worse, sharing— your private memos.

No related posts.

WTF. You’d think after the humiliation and financial risks caused by social sharing site Blippy.com that we reported earlier this week, they would have either fixed it right, or shut the service down until they were certain everything was secure. But as reported on Blippy’s own blog, another four credit card numbers showed up in Google search results yesterday.

Possibly more disturbing is that Blippy is claiming only four individuals’ accounts showed up altogether, whereas other reputable sites like Mashable are reporting the number is closer to 200.

No related posts.

Hundreds of credit cards exposed.

UPDATE: Blippy responds in their blog.

As reported by Mashable today Blippy, the online “service” that allows you to see what others have purchased and share your purchases, had an embarrassing and potentially dangerous security issue today. According to Mashable:

“Tipster Trey Copeland wrote to us with a link to results for the search: site:blippy.com +”from card”. That search returns results showing detailed purchase information for transactions. Each result highlights that there was a “debit card transaction” or “card transaction,” the amount spent, the specific location (address included) and the full card number.”

Mashable included a screenshot of Google’s search results, which show a number of compromised credit card numbers exposed. Don’t bother trying that search query: you’ll get an error message from Google instead.

The social media team I run at C-E has long speculated that this would happen. We couldn’t imagine why on earth anyone would share their purchases and trust all their credit card numbers to a social site that doesn’t sell anything.

TIP: As we warned a few weeks ago, there’s no reason to join Blippy. You do not ever need to share your purchases. It makes you a target. If you are a member, take immediate action to remove your financial information.

A generous nod to Gary Olson for the story.

No related posts.