How does the toilet really work? I don't know - Captain James T. Kirk
|
|
|
Shopper network Blippy fails at credit card security
IT'S BEEN a bad few days at the offices of the social shopping network Blippy, with ignorance of how its own security worked resulting in credit card numbers of some members being freely available on Google for three months.
The incident is particularly serious as the whole model behind Blippy, created by web entrepreneur Philip Kaplan, is for people to share their credit card purchases with a network of friends and strangers. It might sound strange, but people use this service to locate each other and ‘like’ what each other are buying, Facebook style.
Such a diary of ineptitude for a website with such a business model is astounding, but here goes. According to an official blog post, Blippy allowed raw transaction data to appear in HTML code for half a day, which it didn’t realise could have airline transaction numbers, which in combination with a last name could be used to check somebody into a flight.
In addition, Google had crawled and indexed a portion of Blippy's pages, observed the sensitive information hidden in the HTML and took a 'snapshot' of Blippy. Google's snapshot of the pages didn't update, which turned a half day exposure into a three month exposure.
Even worse, a search would display the sensitive credit card numbers of four people. The data has since been removed.
It's obviously not the first time that there has been a credit card data leak, but it is remarkable that a website that has a model based around people sharing their credit card data for social purposes didn't have its security completely watertight, especially since it has just received $11.2 million in funding. µ
Share this:
Share
...we're talking about 4 people. In an age where credit card companies expose or lose millions of credit card numbers, I hardly thing this is worth raking them over the coals.
Credit Card is NOT Stable, when get card, often numbers are changed locally, as use card, switch at counter clerks behest, when NOT Looking. Put chard here, do slip over there, new card & number put up. Bringing in Reload card for paynebt/activation does same. Card with Numbers & Letters turns to just numbers. both active, one going in & changing purchase amount, with Magnetic Swipe. Often Card Member Unaware of change.
Why, As reciepts accumulate, new reciepts can be switched with original, ethier as bill is sent , as NO payment is rendered till after bill sent or by hand, going into home.
41.00 can become &1.37, substaintual increase. Item 13-A can become ite 12-C++. Similar, yet, potentially half or less value, maybe even defective at manufacture.
Theres NO Limit on number of times item can be switched. Each time Card Company can keep difference or peerpetrator item. Seller keeps better item or sells again cheaper item, for Self, quick total loss, items hit trash , buyer Lost Intrest. You, Out about 1/3 money, after careful planning & pricing, Worthless or worse.
Allowing Careful narrow, WireLine, thieft, Ongoing. Even Taxes Are afffected.
drashek