28. April 2010 · Comments Off on Blippy’s security/privacy strategy – do they deserve to survive? · Categories: Breaches, IT Security 2.0, Malware, Phishing, Privacy, Risk Management · Tags: , ,

Earlier this week, the CEO of Blippy posted an extensive explanation of the breach they suffered and the steps he is planning to take to improve the site's security and better protect the privacy of the users. I can only hope his explanation of the breach is accurate.

As to his "Plan" going forward, it reveals a shocking, but not untypical, heretofore lax attitude toward protecting the site's users.

I like their Rules page. The intent is to inform Blippy users of "Inappropriate Content and Use of Blippy," However, if I were considering signing up for Blippy, I might consider some of them the risks of using Blippy. Here are examples: 

Impersonation: You may not impersonate others through our
services in a manner that does or is intended to mislead, confuse,
deceive, or harass others.

Serial Accounts: You may not create serial accounts or
relationships in order to evade the block tools or to otherwise disrupt
the Services.

Name Squatting:You may not engage in name-squatting (creating
accounts for the purpose of preventing others from using those account
names or for the purpose of selling those accounts). Accounts that are
inactive for more than 9 months may be removed without further notice.

Links: You may not publish or post content
that disguises the content of a link in a misleading or deceptive way.

Malware/Phishing: You may not publish or link
to malicious content intended to damage or disrupt another user.s
browser or computer or to compromise a user's privacy.

Social Network Spam: Blippy provides a
variety of ways for users to interact with one another. You may not
abuse these tools for the purpose of spamming users. Some of the
behaviors we look at when determining whether an account is spamming
include:

  • The user has followed and unfollowed people in a short time
    period, particularly by automated means.
  • A large number of people are blocking the profile.
  • The number of spam complaints filed against a profile.

And I can only hope that Blippy is taking steps to reduce the risks of these actions and worse. How long will it be before Koobface infiltrates Blippy, or there is a new botnet specifically targeting Blippy called "ypblip?"