Okay, bloggers, we have an assignment for you today. We want you to be safe when you visit our blog and we know you want the same for your visitors. But we've been encountering blogs with a security problem the owners don't realize they have. So please read this and check your own blog before you forget.
The reason we are blogging about this today is because in recent weeks we have come across a few blogs with a pop under when we try to leave a comment. We always let the blogger know but we can't help them locate the source, other than tell them they have downloaded a widget with 3rd party code. We've blogged about that before. Before installing any widget, check the HTML. We're not experts, so the only thing we know to look for is a 2nd url inserted in the code. You know, it would start with http:// or www. You don't want any widget that is covertly giving a 3rd party permission to access your blog! And only get widgets from trusted sources. All fun widgets are not fun. They can bring along spyware or a virus.
And there's more. The recent pop unders we've been seeing are game related. They will display a game you have never heard of or downloaded, perhaps Gamevance. Now if you are a Facebook user, please pay attention! A pop under we've seen popping up quite a bit recently is FACEBOOK related. When you click to comment on a blog post, a Pet Society or Restaurant or ...... pop under will open wanting you to sign in to your Facebook account so they can have access to your FB information and friends list. We don't know whether they can access your username and password, but if you sign in using that page, you will have given them permission to post streams to your wall and contact your friends. Hopefully you won't fall for this, but .....
If you are already signed in to Facebook when you click to comment on an infected blog, they are in your Facebook account and set up as "your" application before you can blink. We saw this happen one day when we didn't realize Jan was signed in to her FB account when we stopped at a blog with this problem. But because we have been keeping an eye on our taskbar, we immediately saw the extra window opening and went right to FB and deleted the application!
As soon as we originally noticed the extra window opening in the task bar, we notified the blog owner and another blogger got right on it. But it took two or three very frustrating weeks to wade through all the code on the blog and finally locate the guilty widget. Since we're techno limited, our job was to check on it occasionally and just that momentary lapse of memory could have really cost us!
We strongly suggest if you are on FB that you go to your applications page and check to make certain that every single approved application listed there is one that you added. If you don't recognize it, delete it! You can always reinstall it if you find it was one you wanted. Because these pop unders are appearing on more blogs and many of you are unaware of them, you need to be alert and check your own blog and FB accounts periodically.
If you notice a pop up or pop under on anyone's blog, please let the blogger know in an email message. If you can't find an email address, leave a polite comment. But let them know! And if someone says they got one on your blog, check your sidebar widgets. These are security risks, not mere annoyances, so they need to be taken care of right away.
We're going to close with (we can hear the collective sigh of relief over this long post) one widget we are aware of that has been causing this problem. It's an international spinning globe counter widget.
We hope you won't be throwing rotten tomatoes or even snowballs at us, but since we found another blog with this problem today, we decided we need to speak out and warn new bloggers who aren't yet familiar with the potential problems with widgets and remind seasoned bloggers who might have momentarily forgotten this can happen to any of us.
Should you ever find anything strange on our blog, please let us know.
To check your own blog:
We don't know what browser you are using, but if you are using Firefox, go into Tools, Options, Privacy -- under Privacy click on "show cookies." Click on Remove All Cookies." That's right, clear them all out. (You'll have to sign in to your blog again after this, but trust us, this is important!)
Now open a new tab or window and GO TO YOUR OWN BLOG. Pick your last post or another one if you prefer. Click on "Post a Comment." Look down in your taskbar. Do you see an extra window opening -- one called a pop under because it opens behind your window so you don't generally notice it until you close or minimize your browser. And by then you won't have a clue where you picked it up.
If you are using IE, go to Tools, Internet Options, and under Browsing History, click Delete. This will clear your IE cache of everything including cookies. Then GO TO YOUR OWN BLOG and click on Post a Comment to check for any pop under.
Minimize your browser window and double check to be sure there's no pop under hiding back there.
Be safe! We love you.
PS -- We're sorry we're not getting to visit much lately. Jan is hogging the computer again and since it's to help us Funny Farmers, we have to support her efforts and not complain. We are doing our best to keep up even if we're not commenting.