funsec mailing list archives
Re: Sears.com: Join the Community Get Spyware
From: scott <redhowlingwolves () bellsouth net>
Date: Fri, 21 Dec 2007 01:15:35 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is what I get using a text-based browser: http://community.ca.com/blogs/securityadvisor/archive/2007/12/20/javascript:his And with FF,XSS warning. I really like the javascript::history part. Paul Ferguson wrote:
Via The CA Security Advisor Research Blog.
[snip]
While Christmas shopping online this season, be careful what you
are signing up for.
Visiting Sears.com (and Kmart.com) a few weeks ago, I was offered a
chance to join My SHC Community, for free, but what I received
was, from a privacy perspective, very costly. Sears.com is
distributing spyware that tracks all your Internet usage -
including banking logins, email, and all other forms of Internet
usage - all in the name of "community participation." Every website
visitor that joins the Sears community installs software that acts
as a proxy to every web transaction made on the compromised
computer.
In other words, if you have installed Sears software ("the proxy")
on your system, all data transmitted to and from your system will
be intercepted. This extreme level of user tracking is done with
little and inconspicuous notice about the true nature of the
software.
[snip]
Much more here:
http://community.ca.com/blogs/securityadvisor/archive/2007/12/20/sears-com-
join-the-community-get-spyware.aspx
- ferg
- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. - -- <b>redhowlingwolves</b> <br>Web:<a href=http://www.hacking-passion.com/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHa1oExajqy/aNaRsRAiUrAKC1+fwdH4O1kCWHaKATB9KSOpvr1gCgsric tmDRA52qRy6EDZB5T69tyHM= =PvXt -----END PGP SIGNATURE----- _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Sears.com: Join the Community Get Spyware Paul Ferguson (Dec 20)
- Re: Sears.com: Join the Community Get Spyware scott (Dec 20)