BreachExchange mailing list archives
Rent-to-own PCs surreptitiously captured users' most intimate moments
From: security curmudgeon <jericho () attrition org>
Date: Sat, 29 Sep 2012 22:59:17 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://arstechnica.com/security/2012/09/rent-to-own-pcs-surreptitiously-captured-users-most-intimate-moments/ By Dan Goodin Ars Technica Sept 25, 2012 Seven rent-to-own companies and a software developer have settled federal charges that they used spyware to monitor the locations, passwords, and other intimate details of more than 420,000 customers who leased computers. The software, known as PC Rental Agent, was developed by Pennsylvania-based DesignerWare. It was licensed by more than 1,617 rent-to-own stores in the US, Canada, and Australia to report the physical location of rented PCs. A feature known as Detective Mode also allowed licensees to surreptitiously monitor the activities of computer users. Managers of rent-to-own stores could use the feature to turn on webcams so anyone in front of the machine would secretly be recorded. Managers could also use the software to log keystrokes and take screen captures. "In numerous instances, data gathered by Detective Mode has revealed private, confidential, and personal details about the computer user," officials with the Federal Trade Commission wrote in a civil complaint filed earlier this year. "For example, keystroke logs have displayed usernames and passwords for access to e-mail accounts, social media websites, and financial institutions." In some cases, webcam activations captured images of children, individuals not fully clothed, and people engaged in sexual activities, the complaint alleged. Rental agreements never disclosed the information that was collected, FTC lawyers said. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Rent-to-own PCs surreptitiously captured users' most intimate moments security curmudgeon (Oct 03)