Rent-to-own PCs surreptitiously captured users' most intimate moments

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://arstechnica.com/security/2012/09/rent-to-own-pcs-surreptitiously-captured-users-most-intimate-moments/

By Dan Goodin
Ars Technica
Sept 25, 2012

Seven rent-to-own companies and a software developer have settled federal 
charges that they used spyware to monitor the locations, passwords, and 
other intimate details of more than 420,000 customers who leased 
computers.

The software, known as PC Rental Agent, was developed by 
Pennsylvania-based DesignerWare. It was licensed by more than 1,617 
rent-to-own stores in the US, Canada, and Australia to report the physical 
location of rented PCs. A feature known as Detective Mode also allowed 
licensees to surreptitiously monitor the activities of computer users. 
Managers of rent-to-own stores could use the feature to turn on webcams so 
anyone in front of the machine would secretly be recorded. Managers could 
also use the software to log keystrokes and take screen captures.

"In numerous instances, data gathered by Detective Mode has revealed 
private, confidential, and personal details about the computer user," 
officials with the Federal Trade Commission wrote in a civil complaint 
filed earlier this year. "For example, keystroke logs have displayed 
usernames and passwords for access to e-mail accounts, social media 
websites, and financial institutions."

In some cases, webcam activations captured images of children, individuals 
not fully clothed, and people engaged in sexual activities, the complaint 
alleged. Rental agreements never disclosed the information that was 
collected, FTC lawyers said.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.