Re: Marketscore and Higher Ed

[Joel Rosenblatt <joel () COLUMBIA EDU>]

Hi,

They can take issue all they like, they are still acting as a proxy between the users machine and the target system .. 
be it a bank, medical records or our
University.  They are decoding everything the user types and processing it.  If I were a bad guy, I would have a job 
application in at Marketscore right now.

I agree that they disclose all of the information about what they are doing, but I am know that someone like my father 
will sign up for anything and he never
reads the EULA .. especially when it's over 6 pages long.

These are of course my opinions. (but we are one of the 2 universities mentioned by name in this article)

Thanks,
Joel Rosenblatt

Joel Rosenblatt, Senior Security Officer & Windows Specialist, AcIS
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel


--On Wednesday, December 22, 2004 2:54 PM -0600 Steve Brukbacher <sab2 () UWM EDU> wrote:

> Hello,
> This is an interesting article about Marketscore.  The VP of marketscore
> is apparently taking issue with higher education.
>
> http://news.com.com/ComScore+Spyware+or+researchware+-+page+3/2100-1032_3-5494004-3.html?tag=st.next
>
> or
> http://tinyurl.com/6vj54
>
> Particularly, see this part on the first page
>
> "There's a small group of people in universities who've taken it upon
> themselves to take an issue with our software," said Dan Hess, senior
> vice president of industry analysis at ComScore. "We're trying to make
> them fully aware of the nature of our (products and services). It's a
> completely voluntary program."
>
> And then this excellent rebuttal from Steven Schuster from Cornell on
> pages 2 and 3......
> "They may be upfront up about it, and you can put the pieces together,
> but it requires a full understanding of network security and of
> legalese," said Steven Jay Schuster, security director at Cornell
> University, which recently warned students of potential spyware dangers
> in Marketscore.
>
>  From my vantage point, their claim of speeding up your internet
> experience is flimsy at best, at worst fraudulent.  Their website is
> doing exactly what malware always does; claims to do one thing while its
> true intent is something entirely different.
> http://www.marketscore.com/Home.aspx
>
>
> The article also claims that Marketscore does the following:
>
> "To compile data, Marketscore redirects Internet traffic through its own
> servers and decrypts secure data transfers between a PC user and a Web
> site using Secure Sockets Layer (SSL), the de facto security standard
> for e-commerce transactions. Doing so, it can collect highly personal
> information, including bank passwords, health data and credit card
> numbers."
>
>
>
> --
> --
> Steve Brukbacher
> University of Wisconsin Milwaukee
> Information Security Coordinator
> UWM Computer Security Web Site www.security.uwm.edu
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
> http://www.educause.edu/groups/.



Joel Rosenblatt, Senior Security Officer & Windows Specialist, AcIS
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.