Sears.com: Join the Community Get Spyware

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via The CA Security Advisor Research Blog.

[snip]

While Christmas shopping online this season, be careful what you are
signing up for.

Visiting Sears.com (and Kmart.com) a few weeks ago, I was offered a chance
to join My SHC Community, for free, but what I received was, from a privacy
perspective, very costly. Sears.com is distributing spyware that tracks all
your Internet usage - including banking logins, email, and all other forms
of Internet usage - all in the name of "community participation." Every
website visitor that joins the Sears community installs software that acts
as a proxy to every web transaction made on the compromised computer.

In other words, if you have installed Sears software ("the proxy") on your
system, all data transmitted to and from your system will be intercepted.
This extreme level of user tracking is done with little and inconspicuous
notice about the true nature of the software.

[snip]

Much more here:
http://community.ca.com/blogs/securityadvisor/archive/2007/12/20/sears-com-
join-the-community-get-spyware.aspx

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHaqZHq1pz9mNUZTMRAkgZAKDIe+AiAkY6MIJae9hpcea4aXOgLgCfSGYS
nzIvJkB2sEX6/hK+xWokBRU=
=y8ad
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.