WARNING: Sears - worst hackers ever!

[Basshole]

This is from http://www.schneier.com/blog/archive....html#comments

but this may have been in the AP news.

Is Sears Engaging in Criminal Hacking Behavior?

Join "My SHC Community" on Sears.com, and the company will install some pretty impressive spyware on your computer:

Sears.com is distributing spyware that tracks all your Internet usage - including banking logins, email, and all other forms of Internet usage - all in the name of "community participation." Every website visitor that joins the Sears community installs software that acts as a proxy to every web transaction made on the compromised computer. In other words, if you have installed Sears software ("the proxy") on your system, all data transmitted to and from your system will be intercepted. This extreme level of user tracking is done with little and inconspicuous notice about the true nature of the software. In fact, while registering to join the "community," very little mention is made of software or tracking. Furthermore, after the software is installed, there is no indication on the desktop that the proxy exists on the system, so users are tracked silently.

Here is a summary of what the software does and how it is used. The proxy:

Monitors and transmits a copy of all Internet traffic going from and coming to the compromised system.

Monitors secure sessions (websites beginning with ‘https'), which may include shopping or banking sites.

Records and transmits "the pace and style with which you enter information online..."

Parses the header section of personal emails.

May combine any data intercepted with additional information like "select credit bureau information" and other sources like "consumer preference reporting companies or credit reporting agencies".

If a kid with a scary hacker name did this sort of thing, he'd be arrested. But this is Sears, so who knows what will happen to them. But what should happen is that the anti-spyware companies should treat this as the malware it is, and not ignore it because it's done by a Fortune 500 company.

[Valerus]

Another reason as why i don't even get near Sears.

[flakeh]

Sears is l337.

[Valerus]

Quote:

Originally Posted by flakeh

Sears is l337.

Sears is flaky.

[Ericman197]

Heard about this. Apparently there's a confusing little blurb that mentions the spyware on page 12 of a 54 page user agreement.

[meev992]

Quote:

Originally Posted by flakeh

Sears is l337.

[flakeh]

Quote:

Originally Posted by meev992

Yep, thats sears alright.

[MakiSupaStar]

Wow. Is this real?

[Eric Perry]

Quote:

Originally Posted by Basshole

...what should happen is that the anti-spyware companies should treat this as the malware it is, and not ignore it because it's done by a Fortune 500 company.

Hell yeah!!! And everyone else should boycott the bejesus out of Sears. The only decent thing they used to sell were their tools, and now Craftsman sucks anyway!

[Snarf]

Quote:

Originally Posted by Basshole

This is from http://www.schneier.com/blog/archive....html#comments

but this may have been in the AP news.

Is Sears Engaging in Criminal Hacking Behavior?

Join "My SHC Community" on Sears.com, and the company will install some pretty impressive spyware on your computer:

Sears.com is distributing spyware that tracks all your Internet usage - including banking logins, email, and all other forms of Internet usage - all in the name of "community participation." Every website visitor that joins the Sears community installs software that acts as a proxy to every web transaction made on the compromised computer. In other words, if you have installed Sears software ("the proxy") on your system, all data transmitted to and from your system will be intercepted. This extreme level of user tracking is done with little and inconspicuous notice about the true nature of the software. In fact, while registering to join the "community," very little mention is made of software or tracking. Furthermore, after the software is installed, there is no indication on the desktop that the proxy exists on the system, so users are tracked silently.

Here is a summary of what the software does and how it is used. The proxy:

Monitors and transmits a copy of all Internet traffic going from and coming to the compromised system.

Monitors secure sessions (websites beginning with ‘https'), which may include shopping or banking sites.

Records and transmits "the pace and style with which you enter information online..."

Parses the header section of personal emails.

May combine any data intercepted with additional information like "select credit bureau information" and other sources like "consumer preference reporting companies or credit reporting agencies".

If a kid with a scary hacker name did this sort of thing, he'd be arrested. But this is Sears, so who knows what will happen to them. But what should happen is that the anti-spyware companies should treat this as the malware it is, and not ignore it because it's done by a Fortune 500 company.

Okay, every time I see the misuse of the term "hacker" I get pretty annoyed. Here's some information for everyone: http://en.wikipedia.org/wiki/Hacker_...ambiguation%29

From the article "Black Hat" on Wikipedia: "A black hat is a person who compromises the security of a computer system without permission from an authorized party, typically with malicious intent. The term white hat is used for a person who is ethically opposed to the abuse of computer systems, but is frequently no less skilled. The term cracker was coined by Richard Stallman to provide an alternative to using the existing word hacker for this meaning.[1] The somewhat similar activity of defeating copy prevention devices in software which may or may not be legal in a country's laws is actually software cracking."

[Spector_Ray]

I wonder if Spysweeper will pick it up in your system?

[jsbass]

I doubt this is real. If it were, it would have been published on a more mainstream news source. If I'm not mistaken, identity theft and internet crimes are covered quite a bit on the news, are they not?

[Vandelay]

It's real, it was published on several tech news websites last week.

http://www.news.com/8301-10784_3-9839403-7.html

[Snarf]

Quote:

Originally Posted by jsbass

I doubt this is real. If it were, it would have been published on a more mainstream news source. If I'm not mistaken, identity theft and internet crimes are covered quite a bit on the news, are they not?

Sears is probably owned by a company that owns the mainstream media. It's not in the media's best interest to report things that concern normal people. Like all the bad things their owners do (which includes the government).

[jsbass]

Well if it is I don't got it cause I never signed up for it, funny that it asks you to download it and people do.

[Pilgrim]

Quote:

Originally Posted by Snarf

Sears is probably owned by a company that owns the mainstream media. It's not in the media's best interest to report things that concern normal people. Like all the bad things their owners do (which includes the government).

Man, that is one of the most paranoid statements I've heard in months. You must have been listening to people who are convinced the black helicopters are hovering just over the horizon! I agree that our government has done some very strange and even reprehensible things (especially with domestic surveillance over the last 6 years), but that comment is unjustified and indefensible.

This is blatantly untrue: "It's not in the media's best interest to report things that concern normal people."

I've worked in radio and TV. It is PRECISELY the goal of media to report on things that "normal" people can relate to and understand. Otherwise they wouldn't be in business long.

[invisiman]

Sears, upon quick and painless research, does not appear to be affiliated with any media conglomerate. This is the internet, there's no excuse to throw around accusations like that when the pertinent information is merely seconds away.