|
Printable version  |
|
By Chris Coulson, MCSE, MCPS, MCSA, MCNPS
Stambaugh Ness Business Solutions Network Consultant
If you shop online, you should know that some large department stores want you to install spyware so they can track where you go online and what you do. They also want your email, and - yes - credit card information.
At the end of 2007, security researcher Benjamin Googins at Computer Associates found that the so called "community" that these stores want you to be part of actually installs comScore, a market research firm.
Googins stated on his company's blog that the spyware had been installed to transmit "banking logins, email, and all other forms of Internet usage" - to comScore for analysis. There was one mention of software being installed on page 10 of a 54 page license document. (Fifty-four pages? You have got to be kidding me! We all could read a small novel at that length.)
The fact that the mention of this software is difficult to find violates regulations - set by the Federal Trade Commission - that require a clear, unavoidable disclosure and "express consent" from the user before installing such software.
As an added twist, Googins updated his previous findings. "If you access that URL with a machine compromised by the store's proxy software, you will get the policy with direct language (like 'monitors all Internet behavior')" he noted.
"If you access the policy using an uncompromised system, you will get the toned down version (like 'provide superior service'). Both policies share the same URL and same look and feel - coloring, page layout, store branding, etc. This makes it very difficult for users to get consistent, accurate information about the proxy software," he added.
So be careful when joining online communities. Make sure you read the EULA (End User License Agreements). Make sure you know what's going on in that community before signing up, no matter how tasty the incentives and coupons are.
Second Part (in our Jan. 30 issue): Department stores are not the only communities installing spyware.
| Stambaugh Ness Business Solutions can help make your IT systems more secure. Contact Chris Coulson at 717-757-6999 or 800-745-8233 for more information. You can also send Chris an email by using the form below. |
|
|
|
 |
Our firm provides the information in this e-newsletter for general guidance only, and does not constitute the provision of legal advice, tax advice, accounting services, investment advice, or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional tax, accounting, legal, or other competent advisers. Before making any decision or taking any action, you should consult a professional adviser who has been provided with all pertinent facts relevant to your particular situation. Tax articles in this e-newsletter are not intended to be used, and cannot be used by any taxpayer, for the purpose of avoiding accuracy-related penalties that may be imposed on the taxpayer. The information is provided "as is," with no assurance or guarantee of completeness, accuracy, or timeliness of the information, and without warranty of any kind, express or implied, including but not limited to warranties of performance, merchantability, and fitness for a particular purpose.
IRS Circular 230 Notice: To ensure compliance with requirements imposed by the IRS, we inform you that any US tax advice contained in this communication is not intended or written to be used, and cannot be used, for the purpose of avoiding penalties under the Internal Revenue Code.
Securities and advisory services offered through Geneos Wealth Management, Inc. Member FINRA/SIPC. Geneos Wealth Management, Inc is not affiliated with Stambaugh Ness. |
|
|
Full Newsletter
