[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Rent-to-own PCs surreptitiously captured users' most intimate moments
From: InfoSec News <alerts () infosecnews ! org>
Date: 2012-09-26 9:42:09
Message-ID: alpine.DEB.2.02.1209260441570.7728 () infosecnews ! org
[Download RAW message or body]
http://arstechnica.com/security/2012/09/rent-to-own-pcs-surreptitiously-captured-users-most-intimate-moments/
By Dan Goodin
Ars Technica
Sept 25, 2012
Seven rent-to-own companies and a software developer have settled
federal charges that they used spyware to monitor the locations,
passwords, and other intimate details of more than 420,000 customers who
leased computers.
The software, known as PC Rental Agent, was developed by
Pennsylvania-based DesignerWare. It was licensed by more than 1,617
rent-to-own stores in the US, Canada, and Australia to report the
physical location of rented PCs. A feature known as Detective Mode also
allowed licensees to surreptitiously monitor the activities of computer
users. Managers of rent-to-own stores could use the feature to turn on
webcams so anyone in front of the machine would secretly be recorded.
Managers could also use the software to log keystrokes and take screen
captures.
"In numerous instances, data gathered by Detective Mode has revealed
private, confidential, and personal details about the computer user,"
officials with the Federal Trade Commission wrote in a civil complaint
filed earlier this year. "For example, keystroke logs have displayed
usernames and passwords for access to e-mail accounts, social media
websites, and financial institutions."
In some cases, webcam activations captured images of children,
individuals not fully clothed, and people engaged in sexual activities,
the complaint alleged. Rental agreements never disclosed the information
that was collected, FTC lawyers said.
[...]
--
ExpandingSecurity.com Live OnLine classes won’t wreck your schedule.
Get that cert and be done before 2012 ends. Last ISSAP 2012 class starts
Sept. 25th. Last 2012 CISSP and CEH starts Oct. 1:
CEH info signup: http://www.expandingsecurity.com/product/ceh-certified-ethical-hacker-online/
CISSP info signup: http://www.expandingsecurity.com/product/cissp-live-online-10-week-course/
ISSAP info signup: http://www.expandingsecurity.com/product/issap-information-systems-security-architecture-professional/ \
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic