'[ISN] Rent-to-own PCs surreptitiously captured users' most intimate moments'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Rent-to-own PCs surreptitiously captured users' most intimate moments
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2012-09-26 9:42:09
Message-ID: alpine.DEB.2.02.1209260441570.7728 () infosecnews ! org
[Download RAW message or body]

http://arstechnica.com/security/2012/09/rent-to-own-pcs-surreptitiously-captured-users-most-intimate-moments/


By Dan Goodin
Ars Technica
Sept 25, 2012

Seven rent-to-own companies and a software developer have settled 
federal charges that they used spyware to monitor the locations, 
passwords, and other intimate details of more than 420,000 customers who 
leased computers.

The software, known as PC Rental Agent, was developed by 
Pennsylvania-based DesignerWare. It was licensed by more than 1,617 
rent-to-own stores in the US, Canada, and Australia to report the 
physical location of rented PCs. A feature known as Detective Mode also 
allowed licensees to surreptitiously monitor the activities of computer 
users. Managers of rent-to-own stores could use the feature to turn on 
webcams so anyone in front of the machine would secretly be recorded. 
Managers could also use the software to log keystrokes and take screen 
captures.

"In numerous instances, data gathered by Detective Mode has revealed 
private, confidential, and personal details about the computer user," 
officials with the Federal Trade Commission wrote in a civil complaint 
filed earlier this year. "For example, keystroke logs have displayed 
usernames and passwords for access to e-mail accounts, social media 
websites, and financial institutions."

In some cases, webcam activations captured images of children, 
individuals not fully clothed, and people engaged in sexual activities, 
the complaint alleged. Rental agreements never disclosed the information 
that was collected, FTC lawyers said.

[...]


--
ExpandingSecurity.com Live OnLine classes won&#8217;t wreck your schedule.
Get that cert and be done before 2012 ends. Last ISSAP 2012 class starts
Sept. 25th. Last 2012 CISSP and CEH starts Oct. 1:
CEH info signup: http://www.expandingsecurity.com/product/ceh-certified-ethical-hacker-online/
 CISSP info signup: http://www.expandingsecurity.com/product/cissp-live-online-10-week-course/
 ISSAP info signup: http://www.expandingsecurity.com/product/issap-information-systems-security-architecture-professional/ \



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic