Results 1 to 10 of 10
April 19th, 2004, 04:43 PM #1
- Join Date
- January 18th, 2005
- The Swamp
It has come to my attention that at least one adware company (180) may be able to obtain your user name and password in certain situations based off the way they are tracking web usuage.
If you ever log into any accounts with your user name and password already in the URL (ie http://www.yourdomain.com/servercall...sword=PASSWORD), your log in information has been compromised if you have n-case or Zango on your computer at the time. Likewise, if during the login process (where you actually type in your user name and pw), if a redirect occurs utilizing your username and pw while going to your account area, then your information has been compromised. If your user name and pw show in the URL once logged in, your information has been compromised.
I want to be as clear as possible on this so folks understand accurately:
1. You have to have an adware program running on your computer that is logging URL's. Programs do this to varying degrees. In the case of 180, I've been able to document they are loggin ALL URL's that hit the browser address bar (even those in pop ups).
2. With 180, even the URL's that go across SSL pages are logged.
3. I'm making no assumptions on what 180 may or may not do with this information, just that they are logging it.
4. It has nothing to do with if a Network or Merchant is associated with 180 or not. They track every URL that is loaded into the browser of the end user.
5. I doubt seriously that 180 is the only company engaged in this kind of tracking.
6. It is a good security practice to never go through a URL where the user name and pw is already in the URL. Although you have little control if that happens when you click the submit button or once logged in somewhere.
7. This applies to anywhere you log in through a browser, not just your affiliate accounts. Although I am posting here because I am aware many here (affs and Merchants alike) log in to various aff related interfaces in this manner and many here have installed 180 software for testing. Additionally, I have seen several posts of late from folks saying they found n-case on their computer and didn't know how it got there.
8. Run at least 2 good spyware removal programs regularly! If you run pop up blocker software on your computer, turn it off for awhile at least once a day. Pop up blockers will "hide" the symptoms of an installation.
For those of you who have logged into accounts as mentioned above and have had n-case or for that matter any of the contextually based adware programs on your computer, you might want to consider changing your pw to those accounts.
All I can say is that I've seen 180 creating multiple log files (they were hidden but I found them) where the URL as above was recorded.
April 19th, 2004, 05:16 PM #2
- Join Date
- January 17th, 2005
Is there any reason why these people shouldn't be in jail?
Worse than your average scum. See what an infusion of millions of dollars will let you do? Hope some of gets used as bail money.
April 19th, 2004, 05:20 PM #3
April 19th, 2004, 05:26 PM #4
Thankfully I've not had the unfortunate opportunity to have them on my computer but before they decide to do a drive-by on me, I'm off to change my bookmarks and take my login and passwords out. I don't need someone logging in as me and changing my payment info and getting all my earning or private information.
April 19th, 2004, 05:36 PM #5
- Join Date
- January 17th, 2005
Another consumer friendly, affiliate friendly feature found by Ms B that illustrates why the networks just love being partners with such fine people that develop what was it.... Oh yah - "innovative technology".
Maybe linkshare knew this and the "latest protection" was not just directly aimed at aff aff caugh caugh track track and their "ba ba ba ba ba ba" bedroom backups - LOL.
I sure hope that Linkshare and members of the COC take a hard cold look at this as THIS IS A SERIOUS PRIVACY VIOLATION and seems to put 180 clearly across the line in being labeled as Spyware instead of theftware or adware.
Ms B. I hope you'll relate this info to some of the spyware removal providers so they can change their classification if need be.
April 19th, 2004, 11:13 PM #6
Good post Mrs B.
Part of my day job is security analysis for the company I work for, and we've identified this as being a serious issue with many different types of plugin - our rule is simple, no parasiteware is allowed at all because of the security risk.
Another problem is that once this stuff is on your computer, it's "trusted" and it can then upgrade itself or install more software without even asking you. Basically, once this stuff is on your PC, you've lost control of it.
April 20th, 2004, 01:27 AM #7
- Join Date
- January 18th, 2005
- St Clair Shores MI.
As usual Ms.B is right on top of the BHO's ebiz monitizing game. Clickstream data mining coupled with spyware keystroke loggers give open access to any sensitive account information not requiring a Linkshare type random security code. That is why Linksahre pulled the plug immediately on Afftrack who was selling off all datamined information to IAB/DMA members willing to pay for it.
The security holes opened up by BHO's within a cart/ecatalog merchant hosting arrangement is another nightmare as they can plant a trojan script to mine customer account information and even have it downloaded in a Excell or CSV format.... How about datamining Dotster and other registrars domain information for sale to the expired domain crooks, credit cart / identity thieves and spammers.
The FTC and cybercrime units are starting to piece together how Al-Quaeda, Russian and Asian mobs, Hamas & Hizbolla, are getting open access to identity theft & CC information. Between the P2P networks, BHO's, Plished merchant sites with datafeeds and spyware the light bulbs are going off.
The greed driven models of the Ad Whores are only interested in selling off the information they gleen from these nefarious S/W browser spam tools. They do no due dilligence as to what their privacy info customers do with this info. Currently 80-90% of all computers connected to the internet are infested with security compromizing adware/spyware regardless of removals. The Ad Whore BHO's demand re-infestation as their sole purpose & job #1.Webmaster's... Mike and Charlie
"What have you done today to put real value into a referral click...from a shoppers viewpoint!"
April 20th, 2004, 07:49 AM #8
It'll be interesting to see what kind of spin the merchants and networks who work with 180 put on this. This is, very obviously, a serious invasion of privacy. I doubt this is covered very well, if at all, in the 180 TOS.
And they want to go public...
April 20th, 2004, 09:24 AM #9
((B)) there will be many stars in your crown.
April 20th, 2004, 09:34 AM #10
I wish I was going to Vegas Ms.B I would love to treat you to breakfast and a few drinks to show my apreciation for all the good work you have done here. I hope the guys who meet you there treat you well.
One day we will meet again that is for sureOne day parasites and their ilk will be made illegal, I bet a few Lawyers will be pissed off when the day comes.
Mr. Spitzer is fetching it nearer
By 2busy in forum Programming / Datafeeds / ToolsReplies: 0Last Post: October 30th, 2014, 06:15 PM
By TLE in forum Domains & HostingReplies: 9Last Post: September 28th, 2006, 08:57 AM
By Kellie aka Ms. B in forum Midnight Cafe'Replies: 14Last Post: June 24th, 2005, 12:45 AM
By gagglina in forum Midnight Cafe'Replies: 1Last Post: January 14th, 2004, 09:34 PM