Results 1 to 10 of 10
  1. #1
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    It has come to my attention that at least one adware company (180) may be able to obtain your user name and password in certain situations based off the way they are tracking web usuage.

    If you ever log into any accounts with your user name and password already in the URL (ie http://www.yourdomain.com/servercall...sword=PASSWORD), your log in information has been compromised if you have n-case or Zango on your computer at the time. Likewise, if during the login process (where you actually type in your user name and pw), if a redirect occurs utilizing your username and pw while going to your account area, then your information has been compromised. If your user name and pw show in the URL once logged in, your information has been compromised.

    I want to be as clear as possible on this so folks understand accurately:

    1. You have to have an adware program running on your computer that is logging URL's. Programs do this to varying degrees. In the case of 180, I've been able to document they are loggin ALL URL's that hit the browser address bar (even those in pop ups).

    2. With 180, even the URL's that go across SSL pages are logged.

    3. I'm making no assumptions on what 180 may or may not do with this information, just that they are logging it.

    4. It has nothing to do with if a Network or Merchant is associated with 180 or not. They track every URL that is loaded into the browser of the end user.

    5. I doubt seriously that 180 is the only company engaged in this kind of tracking.

    6. It is a good security practice to never go through a URL where the user name and pw is already in the URL. Although you have little control if that happens when you click the submit button or once logged in somewhere.

    7. This applies to anywhere you log in through a browser, not just your affiliate accounts. Although I am posting here because I am aware many here (affs and Merchants alike) log in to various aff related interfaces in this manner and many here have installed 180 software for testing. Additionally, I have seen several posts of late from folks saying they found n-case on their computer and didn't know how it got there.

    8. Run at least 2 good spyware removal programs regularly! If you run pop up blocker software on your computer, turn it off for awhile at least once a day. Pop up blockers will "hide" the symptoms of an installation.

    For those of you who have logged into accounts as mentioned above and have had n-case or for that matter any of the contextually based adware programs on your computer, you might want to consider changing your pw to those accounts.

    All I can say is that I've seen 180 creating multiple log files (they were hidden but I found them) where the URL as above was recorded.

  2. #2
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    1,663
    Thanks, MsB.

    Is there any reason why these people shouldn't be in jail?

    Worse than your average scum. See what an infusion of millions of dollars will let you do? Hope some of gets used as bail money.

    Wayne

  3. #3
    ABW Veteran jc101's Avatar
    Join Date
    January 18th, 2005
    Location
    Santa Cruz, CA
    Posts
    4,597
    oh thanks for the info

  4. #4
    Merchant Linda's Avatar
    Join Date
    January 18th, 2005
    Location
    TN, USA
    Posts
    1,030
    and

    Thankfully I've not had the unfortunate opportunity to have them on my computer but before they decide to do a drive-by on me, I'm off to change my bookmarks and take my login and passwords out. I don't need someone logging in as me and changing my payment info and getting all my earning or private information.

    Thanks, B.

  5. #5
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    2,419
    Another consumer friendly, affiliate friendly feature found by Ms B that illustrates why the networks just love being partners with such fine people that develop what was it.... Oh yah - "innovative technology".

    Maybe linkshare knew this and the "latest protection" was not just directly aimed at aff aff caugh caugh track track and their "ba ba ba ba ba ba" bedroom backups - LOL.

    I sure hope that Linkshare and members of the COC take a hard cold look at this as THIS IS A SERIOUS PRIVACY VIOLATION and seems to put 180 clearly across the line in being labeled as Spyware instead of theftware or adware.

    Ms B. I hope you'll relate this info to some of the spyware removal providers so they can change their classification if need be.

  6. #6
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Good post Mrs B.

    Part of my day job is security analysis for the company I work for, and we've identified this as being a serious issue with many different types of plugin - our rule is simple, no parasiteware is allowed at all because of the security risk.

    Another problem is that once this stuff is on your computer, it's "trusted" and it can then upgrade itself or install more software without even asking you. Basically, once this stuff is on your PC, you've lost control of it.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  7. #7
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    As usual Ms.B is right on top of the BHO's ebiz monitizing game. Clickstream data mining coupled with spyware keystroke loggers give open access to any sensitive account information not requiring a Linkshare type random security code. That is why Linksahre pulled the plug immediately on Afftrack who was selling off all datamined information to IAB/DMA members willing to pay for it.

    The security holes opened up by BHO's within a cart/ecatalog merchant hosting arrangement is another nightmare as they can plant a trojan script to mine customer account information and even have it downloaded in a Excell or CSV format.... How about datamining Dotster and other registrars domain information for sale to the expired domain crooks, credit cart / identity thieves and spammers.

    The FTC and cybercrime units are starting to piece together how Al-Quaeda, Russian and Asian mobs, Hamas & Hizbolla, are getting open access to identity theft & CC information. Between the P2P networks, BHO's, Plished merchant sites with datafeeds and spyware the light bulbs are going off.

    The greed driven models of the Ad Whores are only interested in selling off the information they gleen from these nefarious S/W browser spam tools. They do no due dilligence as to what their privacy info customers do with this info. Currently 80-90% of all computers connected to the internet are infested with security compromizing adware/spyware regardless of removals. The Ad Whore BHO's demand re-infestation as their sole purpose & job #1.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  8. #8
    ABW Ambassador Andy's Avatar
    Join Date
    January 18th, 2005
    Posts
    4,178
    It'll be interesting to see what kind of spin the merchants and networks who work with 180 put on this. This is, very obviously, a serious invasion of privacy. I doubt this is covered very well, if at all, in the 180 TOS.

    And they want to go public...

    Andy

  9. #9
    Content $ Queen Ebudae's Avatar
    Join Date
    January 18th, 2005
    Location
    Texas
    Posts
    2,823
    ((B)) there will be many stars in your crown.

    Ebudae


  10. #10
    pph Expert! Gordon's Avatar
    Join Date
    January 18th, 2005
    Location
    Edmonton Canada
    Posts
    5,781
    I wish I was going to Vegas Ms.B I would love to treat you to breakfast and a few drinks to show my apreciation for all the good work you have done here. I hope the guys who meet you there treat you well.

    One day we will meet again that is for sure
    One day parasites and their ilk will be made illegal, I bet a few Lawyers will be pissed off when the day comes.
    Mr. Spitzer is fetching it nearer

    YouTrek

  11. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Drupal Users? Important Security News
    By 2busy in forum Programming / Datafeeds / Tools
    Replies: 0
    Last Post: October 30th, 2014, 07:15 PM
  2. HostGator - cPanel Security Issue
    By TLE in forum Domains & Hosting
    Replies: 9
    Last Post: September 28th, 2006, 09:57 AM
  3. Kowabunga Security/Privacy Issue? AM's Input Please.
    By Kellie aka Ms. B in forum Midnight Cafe'
    Replies: 14
    Last Post: June 24th, 2005, 01:45 AM
  4. has the norton internet security issue been resolved?
    By gagglina in forum Midnight Cafe'
    Replies: 1
    Last Post: January 14th, 2004, 10:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •