-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is what I get using a text-based browser: http://community.ca.com/blogs/securityadvisor/archive/2007/12/20/javascript:his And with FF,XSS warning. I really like the javascript::history part. Paul Ferguson wrote: > Via The CA Security Advisor Research Blog. > > [snip] > > While Christmas shopping online this season, be careful what you > are signing up for. > > Visiting Sears.com (and Kmart.com) a few weeks ago, I was offered a > chance to join My SHC Community, for free, but what I received > was, from a privacy perspective, very costly. Sears.com is > distributing spyware that tracks all your Internet usage - > including banking logins, email, and all other forms of Internet > usage - all in the name of "community participation." Every website > visitor that joins the Sears community installs software that acts > as a proxy to every web transaction made on the compromised > computer. > > In other words, if you have installed Sears software ("the proxy") > on your system, all data transmitted to and from your system will > be intercepted. This extreme level of user tracking is done with > little and inconspicuous notice about the true nature of the > software. > > [snip] > > Much more here: > http://community.ca.com/blogs/securityadvisor/archive/2007/12/20/sears-com- > join-the-community-get-spyware.aspx > > - ferg >
- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. - -- <b>redhowlingwolves</b> <br>Web:<a href=http://www.hacking-passion.com/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHa1oExajqy/aNaRsRAiUrAKC1+fwdH4O1kCWHaKATB9KSOpvr1gCgsric tmDRA52qRy6EDZB5T69tyHM= =PvXt -----END PGP SIGNATURE----- _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
