Come see the creepy side of Sears

Join Sears’ SHC Online Community, get tons of spyware! According to the CA Security Advisor Research blog:

Every website visitor that joins the Sears community installs software that acts as a proxy to every web transaction made on the compromised computer. In other words, if you have installed Sears software (“the proxy”) on your system, all data transmitted to and from your system will be intercepted.

And they really do mean all data, from key-logging secure sessions to reading the header lines of personal email, and even recording “the pace and style with which you enter information online.” That’s so very… comprehensive. (I can’t help but note that this is PC-only. Macs are safe.)

Rob Harles, the VP of the Sears SHC Online community, denied that any such spying was taking place. Too bad Harles used to be the senior VP for comScore, the company that created the spyware and collected the Sears data.

Via Metafilter

Update: This is Eric. Apparently Sears also had a section of their site that allowed customers to search their purchase history back to 1978. Unfortunately, security was so bad that you could search anyone’s purchase history back to 1978. Sears appears to have taken it down now, though.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: