IT Nightmare: Program Installed by Users to Speed Up Surfing Compromises Sensitive Data   12/2/2004 - 957 views, 2 Comments

This is the situation across the country, with universities being particularly hard hit, although certainly not the only ones whose user’s data may be being compromised by a program called “MarketScore”.

Offering a “free Internet accelerator and email virus scanning”, MarketShare promises to speed up web browsing. Because it has been bundled with iMesh, a peer-to-peer program, it has found its way onto the computer systems of countless university students, with whom peer-to-peer software is extremely popular (although of course others are using it as well).

The problem is that MarketShare accomplishes these tasks, to the extent that it does (users have complained about not receiving any appreciable benefit) by routing all user traffic through its own servers. This, says experts, constitutes a serious compromise of user data, as it allows MarketShare the potential to monitor such sensitive information as passwords, credit card numbers and other financial information, and even medical data.

Ostensibly MarketShare does this routing because it can, in theory, serve up webpages much faster if they are cached on their own servers; after it has been cached by the first visit, subsequent surfers visiting the same page would be able to access the version cached on MarketShare’s servers.

Part of its process - the most problematic part of its process - is that MarketShare creates its own certificate of authority on the user’s system, and then intercepts the user’s web traffic which has been secured with SSL, decrypts it, and then sends it to the MarketShare servers bare and unencrypted. It re-encrypts it only after it has already arrived at their server, prior to sending the traffic on to its final destination.

Put in plain English, imagine if you are sitting at your computer, you log into your bank’s web site, send your password, and then enter the account number of the checking account you wish to access. If you are using MarketShare, the story goes, your password and checking account number will be decrypted before it leaves your machine, and sent in the clear to the MarketShare servers - unencrypted - and only after it has already arrived in MarketShare territory will it be re-encrypted. Not only does MarketShare now have access to that information, but it’s quite possible that so does anyone who might be sniffing around between your computer and MarketShare’s.

Said David Escalante, Director of Computer Security for Boston College, one of the affected universities, “I don’t know how good it is for parties at either end of a transaction to have a third party listening in.”

Well Aunty does. It’s no good at all!

You can read more about this at Computer Weekly