IT Nightmare: Program Installed by Users to Speed Up Surfing Compromises Sensitive Data

The Internet Patrol default featured image
Share the knowledge

It’s (one of) every IT manager’s nightmare: thousands of users, downloading and installing a seemingly innocent add-on program, in this case one offering to speed up their Internet experience. However, in reality, the program has the ability to compromise the most sensitive of user information, including passwords and more.

This is the situation across the country, with universities being particularly hard hit, although certainly not the only ones whose user’s data may be being compromised by a program called “MarketScore”.

Offering a “free Internet accelerator and email virus scanning”, MarketShare promises to speed up web browsing. Because it has been bundled with iMesh, a peer-to-peer program, it has found its way onto the computer systems of countless university students, with whom peer-to-peer software is extremely popular (although of course others are using it as well).

The problem is that MarketShare accomplishes these tasks, to the extent that it does (users have complained about not receiving any appreciable benefit) by routing all user traffic through its own servers. This, says experts, constitutes a serious compromise of user data, as it allows MarketShare the potential to monitor such sensitive information as passwords, credit card numbers and other financial information, and even medical data.

Ostensibly MarketShare does this routing because it can, in theory, serve up webpages much faster if they are cached on their own servers; after it has been cached by the first visit, subsequent surfers visiting the same page would be able to access the version cached on MarketShare’s servers.

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

Part of its process – the most problematic part of its process – is that MarketShare creates its own certificate of authority on the user’s system, and then intercepts the user’s web traffic which has been secured with SSL, decrypts it, and then sends it to the MarketShare servers bare and unencrypted. It re-encrypts it only after it has already arrived at their server, prior to sending the traffic on to its final destination.

Put in plain English, imagine if you are sitting at your computer, you log into your bank’s web site, send your password, and then enter the account number of the checking account you wish to access. If you are using MarketShare, the story goes, your password and checking account number will be decrypted before it leaves your machine, and sent in the clear to the MarketShare servers – unencrypted – and only after it has already arrived in MarketShare territory will it be re-encrypted. Not only does MarketShare now have access to that information, but it’s quite possible that so does anyone who might be sniffing around between your computer and MarketShare’s.

Said David Escalante, Director of Computer Security for Boston College, one of the affected universities, “I don’t know how good it is for parties at either end of a transaction to have a third party listening in.”

Well Aunty does. It’s no good at all!

You can read more about this at Computer Weekly

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.