9 January 2014. A3 sends:
Further to http://cryptome.org/2013/12/omniquad-exposes.htm
The UK Information Commissioner
(http://www.ico.gov.uk) has launched
a formal investigation into Omniquad.
To see if you are affected:-
Check if your company and own name is in the results.
2 January 2014. A2 sends:
To see a list of Omniquad's clients exposed by the Surf Wall Remote data
It is worth noting that searching just on "SWRInfo" will yield a blameless
unrelated German radio station.
30 December 2013
Omniquad Exposes You Online
Omniquad - the data protection specialists who expose you online
Back in 1997, Daniel Sobstel, then a 25 year old "computer wizard" started
He now describes it as "a trail blazing internet Security Company which
helps businesses and organisations secure and manage their business
networks, email security and web security."
He continues, "Omniquad is now providing cutting edge IT Security Services
that have won both industry acclaim and media recognition."
But Omniquad is no stranger to data privacy breaches.
Now it can be revealed that Omniquad's latest key product, called Surf Wall
Remote, is actually exposing precise client identifying information.
Rather than protecting clients, it reveals their identity to every website
Surf Wall Remote (SWR) injects an extra string into the browser user agent,
that personally identifies the visitor.
An example visitor log entry (here, split over two lines and redacted with
126.96.36.199 - - [**/***/2013:**:**:** *****] "GET / HTTP/1.1" 200
"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0;)
In this example, the visitor's own IP has been replaced with Omniquad's
But Surf Wall Remote has injected into the user's MS Internet Explorer 8
browser user agent string an extra piece of information with the format:-
Here, "nnnn" is an integer related to the client organisation that has purchased
the Surf Wall Remote product and installed it across their entire corporate
IT infrastructure. "xxxx" and "yyyy" are the portions of the individual person's
email address either side of the "@" symbol.
If a person called John Fitzgerald Doe working for Acme Industries, Inc was
using Surf Wall Remote, his injected user agent string might look something
SWRInfo: 1234: acme-industries.net: john.f.doe
As a real world example, I offer you this (partially redacted to protect
SWRInfo: 2025: sytner.co.uk: ****
This is unfortunate, as Sytner ("the UK's leading retailer of prestige cars")
has provided a glowing reference on the Testimonials section of Omniquad's
Embarrassing too for Caretower, the UK distributor of Omniquad's Surf Wall
Remote, who provide a case study featuring Sytner's use of the sister product
Mail Wall Remote:-
Which currently leads to
"... one of the UK's leading providers of hosting, Cloud, managed IT services
and business continuity."
Finally, another real world offering:-
SWRInfo: 3129: ****.mod.uk: ****
Clearly a sensitive UK government department.