“We have a responsibility to promptly resolve bugs in our technology,” said Jon Chun, CEO and president of SafeWeb. “Security is a process, and we welcome this kind of in-depth critical review as an opportunity to improve and lead in this area. We appreciate that David Martin of Boston University and Andrew Schulman of the Privacy Foundation identified these issues and alerted us to the problem.”
Though the company has not received any customer complaints on this problem, and though it suspended the consumer privacy service last year, it has decided to issue a patch as a precautionary measure.
SafeWeb has advised PrivaSec and other licensees of its consumer privacy technology to the vulnerabilities raised in the study, and plans to deliver the patch to PrivaSec and all other licensees within several days.
The vulnerabilities identified, which require the use of Web browser scripting languages, would allow a malicious website operator to identify attributes of SafeWeb users that were not intended to be disclosed. SafeWeb users accessing reputable and trusted websites would not be affected.
About SafeWeb, Inc.
Based in Emeryville, California, SafeWeb was founded in April 2000 to create innovative security and privacy technologies that are effective, economical and simple. Our mission with the Secure Extranet Appliance is to deliver technology that drastically reduces the cost and complexity traditionally involved in securing corporate network resources.
Since its inception, SafeWeb has built the world’s largest online privacy network and has established strategic partnerships to deliver customized versions of its proven technology to high-profile U.S. intelligence and communications agencies. SafeWeb has received numerous awards for its technology, and has been recognized as a privacy and security expert before the U.S. Congress and at industry conferences such as DEF CON. For more information, please visit the company’s Website at http://www.safeweb.com.