Back in October 2010, I noted a breach involving managed security services provider Omniquad. Omniquad acknowledged the breach that involved helpdesk tickets leaking online, but the firm’s managing director, Daniel Sobstel, subsequently claimed that Webroot reseller Infosec Technologies started contacting his customers and passing on misleading information about the size of the data breach.
Now I see another report involving Omniquad, this one from an anonymous source on Cryptome:
Now it can be revealed that Omniquad’s latest key product, called Surf Wall Remote, is actually exposing precise client identifying information.
http://www.omniquad.com/surfwall-remote-cloud-hosted-web-security-and-filtering.html
Rather than protecting clients, it reveals their identity to every website they visit.
Surf Wall Remote (SWR) injects an extra string into the browser user agent, that personally identifies the visitor.
Read more on Cryptome. Omniquad did not respond to a request for a statement or comment by the time of this publication.