Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Without cracking SSL this is not possible. The URL is encrypted along with all the headers. The only thing in plain text is the TCP/IP level data - i.e. the source and destination IP addresses.

I'd have to check for other solutions but as far as Firefox is concerned you have the choice of either a regularly downloaded list to check locally, or if you *opt-in* you can send your urls (not cookies, not server responses) to a real time checking service.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

So you're saying HTTPS traffic is intercepted by Phorm?

That's interesting.

It would be, your own words daft, to ignore HTTPS requests which might lead to phishing sites.

But in terms of privacy, it would be even more outrageous than the already outrageous intrusion that is Phorm.

Particularly if both ends to the communication do not have a serviceable OPT IN mechanism.

Pow!, pow! Both barrels unloaded. Hey look, no feet left.

Pete

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Anyone can sponsor AWG and have their logo put up. Maybe we should find out and have a NODPI logo on there.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Going down!!!!!!!!!!

http://finance.google.com/finance?q=LON:PHRM

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Also remember that they have servers at Planet in Huston a hosting company that is in the top 10 world hosting companies that host phishing websites.


Seems they have too many fingers in too many pies for my taste.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

iii, 920p

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Will soon join BT's measly £2.00 a share we paid much more than that years ago thanks to Phorm our investment is going down the pan also.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Thank you.

I have never had a reply back from APWG, then again i keep sending e-mails that webwise.bt is a phish site or any other that is connected to phorm, you can do this with siteadivsor and sitehound as well.
http://www.firetrust.com/en/products/sitehound
http://www.siteadvisor.com/
http://www.trendsecure.com/portal/en...s/trendprotect

For FireFox 1.5 and above, there is WOT.
http://www.mywot.com/

May it long continue

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

It would seem so. I have contacted the APWG on numerous occasions regarding Phorm. I have spelled out all the arguments for them, and listed the number of people and organisations who think Phorm is illegal according to UK law.

I received positive feedback initially. By this time, however, they had already accepted a sponsorship (i.e. money) from Phorm. I imaging they found it hard to give back the $5000 which they received from them, because Phorm is still a member.

If you think Phorm should be removed as a sponsor of the APWG, by all means complain:

Press inquiries pressrequest@antiphishing.org
Other general questions info@antiphishing.org

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Thanks for this, dave.

An excellent analysis of Phorm by Steve Gibson. His description and distaste for this system very much reminds me of what Dr Richard Clayton wrote in his blog, AND said at the Town Hall meeting.

Incidentally, personally I think Dr Clayton's talk at that meeting was one of the main reasons for the video not being released.

OB

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

>I have never had a reply back from APWG, then again i keep sending e-mails that >webwise.bt is a phish site or any other that is connected to phorm, you can do this with >siteadivsor and sitehound as well.
>http://www.firetrust.com/en/products/sitehound
>http://www.siteadvisor.com/
>http://www.trendsecure.com/portal/en...s/trendprotect

So do I. :)

I'm also compiling a list of sites where you can report phishing scams. I will publish it soon so everyone can use it.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Interesting Revelation

Just found out today, that RIPA does not apply in Scotland. Scotland has it's own version, as with many Legislations, called RIP(S)A:

http://www.opsi.gov.uk/legislation/s..._20000011_en_1

Anyone in the know, please help compare.

EDIT: So far I can only confirm that RIP(S)A pertains to Police and Local Authorities.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Never knew that, i know the SNP are against ID Cards, which is great.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I think the wheel may have gone just a little too fast for the poor creature.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

The phishing databases only need the URL, there is no need to set up a secure connection to flag it as a dodgey url.

Opera's anti-phishing works by checking a remote database as well, nothing needed to be stored on your computer.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Can someone provide me a list of all of Phorm's domains?

i.e. www.webwise.com, etc.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Some here

http://www.badphorm.co.uk/e107_plugi...topic.php?7062

121media.com
openinternetexchange.com
openinternetexchange.net
oix.com
oix.net
webwise.com
phorm.com
phormdev.com
webwise.net
youcanoptin.com

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I'm not quite sure what you're trying to say so I'll try to clarify my statement:

Webwise cannot check phishing urls that use https because of where it sits in the network.

Other solutions (such as those built into IE/Firefox/Opera) can and do check phishing urls that use https.

Webwise uses a remote database of phishing urls so doesn't suffer from lag in updates. However Firefox's system optionally uses a remote database as well so is just as good. I don't know about Opera's system so can't comment.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

[QUOTE=Dephormation;34589943]Some here

Thanks as ever, Dephormation.

Report Phorm/Webwise as a Phishing Scam
================================================== =====

Phorm domains to report:

webwise.bt.com
121media.com
openinternetexchange.com
openinternetexchange.net
oix.com
oix.net
webwise.com
phorm.com
phormdev.com
webwise.net

---
US-Cert: US Computer Emergency Readiness Team
http://www.us-cert.gov/nav/report_phishing.html

Report phishing scam by sending email to:
phishing-report@us-cert.gov
---
APWG: Antiphishing Workgroup
http://www.antiphishing.org/

Report phishing scam by sending email to:
reportphishing@antiphishing.org
---
Microsoft Support:
http://support.microsoft.com/kb/930167

To report a Web site that you suspect is a phishing Web site, follow these steps:
1. Start Microsoft Internet Explorer.
2. On the Tools menu, point to Phishing Filter, and then click Report This Website.
3. Select the language that is used on the Web site.
4. Select the I think this is a phishing website check box.
5. Click Submit.
---
Bank Safe Online:
http://www.banksafeonline.org.uk/index.html
Report phishing scam by sending email to:
reports@banksafeonline.org.uk
---
Yahoo Security Center:
Use the form on the website:
http://security.yahoo.com/article.html?aid=2006102506
---
Symantic Phish network:
http://www.phishreport.net/consumers.html
Report Suspected Phishing Sites:
https://submit.symantec.com/antifraud/phish.cgi
---
Millersmiles.co.uk:
http://www.millersmiles.co.uk/submit.php
Send email of website address to:
spoof@millersmiles.co.uk
---
Phishtank:
http://www.phishtank.com/
Submit URL on website
---
Castlecops:
http://www.castlecops.com/pirt
Submit URL on website

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

How often will Phorm's database of phishing sites be updated?

The answer is - you don't know becasue Phorm have not released that information. Like everything else you've scrawled on this forum, your "information" is baseless.

As I've said before Norton et al produce the data for the phishing lists. Phorm will only ever get a list that is, at best, days out of date.

Incidently, Phorm are listed as an APWG Sponsoring Vendor Member. It costs them $7500 and for that they get "..."a series of marketing/sponsorship benefits, including being listed as sponsoring vendors on the Anti-Phishing Working Group public website". Other SVMs include Facebook but no ISPs from outside of the USA, no banks or other financial organisations, no national communications companies, no government departments form anywhere in the world - hardly a sign that APWG is a genuine and recognised coalition. In fact it is just another one of those worthy sounding trade organisations and it's entire membership consists of a handful of American companies who sell ati-phishing "solutions".

There is nothing about Phorm's SVM status with this organisation that says anything about Phorm's ability to offer any sort of product nor does it give any indication of quality.

And whoever said that Phorm aren't daft - another unfounded assumption on your part. Everything we've seen so far shows an amazing lack of foresight and business sense as well as an astonishing ability to totally misjudge their target market - hardly a sign of intelligence in the business world. Add to that thei gross negligence in failing to get the ISPs to actually sign a contract before going public with this scheme and anyone who has ever been in business would tell you that "daft" is not a strong enough word for this company.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

This may be of interest but I haven't had time to check it out.
http://googleonlinesecurity.blogspot...-security.html

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

It was said that Webwise will warn of both http and https phishing sites and there seems to be some debate.

I am totally against the main purpose of Webwise (to spy/categorise usage of the internet for profit) and I agree that anti-phishing is already readily available and so there is no need to have Phorm or Webwise at all.

But, I can't see why we're challenging that the Webwise system won't be able to detect calls between my PC and the web to start a session with a secure site. AFAIK the set up of the secure connection cannot OC begin until a connection has been at least made with the site to set it up because the site server and my PC have to exchange some data to set it up and that cannot be done in any "scambled" method which means it is all visible to the phorming system. So I don't see why a Webwise system could not warn about the connection to a suspected phishing site then ignore your data stream from then on, if you continue to browse the site. Of course whether it ignores your data from then on really is the question...

But it makes no odds to me and OC it should make no odds to anyone else because Webwise gives NOTHING AT ALL to the customer which they cannot get for free elsewhere without having someone spying on their every action.

Hank

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Having mulled it over a bit this afternoon, bearing in mind the popular tag line is that WebWise gives good default protection for those who are not tech-savvy. I see that as also not only just having no added benefit, but actually hazardous and potentially harmful to the non tech-savvy.

We know that WebWise flags up only known phishing sites - it makes no claim of identifying sites that have malicious downoads, use browser exploits or give large amounts of spam etc. So that is really only one specific sector of today's on-line threat base. The danger I see is that the non tech-savvy people *may* think "I have WebWise protecting me, I don't need to look for any other protection". That has the potential of givng the most vulnerable poeple a very dangerous false sense of net security. That doesn't help the non tech savvy, I believe that harms them.

N.B I apologise for excessive use of the term 'non tech-savvy', couldn't think of anything appropriate to replace it with. I would be hopeless on Radio 4's Just a Minute.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

You're correct that some data needs to be sent "unscrambled" to set the connection up. However this isn't enough information to decide if the connection should be flagged as a phishing attempt. Webwise will only see the ip address, port and possibly the domain name of the site you are visiting. There are types of attack where this data will be for a completely legit site so will appear OK.

The URL is not sent until the encrypted connection has been set up.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

It just seems odd that something sitting at the ISP level would not be able to say https:\\aphishsite.com or https\\xxx.xxx.xxx.xxx when requested is a phishing site on their list (disregarding for the moment how complete that list is)

I confess to not knowing enough in this area though! :dunce:

Hank

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Share Price: 925.00
Bid: 875.00
Ask: 975.00
Change: -100.00 (-9.76%)
Faller - Phorm Reg S

Says it all :angel:

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Cryptography is often counterintuitive. Think of it this way: The way https was designed was to hide as much information as possible from eavesdroppers. If you visit https://www.example.com/path/file.php?do=something_bad then all that gets sent unencrypted is www.example.com*. www.example.com might be a legit site but with a poorly coded page that allows it to be used as part of a phishing attempt.




* Note: This isn't technically correct. That probably isn't even sent (unless you're using an up to date browser supporting Server Name Indication - in which case it'll likely also have a built in phishing filter). Instead the ip address for that domain is. Although to look up that address www.example.com is sent unencrypted to a DNS server.

I'm trying to keep it simple though. :)

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

So are phorm intercepting the DNS queries as well? Even that wouldn't work tho - as the result could easily be in your local DNS Cache.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

If Webwise looks at anything that is not on port 80, then BT is misleading everyone.

BT's data path clearly states: "Only HTTP traffic is processed within the Rules Engine and thereafter in the rest of the system."
http://webwise.bt.com/webwise/customer_choice.html

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

They say they only intercept port 80 so no DNS. Intercepting DNS queries would solve some of the issues but far from all. To come up with a half decent system they would have to intercept ALL traffic. Consider this:

https://258.23.239.2:22/

(IP address intentionally broken so it doesn't go anywhere)

The bottom line is this is a bad way to implement phishing protection.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

nothing to do with us lot, the market place is in a downward trend on it`s own, somat to do with a very weak poorly $ and credit.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Your example proves a very valid point. Phorm would have to look at all ports and look at the protocol being used (http) and then decide if its a phishing attack. Othewise, as your example shows, it would be so easy to circumvent the phorm anti-phishing "service", even for http attacks, let alone https.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

What do you think would happen if you set up a web site that re-directed you to another port (other than 80)?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

8.75

I am enjoying today.

http://finance.google.com/finance?q=LON:PHRM

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Just to show that BT are keeping themselves sharp and on the button legally speaking here's a copy of my latest (and last) correspondence with Emma Sanderson: (on the topic of website copyright). It contains some great quotes for use in court!

My email to Emma Sanderson: (in full)

Greetings.
Today's topic is the much neglected subject of website copyright which BT/Phorm seem to think does not apply to them.

Yes I've read the FOI stuff from the ICO and seen his mistaken and sadly inadequate understanding of implied consent with reference to Web content. He is wrong.

You have a major problem with Webwise in relation to the copyright of Website content. Here are the problems you have so far failed to address in public statements and private emails that I have seen. I understand your position to be represented by the following statement you made recently in an email to a customer, published on Cableforum and BT Beta forums.

"We believe that, in general, we can rely upon website owners' implied consent where websites have not taken steps to make their sites inaccessible generally, for example by excluding major search engines such as Google via robots.txt.
Over and above this, we are also taking reasonable steps to exclude specific websites from profiling upon specific request from the website owner. As per my previous email, if you provide me with the domain name for your website (and confirmation of ownership) then we will ensure that it is excluded from profiling within Webwise."

This ignores major sections of copyright law and places you in the position of being liable to CRIMINAL prosecution for copyright abuse for commercial gain.

1- you have not worked out how to avoid websites that carry a legal front page text warning or privacy policy explicitly witholding consent from the Phorm/Webwise system. There are an increasing number of such sites out there now, many of them actually mentioning the disgraceful Webwise system by name. If Webwise profiles those sites, you are in trouble.

2 - you are relying on robots.txt Google statements for implied consent, when the internet standards specify robots.txt is an "exclusion" mechanism, not a consent mechanism according to internet standards. There is no way you could defend this in a court of law - and believe me you will end up in one if you operate this system, facing people who know a great deal more about copyright law than you do. And it looks ridiculous anyway, because Mr Ertugrul is always highlighting the DIFFERENCE between Google and Phorm/Webwise - so how he/you think that when it comes to website copyright they are the same, beggars belief. But if you think you can justify it without looking silly, fair enough.

3 - you have totally failed to deal with the issue of ISP provided webspace, such as BTY-Geocities and BTOpenworld (to name a couple you may be familiar with) that do not operate for the owner at a top level domain, and therefore where robots.txt is not actually read by google and therefore where webmasters do not USE robots.txt. I've mentioned this before but you have never responded specifically so I mention it again. Again - it will look very embarrassing in court when you are asked about this. And you will be.

4 - you are offering an "opt-out" system for webmasters, when you know full well that the majority of the millions of the websites in the world will not be aware of, nor should they have to even consider the work involved in sorting out their inclusion on your spurious Webwise opt-out list. Do your "reasonable steps" include ANY attempt to contact every website owner in the world? Do your reasonable steps include any worldwide publicity about Webwise that website owners could reasonably be expected to see? What reasonable steps HAVE you taken to publicise this list and inform webmasters? What publicly available information IS out there and how might a webmaster reasonably locate it? How many languages is it published in for example? Where is it published?

5 - you have not considered the international legal aspects of Webwise in reference to Website copyright. Not only do you have to be familiar with the legal situation in the UK (which you patently are NOT as the debacle of the 2006 and 2007 trials displays - see ICO comment on illegality of those trials) - but you need to be familiar with the legal environment in every country in the WORLD, because you are rolling Webwise out across the WORLDwideweb. Are you quite convinced that for example, no website owner in the USA will take copyright infringement action against BT when a Webwise linked BT customer visits their site? Perhaps a Congressional campaigner against NebuAd who will be well prepared for a DPI snoop to their site, and be well informed, and have a similarly well briefed US lawyer ready to sue the pants off you? Or possibly initiate a criminal case?

6 - and of course finally and most importantly, copyright law simply prohibits what you are doing with Webwise. Period. It's illegal. You CANNOT copy, make derivative works from, exploit for commercial gain, copyright material without IN ADVANCE obtaining a licence to do so from the copyright holder. The existence of publicly available material does NOT mean it is not still copyright. Books in a public library are copyright. Web pages are copyright whether publicly available or encrypted or password protected. It is ALL copyright. You are proposing to copy this material, profile it, make derivative works based on it, and all for commercial gain. Webwise is criminal, copyright theft. You can go to jail for it. You can be fined for it. And you can (and will) be sued for it in the civil courts.

Have you not thought about what a prosecution (or plaintiff) lawyer would DO to an ISP defendant who tried out your ridiculous "defence" on copyright? Do you not think he would have a list a mile long of previous ISP statements about filesharers? About how the ISP's present themselves as champions for intellectual property rights? Do you not realise how stupid they would make you look (before finding you guilty)? Do you not think the press would have a field day comparing the way in which ISP's co-operate in the persecution of individual teenagers, yet attempt wholesale copyright fraud through their DPI/Profiling technology?

If you have been following the Cableforum or BT Beta forum discussions (and it would be negligent of you NOT to have been following them) you will have seen these arguments rehearsed in detail by people who know their copyright onions extremely well. I refer you also to the Dephormation site copyright page at http://www.dephormation.org.uk/web_m...html#Copyright - if you haven't yet read this you need to read it very carefully. And your lawyers need to read it too. And come up with answers BEFORE you commit potentially CRIMINAL acts with respect to copyright, acts that could result in JAIL sentences.

You can dismiss us if you like, the way Kent Ertugrul does. But we'll still be here when Webwise has bitten the dust. And we are trying to warn you - you are in dangerous legal waters and you could end up with criminal charges against you.

I wonder what the shareholders will think about all this legal high wire walking that BT executives are planning to do with their company? Aren't you in enough legal trouble anyway? With the police file being handed in on 16th, don't you think it would be wise NOT to commit any more illegal acts for a while? Let alone a massive copyright offence of global proportions.

Please note - I will infer your consent to the publication of any reply to this email unless you expressly and explicitly withold such consent.

Her reply to me: (some final comments about there being no further replies are edited out)

Neither of the previous small technical trials or our future trial of BT Webwise involve infringement of the copyright of any website holder.
Anyone who puts a webpage on the internet does so for the purpose of people making copies of it for the purpose of looking at it and assessing the information contained in it. There are of course some exceptions to this, which is why, for example, BT Webwise does not profile pages transmitted via HTTPS.

Accordingly I am afraid no royalties or other payments are due to website owners - aside from those that want to participate in the OIX of course (www.phorm.com).

We believe that we can rely upon website owners implied consent, especially if websites are happy to be trawled by major search engines such as Google, as if they are unhappy with this and use robots.txt to block the likes of Google then Phorm will also ensure such sites are excluded. It is not reasonable or practical to contact every website owner in advance or to identify sites displaying Webwise messages.

Over and above this we are also taking reasonable steps to exclude specific websites upon specific request from the website owner, so if website owners provide us with the url's of their websites (and confirmation of ownership) then we will ensure that they are excluded by
Phorm.

I can assure you that we have taken advice and believe our approach is both entirely reasonable (straightforward) and that it complies with relevant legislation.

I was particularly taken by the acknowledgement that BT intend to ignore and flaunt the requirements of website privacy/copyright notices. Great to see that put so clearly in writing.

Anyway - I thought all this ought to be on record, and I have of course inferred consent from the lack of any request for the reply to remain private.

And the share price according to google is now 875p - is that the lowest yet this year?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

That's an interesting point do Phorm/Webwise specifically say only port 80 or only the http protocol http://xxxx:3215 is a valid http request!

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Exactly. To make a half decent anti phishing system phorm will have to intercept ALL traffic. Even then they will be less effective than a system running on the users pc.

This is a bad way to protect against phishing.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Exactly, this is my point. It does not even need to redirect, it just needs to be set up on port X. Anything can link to it (email, website etc). Port numbers are just a "recommendation", if you want, of which port (which is just a suffix really on the IP Packet) to send different types of protocols down (e.g.80, 443 we are all familiar with, but 20 & 21 for FTP etc). There is nothing to stop you using ANY port for ANY protocol as far as I am aware (some firewalls may flag this however).

So the only way phorm anti-phishing can work is to scan all ports and analyse and recognise what protocols are being used.

Otherwise the anti-phish system will fail. If a phisher can circumvent detection in any way - they will.

This is so simple to circumvent - its embarrassing!

Unless..... No they cant be can they.... Scanning all ports???????? Nah!

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

AFAIK that is the lowest ever! :angel:

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

http://www.badphorm.co.uk/e107_plugi...topic.php?4267

Right now, I'm using -p tcp --dport 80 -j REDIRECT --to-ports 3128 to
transparently proxy web traffic to a running squid.

I'd like to be able to balance between several running squid
processes, say, on 3128, 3129, 3130, and 3131.

The --to-ports option to REDIRECT says it can take a port range,
which I tried ("--to-ports 3128-3131"), but it only rewrites the dest
port to 3128. What is a port range option to --to-ports ever used for?

This is part of a conversation between 121Media and a Support Forum for Squid, during the initial creation of Webwise. It indicates the ports they would like to redirect to, and also the Port they wished to intercept.

Unfortunately nothing about whether they will intercept anything on any other port.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Unless I'm very much mistaken, I don't think I've ever seen the anti-phishing system in any of the diagrams, and there is certainly no reference to it in the 2006 trial report.

There's certainly no mention of it in this (current) picture;

http://webwise.bt.com/webwise/customer_choice.html

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Then you know very little.
I bought some for a fiver, and it was about a quid when listed.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Also, looking at the diagram, between the 'Rules Engine' and the 'Customer Choice Module' - the path appears to have the potential to cause a loop, if the software/hardware fails to coherently recognize the Customer Selection - or in itself fails.

Additionally, the 'Customer Choice Module' still clearly indicates the Cookie Opt-out.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Prove it.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

You've been in for a long time then. Google doesn't go back that far.

I may not have known that but I can assure you I know a fair bit. I also have an idea of the limits of my knowledge, hence the AFAIK prefix.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

not sure why you're having a pop. Very rude.

Try reading around here if you want some proof though.

http://www.advfn.com/cmn/fbb/thread....42302&from=492

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

As Phorm (PHRM.L) it is their lowest. Prior to that they were 121Media.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

All they did was change their name. Still the same shares and the same company......cue comments about spyware and 121 !!!

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Hi All

Just put up Anti-Phorm Video #2 the new video is Here enjoy. :D

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I'm not "having a pop".

It's just that you repeatedly make unsubstantiated statements and never offer any scrap of proof or justification for your comments.

I'm sure that you are aware that advfn is only available to registered users as this has been mentioned before in this forum. I'm also sure that you'll appreciate that the last link you posted here was to a phishing website and I'm less than inclined to follow any further links that you post.

Perhaps you would like to post the information here or maybe just explain using your own words.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

When most companies start up they split shares amoungst the directors at a penny a share to make it look legal to companies house.. Many thanks for proving you are either Kent himself or another director.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Period of Change / Value / Change
1 week........... 1,137.50 -222.50 -19.56%
1 mth ............ 1,162.50 -247.50 -21.29%
3 mths ........... 1,712.50 -797.50 -46.57%
6 mths ........... 2,070.00 -1,155.00 -55.80%
1 yr............... 3,207.50 -2,292.50 -71.47%
3 yrs............... 206.50 +708.50 +343.10%
5 yrs................ 248.50 +666.50 +268.21%

I should point out this is not a stocks and shares thread.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I know - I was just trying to point out that this is the reason you cannot find data prior to 4/5/07 on iii etc under PHRM.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Well if you're happy to all agree never to talk about 121 again that suits me :D

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Before then they were listed as OTO and OTOM.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

There's a great new bit of kit coming out soon that will help you avoid phishing websites. Goes by the name of Webwise.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Which brings us neatly back to the point.

Webwise is a bad way to implement a phishing protection system.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Why ?

When it will be free, continually updated, and does not require the user to waste their time on downloads and updates. Sounds a great way of doing things I think.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

hey kids like the bbc webwise it teaches them all about the big wibble glad you found it.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Have you not been paying attention?

Firefox's anti phishing features are free, continually updated and do not require the user to waste time on downloads and updates.

Webwise will never be able to protect against all the threats that a PC based solution can.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

:rofl: :rofl: Hammy that is the best laugh I have had for days but sorry it is impossible since 121media is phorm as phorm is 121 media

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I keep saying that someone should put this to the test. AFAIK, all BT domains use http, are on the web and allow themselves to be crawled by Google search engines.

This would mean, according to them, that all BT websites have their copyright nulled and are open to commercial exploitation.

Should we figure out a way to commercially exploit BT websites?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Shares now down to 900!

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Could you remind me Florence, my brain is beginning to get very tired. What did 121Media do before they were known as Phorm. Were they great leaders in the anti-spyware and anti-Phishing business?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

How about re-selling their phones and services and use the marketting material directly from their own web-pages so you don't have to spend loads on web-site development.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I use AVG, which has an inline link checker for all search results on the major search engines, it's completely free and updates automatically, and gives visual clues to the safety of the links on the page. Best of all it doesn't require me to having my entire browsing history profiled.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Great letter, Robert.

Quick question for you; did you ever get Emma S. to explain how they are going to explain the forging cookies issue, especially with regards to sites who don't use cookies, and explicity state they don't in their privacy policy?

OB

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Could we not write a couple of BT webpage scrapers. We could change all the BT numbers within to our own and reap the rewards. (It is legal that, ain't it?)

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

What's Emma's email address? I will ask her if she thinks it would be OK if people commercially exploit BTs websites for the same reasons.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I know where you're coming from but I'm not sure this is the wisest course of action. Don't want to give them the ammunition to shoot us with.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I'd like to hear what Emma has to say, though.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

This latest offering from AVG has been strongly criticised in many circles. It not only looks at all the links in a Google response page but also downloads those pages and analyses them to see if they look like phish. Exactly like Phorm is doing with its profiling. Many web authors are up in arms about all the increased traffic their sites are getting from this new AVG 'feature'.

By the way, Opera's anti-phishing is also free, uses a remote database updated real time, needs no action from the user in downloading.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

No harm in that :D

---------- Post added at 16:47 ---------- Previous post was at 16:45 ----------

Should I assume from your silence HamsterWheel that you agree with me?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

You mean like this:

A proof of the Riemann hypothesis
http://arxiv.org/abs/0807.0090 :erm:

Funny how this came up, I'd never heard of the Riemann hypothesis before.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Think you have a word to many drop anti and you will hit the nail firmly on the head, also don't forget that evil rootkit, hijacking browsers and saturating the computer with adverts.. Where have I heard similar recently oh yes BT want to implement webwise run by a company called phorm using a network rootkit hijacking the browser to stalk the user then supply adverts to line his pocket with gold.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

BT websites are copyrighted.

Strange then that they insist that all other websites are freely available for copying.

I do not believe that BT obtained any legal advice pertaining to this issue as any lawyer would have been able to tell them that you only have a Limited Lecence when you are sent a webpage - that's right; it is sent to you contrary to the popular concpet of being visited.

This is exactly the same arrangement that exists when you purchase a CD. The disk is your property bu the content is alaway and only the property of the copyright holder. You have a Limited Licence which allows you to play the disk and listen to the content but there are restrictions including not being allowed to "broadcast" i.e allow other people to listen to it in a shop or pub as well as transmitting it through any media and you absolutely can not make copies.

It is especially interesting that Emma S refers specifically to "copies" in her reply to Robert as this indicates to me that she is not quoting from or has not understood any legal advice regarding the ownership and licensing of any form of content on any media.

We need BT to qualify their claims that they sought legal advice especially with regards to the areas of the system that such advice covered. I suspect that the only advice that they sought was to see if they could use the word "Webwise".

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I have followed this thread for many weeks now and am concerned at the amount of OT posting referring to bets/investments made in the former Co 121 media now known as Phorm and of some people manipulating and diluting the course of this thread it was never intended to be used as an advertising platform for Phorm .as I have had knuckles wrapped for earlier posting,I feel that future discussion on stock prices and and those associated with it be moved to another thread.Having said this I see no reason why one post at the close of trading would suffice .Needless to say that the postings on the illegalities of Phorm today have been shown the best way forward.
Guys I don't understand the tech stuff but the invasion is totally abhorrent to many ,keep fighting for us little guys as a person with mobility issues I rely on my PC as my main contact with the outside world.

Many thanks to you all Tarqin:wavey:

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

So is anyone going to give me Emma's email address? Or would they like to ask Emma themselves whether BT websites are, by the same logic, commercially exploitable?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I am thinking of blocking all visits whose visit profile looks like they are using AVG as it is using 2 visits before the human sees the page - 3 times bandwidth cost.

Problem is, all those visits from Google could be human or they could just be the AVG script - no way of knowing. Have to just ignore the increase in traffic, factor it down by 3 and know that I am getting near to real visitor numbers.

BT will be upset by AVG too as they will be being hit for interceptions made by AVG on BT customer accounts. But then, that is what happens when you allow people to use software that spoofs someone else's IP address.

AVG currently use just one useragent, so it is possible to eliminate the scrapper visits. However, they are planing on removing that identifier as they want to minimise the risk of phishing sites giving the script a clean page and sending the human to the malware page.

If you use AVG, trust it about as much as you will trust Webwise and its ability to protect you from phishing.

Common sense, that is the best protection.

Never click on ads - they are used to redirect via malware sites before sending you on to the real site (since before April 2007, to my knowledge). AVG only checks the final destination URL and does not follow all the redirects from the ad (else they would be generating as many 'fraudulent clicks' as they are phantom visitors)

Sorry, slightly off topic. Just shows that if you are relying on someone's software to protect you, it is only as good as the control mechanisms programmed into it. And if it annoys the innocent, you may find yourself tarred as guilty by association.

BlueCoat offer similar, and it is free. Webmasters only need to contact BlueCoat who will then cache your sites once and fit it into a category: else they do the 2 scrapping visits before human visitor too. At least BlueCoat uses its own IP address so visits are easy to track.

Rant over.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Now thats something I didn't realise, I thought it was just checking the links on the page against a database.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

The domain names of my web sites are none of BT's concern. Search services are providing a useful service, still some webmasters elect to exclude their sites from the search index or from caching (by both proxies and search engines). If BT want to take the position that Phorm can be excluded, what is the UA name used in requests from Phorms profiler? On some sites I may exclude them from all or part of a site using robots.txt, on others I'd like to use a rewrite engine or server side UA sniffing to send them garbage -- as is my right.

Then there's the issue of passing off when they phorge a tracking cookie (as previously noted this could potentially contravene a sites privacy policy). There's certainly no implied consent from me for Phorm/BT to be setting these cookies for my domains.

Something else I've been wondering. HTTP cookies are limited to 20 per domain, what happens if this limit is reached? Do Phorm overwrite a legitimate cookie?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

@ Alex

Please PM me the Press release, I will adapt it if required for the Scottish Media, and send to a list I've compiled.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I have already asked, noting to her that the bt sites no longer carry any copyright statement, plus there is identical content hosted on non-bt domains. Maybe she is still looking for the duplicate content on other domains, or else it is being published under licence from BT, even though the site is silent on this fact.

Anyway, I think E and I were getting close to giving up email communicating as I never received a reply.

BT email addresses are of the format firstname dot lastname at bt dot com.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I don't think a user-agent of Phorm is entirely of any relevance, as the Phorm/WebWise kit isn't actually making any connection with a website. It just intercepts the connection made between the end user and website (once all the 307 dance is completed and a communication is allowed to and back from the real website), so the only user-agent to be seen will be that of the user. Convenient for them, eh?

A theory of mine after my limited understanding of the reports I must add.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Sometimes a small diversion into the sideline can help stop a thread like this from becoming too dry.

In this case watching shares fluctuate during the day can tell us more than simply looking at the end of day prices especially as there are strong signs that Phorm have trying to pump the price of their stock through press releases claiming new contracts and early start dates for the BT trial.

Investors often "hear" about developments that take a while to filter down to the rest of us so watching the share price during the day is a kind of litmus test that make a quick search around the internet worth while.

Apart from that, there is a very real chance that Phorm will go bust before thier system even gets up and running and that is something that is worth watching for.

A lot of the current discussion about 12Media's shares stems from claims made by one particular member and while it could be argued that it's better to ignore such posts it might be having a look at the BT Forum. I posted a comment on there that there must be many hundreds or even thousands of peopl who read these forums without being active participants and a number of people joined and posted on there to say that this was true for them.

Because of that it is important to make sure that posts regarding Phorm's past business practises and their current commercial standing and viability are accurate and that no-one is allowed to post unsubstantiated or inaccurate comments and remain unchallenged otherwise you run the risk of having this forum subverted into another outlet for Phorms' spin doctors and investors trying to artificially inflate the value of their shares.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I use AVG 8. The issues are primarily around bandwidth usage and site stats but this is another topic entirely and should be discussed elsewhere. Incidentally the link scanner does not appear to work with Firefox.
I think it is unfair to brand AVG with the likes of Phorm .

---------- Post added at 17:32 ---------- Previous post was at 17:27 ----------

I would agree but there have been occasions when the topics of posts have clearly diverted. However your comments are relevant.

@all

People need to remember who has posted here (Baroness Miller for example) and who may be following the debate. I am sure the last thing everyone wants is for the last five months of effort to lose its credibility.

Light relief is one thing but flaming and badgering is another. certain individuals will try to divert the thread but they should be ignored.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I think in this case things ought to be judged on their merit, obviously there are degrees of relevance, not just individual 'channels' of interest. Pigeon holing things into discrete categories? Sounds like a horrible premise for an advertising solution, and seems mighty familiar...

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

From BT's terms and conditions...

You agree that any content, software or other copyright material we supply to you is for your own private use, and that you must not copy, change or publish the material or supply it to any other person or use it for any business purpose.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I've sent an email to our dear Emma.

Let's see if she refers to the Ts and Cs.

---------- Post added at 17:44 ---------- Previous post was at 17:43 ----------

Not everyone is a BT customer.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

It's BT who are making the google comparison and mentioning robots.txt as an opt-out for site operators, the user won't be requesting that file. As previously noted, not every site has access to the document root. If Phorm can append themselves to the user agent string, this gives web masters the ability to opt-out in a way that stands BT's comparison with googlebot.

I also see max cookies per domain is now 50 in modern browsers and browsers will delete cookies when that limit is reached. How are Phorm proposing to handle that?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I agree and disagree, weighting more towards disagreeing.

They are selling a product which scraps copyright content and analyses it in order to make a commercial profit for themselves.

They are using my bandwidth by disguising themselves as a real visitor.

Scrappers are routinely banned from my sites.

They are looking at the sites you look at plus, as a minimum, 9 other sites and PPC ads related to the same search term - 9+ times more snooping than Phorm is doing.

The big negative, is that it does not maintain a database of good/bad sites.

The only plus I can think of is that currently the script is not reporting back to mama.

How many of the above do you rank as redeeming factors?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I think it was also noted that they were doing a scrape for robots.txt of domains to keep in a cache, so during regular browsing of a Phorm connection, the kit still wont make its own unique connection to said site as it will already have the robots.txt on file, and thus leaving the connection purely down to the user agent of the user. There just wont be a user agent of Phorms to block.

---------- Post added at 17:58 ---------- Previous post was at 17:56 ----------

Rather than use the word 'block' I should have used the word 'deny' really as robots.txt is a system of honour and respecte rather than access protection.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Honor and respect...

There's a phrase you wouldn't expect to see in a discussion about Phorm.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I can specify "User-agent: Googlebot" and a specific rule in my robots.txt, it's BT are telling us there's implied consent and that site operators can opt out. We need a UA to do that effectively. Not every site has access to robots.txt if they want to continue down this "implied consent" route, they need to append the UA string for requests accordingly.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Agreed with all the above. Sadly I don't think a UA for Phorm will ever exist though. If it wants to win over the web it really ought to though I do agree.

---------- Post added at 18:12 ---------- Previous post was at 18:11 ----------

Glad the irony was not lost ;)

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Would that mean if Phorms webwise goes live, they would also get those http requests and pages that AVG makes?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

http://blog.btbroadbandoffice.com/

How Internet copyright legislation affects you

What you need to know

Intellectual Property.gov.uk sums up UK Internet copyright law as: "material sent over the Internet or stored on web servers will generally be protected in the same way as material in other media", and that one must have the owner's permission to use it.

Therefore, any material that you own the copyright for and put on the Internet is protected from others using it without permission. And the reverse applies as well - if you come across something on the Internet, you cannot use it without observing the owner's copyright terms.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

No - that's on my list of "significant unanswered questions". Tried - finally given up.

---------- Post added at 18:27 ---------- Previous post was at 18:24 ----------


BT managers have their email address in the form of firstnamedotlastnameATbtdotcom and she is [ Moderator Edit ]



[Moderator Edit (Rob M): Please do not post names of individuals who have not specifically requested/authorised that you do so.]

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

One thing sites can do, and I am up for trying it.

How about a redirect for all BT IP's that visit the website in question. Is there anyway we could forward that ISP's IP range to a Webwise information page, with links for the Petition, AGM Protest etc.

ie Any of BT's customers who visit any of the participating websites, don't actually get to see the website, with an explanation of why we are doing this, to promote a wider knowledge of Phorm etc and if they wish to know why they are being blocked from visiting to ring or email Emma?

Maybe do it once a week as a sign of solidarity and once BT and Phorm is launched permanently, or am I just been stupid?

This would help raise awareness and generate some extra work for our friends at BT.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Yes - Assuming both systems haven't changed significantly by then.

The result as I see it has two parts:

1. The profile built up for you is less accurate. (Though maybe not significantly)

2. AVGs link scanner will have to cope with lots of redirects etc. Which it may well fail to do. This is part of the general problem of breaking non-browser applications that use http.