Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Ok guys I couldn’t resist posting on this blog.
Could someone please explain the point of this stupid p.r. stunt next Tuesday or can’t Bent Kent get it into his tiny little rootkit yet that it’s all over now? I do understand he may challenge our law but on what grounds? There are none.
You see there was previously no way even via ssl encryptions, browser privacy settings or opting out of it to block the intrusions entirely. Phorm could at anytime read anything it so chose to no matter how hard you fought against it therefore the law has ruled against him from setting up this elaborate scam as he’d planned. Mr. Erty Gerty thought he could buy the law out in this country but has learned a hard lesson in doing so, a £32million lesson no less and he’s dropped Bt fairly and squarely into the cess pit with himself in doing so.
Seriously now, would someone please enlighten me as to where the legal challenge is and why is this stupid idiot orchestrating these silly p.r. stunts next week?
I believe there is more to this thing than we’re being told.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Regarding Phorm as a "man in the middle" and able to see even https sites if they choose to.
Today I received in the post from Nationwide (whom I bank with), a battery powered card reader, that's not connected to my pc in anyway.

What happens is, I log in as usual to their secure site, select the third party I want to send a payment to, Nationwide then asks me to insert my debit card into the reader, which asks for the "atm" pin, then asks for the ref. no.that Nationwide gives me, plus the amount to pay.

Still with me? The reader gives me an eight digit number to enter on the website, and after confirming, the payment goes through.

So... it seems that Nationwide no longer, implicitly trusts https and ssl encryption, and has inserted an extra layer. I wonder if Phorm are the trigger for this, or just the (what seems to be), trend towards profiling of users via traffic interception. Does anyone know of other banks making similar moves?

Richard

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I'm sure everyone who cares about their privacy appreciates your efforts.

Thank you :clap:

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Seconded. I salute you, sir.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

So now you will be sending the chip data, your pin and your on line banking pin to nationwide via the Phorm profiler.
When your card gets cloned and Nationwide turn around and say it is your loss as they knew the PIN can you go back to them and highlight that Phorm could have snooped it so Chip and Pin is no longer secure. I would have thought an RSA SecureID key would be more secure than this approach in many respects. Now you have a token and two shared secrets, both have alternate uses wheras with a SecureID you would still have a token and a secret, not much less secure and well the token cannot be cloned and put in an ATM or used to fill the car up.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Given that the meeting involves 80/20, I suspect it's all part of the privacy impact statement. Having said that, i'm sure they want to try to trip people up, probably over the legalities. They will certainly have something up their sleeves.

One thing that I think is likely to happen is, when challenging over the legal side, the anti-phorm challenger will be asked 'Are you a lawyer?'.

The Phorm side will then have someone stand up and say 'I'm a QC and I say you are wrong because ...'

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Hi Richard,

Barclays have a similar scheme which they call PINSentry, you insert your card into the calculator like device and it gives you an 8 digit number to enter when logging into the online banking section, or if you're making a payment to someone new. I'm sure it's a similar thing to the nationwide one.

The PINSentry info is here http://www.barclays.co.uk/pinsentry/

I read somewhere that HSBC have plans for something similar too

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

@SMHarman
No, I don't think so, the card reader is not connected to anything, "chip & pin" just identifies me to the reader, I'm assuming the eight digit code is a form of encryption generated by the reader.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Hi Alex :)

Any self respecting Wii owner won't be bothering with Iplayer since Mario Kart was released today (and it's excellent) :)

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Whoops missed that bit about not connected to the PC in any way and yes wow reading it properly this time, what a palava, almost easier to write a cheque and put it in the post or go to the local branch.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I also thought about this and questioned it here #2176 though I had initially forgotten about certification. After subsequent reading, including this, I have come to the conclusion that using this deep packet equipment would make a 'man-in-the-middle' attack possible. Now if someone working for Phorm were not trustworthy...

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Interesting that online payments have cropped up. The new banking code takes a lot of the responsibility off the banks and places it firmly on the shoulders of the public with regards to privacy and security.

Under the new code customers will be liable for identity theft/fraud if they do not have:

Upto date Anti-Virus
Upto date firewall
Upto date OS patches

And a whole bunch of other things. I can't wait for the day when someone tries to put in a fraud claim and the Bank say "Sorry but you use a Phorm enabled ISP therefore you have not taken adequate measures to protect your privacy and as such are liable for any losses as a result of the fraud."

Alexander Hanff

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Oh forget the 80/20 confusion we know Bent Kent owns them, haaa..

Sorry I still cannot see and legal grounds to challenge the law. He may try to appeal the decision under'conflict of law' but he needs to carefully choose a sound solid law that allows him to access into millions of pcs in the uk by means of an opt out clause or similar and this does not exist. He could use American law under 'conflict of law' and quote the canspam act or something else, this is the only legal means he has..

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Yes it is a pain in the ass but it is more secure...might even stop Phorm snooping :)

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

@Ravenheart
I suppose all this does then, is establish that you have the "physical" card in your posession and not just the numbers.

Richard.