Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Agreed.
Hope Kent hasn't accepted any investment from, erm, the shadier side of Moscow's business community!

Is that blood that I can smell?
:shocked:

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

If they managed to break https (SLL) then they would be bl0ody good programmers/mathamatitions. I really dont think we have to worry about the https being profiled as its all but impossible to do - the only way to do it usually is by back door attacks, not man in the middle - so I really dont think we need to wory about our banking transactions.

Unless your bank doesnt use https - but if this were the case - I would dump that bank ASAP!

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I've been meaning to post some thoughts on the question of performance.

Given the mythical white lists, black lists, user agent filters, opt in/out/shake it all about cookies...

The processing of every request, in real time is going to be a big overhead isn't it?

For each request Phorm must;

- Check for cookies, and perform redirects if necessary to set cookies*
- Check the URL against a black list of 25 (up to 60,000+) private sites**
- Check the user agent against a list of target user-agents***
- Check the request for http auth params to avoid protected content****
- Filter the page and URL for names/addresses/identifiers/sensitive words****

* caveat, opted out users must use different infrastructure
** caveat, this will never be complete no matter how long the list
*** caveat, this will still result in non-browser apps being profiled
**** caveat, inadequate because many unencrypted yet private txns are not authenticated
***** caveat, this will never ever work ... it will capture names & identifiers of all kinds

And that's for every request, before you even start profiling the content.

The overhead on an http request will be immense.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

So maybe getting as many things added to the black list *is* a good idea - sorry Alexander.

Can you imagine the performance hit if hit had to search 1million website for every session.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

No but they could easily reroute your web page to a rogue site as with their previous phishing expeditions. If you think that little padlock means you are secure dream on....

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

BUT then your certificate would not match the site name - and a great big warning would come up! If you think Thawte or any other root certificate supplier would give phorm a certificate for EVERY https site in the world - well we are into massive consiracy theorys there.

Lets keep the discussion on to things that can realisticly happen.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Polonium I think ...

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

BT have said that if someone sets their browser e.t.c. to block webwise during the trial, then they won't be able to access the internet for the duration of the trial.

If thats the case then, it's irrelevant whether you opt in or out, your data will still be redirected to webwise servers, and will be dependant on the functioning of those servers.

So if Phorm's equipment fails, it could in theory leave hundreds of thousands of people without the ability to surf the web regardless of whether or not they opted in or out.

This means that if someone can't access the web, they won't know whether the liability rests with BT or with Phorm.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Why do I think that the 'blacklist' is just more vapourware? There may be a list that you can add your site to, but how would you know if you were still 'accidentally' being profiled? And what would your remedy be (get in the queue after 108,000 other BT offences).

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Probably the longest task but sub-second per request and requests will be performed in a multi-threaded app with multiple requests being processed in parallel.


60000 * 100 chars = 600k of memory so in memory caching of this and the lookup will take nanoseconds

Again, in-memory caching and nanosecond lookups

Extracting and checking a few parameters from a HTTP request object... milliseconds

This depends on their software but would (I hope) be layed off onto the profiler box which would be out of band and would not affect the transaction.

So all in all, the traffic shouldn't be affected noticibly.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

If they are contracted to BT, then the fault lies with BT.

Pure and simple, every time.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I think it is fairer to say that BT have been fairly vague about that particular issue but it is definitely one way of interpreting the grammatically confusing answer they gave. If I ever hear that the trials have started I will certainly be blocking via HOSTS all the relevant oix, phorm and webwise domains I have listed, and also blocking the cookies (to model a cookie free situation) to see what happens to my browsing. If that breaks my browsing then I think it will probably break BT also.

But they have been quite good at grammatically confusing written answers, and even in broadcasts, their spokespeople seem to manage oral stumbles that likewise leave you not QUITE sure what they meant - with the same hesitations/fluffed words at exactly the same point of the same answer on different news bulletins during different interviews.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Your initial http request would not get near your bank. The layer 7 device would divert it to the standard phishing front page, which would look to you like your banks login and shared secrets pages. Now they have your details. Perhaps you should re-read Richard Clayton's tech description.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Yes they will:

They have a contract with BT.

The Phorm supplied equipment will reside on BT's site(s) and there's a funny arrangement whereby it's owned by BT (but BT have limited access to the equipment).

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Sounds like BT had one of the blonde days best way is to have two lines of fight the one to makes ure it doesn't happen and backup for if it does..