Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 11-04-2008, 21:44   #2937
mark777
Inactive
 
Join Date: Mar 2008
Services: 0.4 Mbps BB + Phone
Posts: 447
mark777 is a glorious beacon of lightmark777 is a glorious beacon of lightmark777 is a glorious beacon of lightmark777 is a glorious beacon of lightmark777 is a glorious beacon of lightmark777 is a glorious beacon of lightmark777 is a glorious beacon of light
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by bishbosh View Post
http://www.bbc.co.uk/blogs/technolog...ish_phorm.html

In the comments: A Possibility?

Webwise works by having a layer 7 switch intercept and impersonate the client and server requests on the network: -

You browse to a secure site

The switch takes this request and passes it to the site as its own, adding the Webwise cookie.

When the site responds with its public encryption key, the switch strips the public key for the site out, adds its own public key and forwards the request to you.

Even when you exchange a private key, the switch will also intercept this, (seeing it already has the public key) create its own private key and use its key to communicate with your 'secure' website.

Meanwhile, all this decrypted data is being forwarded into Webwise for 'processing'. This is the fatal flaw with SSL.

If your ISP or your network admin wants to 'snoop' on your browsing, they can.

Bear in mind that you can send certificates in the post on a USB stick, however, header information is NOT encrypted - so they can still see which sites you are visiting, even if they can't decrypt the traffic being sent.
I've tried posting there in the last hour and it fell over. The BBC has admitted to some technical problems with posting to it's blogs. It may work for you though.

---------- Post added at 21:36 ---------- Previous post was at 20:36 ----------

Quote:
Originally Posted by bishbosh View Post
Bear in mind that you can send certificates in the post on a USB stick, however, header information is NOT encrypted - so they can still see which sites you are visiting, even if they can't decrypt the traffic being sent.
So should we all be asking our banks to do so? Perhaps VM should send us one for their webmail site? Just a thought.

---------- Post added at 21:44 ---------- Previous post was at 21:36 ----------

"Home Secretary Jacqui Smith will be in Downing Street on 17 April for a live webchat from 14:00 BST.

* Log in and post your question

Jacqui will take questions on her remit as Home Secretary with a focus on the Border Agency and the neighbourhood policing teams operating in your area."

Perhaps there are some other questions to answer as well?

http://www.number10.gov.uk/output/Page15259.asp
mark777 is offline