Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 04-06-2008, 10:08   #7954
Rchivist
Inactive
 
Join Date: Apr 2008
Posts: 831
Rchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of QuadsRchivist has a fine set of Quads
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by SelfProtection View Post
"Talking about the Attack of the Clones" & or "Smoke & Mirrors"; we seem to have "a Gorilla Walking slowly across the stage in front of the Audience"

Name: phorm.com
Addresses: 89.145.112.31, 89.145.112.32
Aliases: www.phorm.com

Name: www.oix.com
Addresses: 89.145.112.31, 89.145.112.32

Name: www.webwise.bt.com
Addresses: 89.145.112.32, 89.145.112.31

Name: webwise.bt.com
Addresses: 89.145.112.32, 89.145.112.31

Name: webwise.com
Addresses: 89.145.112.31, 89.145.112.32

Name: webwise.net
Addresses: 89.145.112.31, 89.145.112.32
Name: www.oix.net
Addresses: 89.145.112.31, 89.145.112.32
I believe this is is a practive frowned on; cloning IP addresses on the WWW can lead to unwanted side affects!
"But the real kicker is which one of these Companies if not all have access to any details entered on the www.webwise.bt.com contact pages?" THAT IS WHICH ROUTER FOR THAT URL DO THE DETAILS CONNECT TO?

---------- Post added at 09:35 ---------- Previous post was at 09:32 ----------
you don't need to think about routers - you can just read BT's admission that the company which HAS had access to the information entered on BT Webwise contact.php forms was Phorm.

Email(s) received by me (and also Miles Golding over on BT Beta forums) in response to enquiries on that contact.php stated as follows: (see also my earlier posts with evidence of References header contents and FW in Subject line)

Dear Mr. Jones,

Phorm currently operates the Webwise information site (www.bt.com/webwise <https://mail.bt.com/exchweb/bin/redir.asp?URL=https://mail.bt.com/exchweb/bin/redir.asp?URL=http://www.bt.com/webwise> ) on BT's behalf as a trusted partner and with BT's explicit consent (this approach is not uncommon). We are confident that this does not pose any security risk.

In order to host the site on our behalf, Phorm have also been hosting a contact form. This required Phorm's systems to forward customer contact requests to BT for processing. It is not a requirement for us to obtain customer consent for this hosting and processing arrangement, but I can assure you that we comply with the relevant law. As of last week and as part of ongoing developments, we have amended the site so that it uses standard BT contact forms in place of the form hosted by Phorm.

Regards,
BT Webwise Helpdesk

and

Dear Mr. Jones,

This email should be covered in the last email to this email address.

Regards,
BT Webwise Helpdesk

________________________________

From: ***, **** on behalf of *****-webwise@yahoo.co.uk
Sent: Thu 29/05/2008 07:27
To: BT Webwise Help Desk G
Subject: RE: BT.webwise.com Contact Request



Thank you for your reply.

Why does your reply contain the header
References: <**********.*************@ww3.phorm.com> ?

I thought I was talking to BT when I filled in this form. Has any of my
personally identifiable data gone to Phorm?

Are YOU Phorm?


and

Dear Mr. *****,

Phorm currently operates the Webwise information site (www.bt.com/webwise <https://mail.bt.com/exchweb/bin/redir.asp?URL=http://www.bt.com/webwise> ) on BT's behalf as a trusted partner and with BT's explicit consent (this approach is not uncommon). We are confident that this does not pose any security risk.

In order to host the site on our behalf, Phorm have also been hosting a contact form. This required Phorm's systems to forward customer contact requests to BT for processing. It is not a requirement for us to obtain customer consent for this hosting and processing arrangement, but I can assure you that we comply with the relevant law. As of last week and as part of ongoing developments, we have amended the site so that it uses standard BT contact forms in place of the form hosted by Phorm.

The bt.com site includes functionality which enables it to remember users for the duration of their session (i.e. from when they sign in to when they close their web-browser), in order to provide a smoother customer experience and prevent the need to repeatedly log-in or re-state preferences. This is done by using a secure single-sign-on solution which employs cookies. The design of that system prevents unauthorised access to a user's logged-in session.

Regards,
BT Webwise Helpdesk

Now add that lot to what Dephormation logs show, and to what BT WERE doing with Phorm via this site (but say they aren't doing any more) - and there is IMHO a case to take to the ICO for the Commissioner to suck on. Sould I send him a teething ring along with the letter - surely his teeth will grow through eventually?
Rchivist is offline