Cable Forum - View Single Post - Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

Dephormation · 19-06-2008, 23:00

Apols for the cross posting, but this is important, I think...

Please can someone else confirm this analysis.

I've been accessing www.webwise.com from the PSInet server 38.105.138.154 (using a modified hosts file) and comparing the results with the Gyron server 89.145.112.32 (using standard DNS).

The results are really interesting.

I think someone is taking the PIIs (personally identifiable information)..

Here's why.

If I connect direct to the Gyron server (89.145.112.32), and capture the traffic I see this (note the date and last modified fields);

GET htt p://www.webwise.com/style.css HTTP/1.1
<snip irrelevant headers>

HTTP/1.1 200 OK
Date: Thu, 29 Nov 2007 06:25:21 GMT << EXACT SAME DATE AS BELOW
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 29 Nov 2007 06:25:21 GMT << EXACT SAME DATE AS ABOVE
<snip irrelevant headers>

Now if I request the same document from the PSInet server (38.105.138.154) I get this;

GET htt p://www.webwise.com/style.css HTTP/1.1
<snip irrelevant headers>

HTTP/1.1 200 OK
Date: Thu, 19 Jun 2008 21:03:02 GMT << CURRENT DATE, DIFFERENT TO DATE BELOW
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Sun, 27 Apr 2008 21:33:39 GMT << HISTORIC DATE, DIFFERENT TO DATE ABOVE
<snip irrelevant headers>

The date header is used to indicate the server's current system time. The last-modified header should indicate when the file was last changed (to facilitate browser caching etc).

What I suspect is going on here is this. First the date header indicates the server at Gyron is set to a date in November 2007. If so, that's just an amateurish schoolboy type error.

But second, I believe the machine at Gyron may be acting at as proxy for the server in PSInet... Why? Because the last modified date exactly matches the server date when the file is requested from Gyron. In other words, I suspect it is a proxy server that knows nothing about the creation date of the original file. It is simply reporting the server local date/time for current date AND last modified date.

This is most important, because if my analysis is correct, it would obviously be deceptive to claim that data was being handled in the UK (because it was being proxied to the USA).

So please, can anyone confirm the analysis?

Or BT if you're reading this, please explain?

19-06-2008, 23:00	#9505
Dephormation Inactive Join Date: Apr 2008 Location: Bristol Services: Aquiss.net and loving it. No more Virgin Media, no more Virgin Phone, no more Virgin Mobile. Posts: 629	Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797] Apols for the cross posting, but this is important, I think... Please can someone else confirm this analysis. I've been accessing www.webwise.com from the PSInet server 38.105.138.154 (using a modified hosts file) and comparing the results with the Gyron server 89.145.112.32 (using standard DNS). The results are really interesting. I think someone is taking the PIIs (personally identifiable information).. Here's why. If I connect direct to the Gyron server (89.145.112.32), and capture the traffic I see this (note the date and last modified fields); GET htt p://www.webwise.com/style.css HTTP/1.1 <snip irrelevant headers> HTTP/1.1 200 OK Date: Thu, 29 Nov 2007 06:25:21 GMT << EXACT SAME DATE AS BELOW Server: Apache/2.2.3 (Red Hat) Last-Modified: Thu, 29 Nov 2007 06:25:21 GMT << EXACT SAME DATE AS ABOVE <snip irrelevant headers> Now if I request the same document from the PSInet server (38.105.138.154) I get this; GET htt p://www.webwise.com/style.css HTTP/1.1 <snip irrelevant headers> HTTP/1.1 200 OK Date: Thu, 19 Jun 2008 21:03:02 GMT << CURRENT DATE, DIFFERENT TO DATE BELOW Server: Apache/2.2.3 (Red Hat) Last-Modified: Sun, 27 Apr 2008 21:33:39 GMT << HISTORIC DATE, DIFFERENT TO DATE ABOVE <snip irrelevant headers> The date header is used to indicate the server's current system time. The last-modified header should indicate when the file was last changed (to facilitate browser caching etc). What I suspect is going on here is this. First the date header indicates the server at Gyron is set to a date in November 2007. If so, that's just an amateurish schoolboy type error. But second, I believe the machine at Gyron may be acting at as proxy for the server in PSInet... Why? Because the last modified date exactly matches the server date when the file is requested from Gyron. In other words, I suspect it is a proxy server that knows nothing about the creation date of the original file. It is simply reporting the server local date/time for current date AND last modified date. This is most important, because if my analysis is correct, it would obviously be deceptive to claim that data was being handled in the UK (because it was being proxied to the USA). So please, can anyone confirm the analysis? Or BT if you're reading this, please explain?