Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 02-07-2008, 14:53   #10832
jca111
Inactive
 
Join Date: Apr 2008
Posts: 58
jca111 is an unknown quantity at this point
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by rryles View Post
They say they only intercept port 80 so no DNS. Intercepting DNS queries would solve some of the issues but far from all. To come up with a half decent system they would have to intercept ALL traffic. Consider this:

https://258.23.239.2:22/

(IP address intentionally broken so it doesn't go anywhere)

The bottom line is this is a bad way to implement phishing protection.
Your example proves a very valid point. Phorm would have to look at all ports and look at the protocol being used (http) and then decide if its a phishing attack. Othewise, as your example shows, it would be so easy to circumvent the phorm anti-phishing "service", even for http attacks, let alone https.
jca111 is offline