Quote:
Originally Posted by HamsterWheel
I see the thread is now more concerned with dog appreciation (cue jokes about Phorm) but to drag it back on topic.
http://news.bbc.co.uk/1/hi/technology/7494988.stm
So all of you who said that people's browsers sorted out phishing attacks will have to think again. Half of them are way out of date and prone to all sorts of hacking and phishing attempts. Webwise will save the day ! |
Since you raise the subject of out of date and insecure software (something against which phorm won't provide any protection), have you read this article on Phorm's 2007 test?
http://www.spikelab.org/blog/btProxyHorror.html
Quote:
|
Via: 1.0 PSBTTEST:3131 (squid/2.6.STABLE6.2.7-6)
|
Quote:
The other thing I learnt is all versions of squid prior to 2.6.12 suffer from a couple serious security vulnerabilities...
But so long nothing new, big telcos running bugged software is unfortunately quite a common practice.
But I was just scratching the surface. Another look at the dump revealed several referrals to dns.sysip.net (212.187.177.142), an ip owned by Level3:
|
And I'll also remind you Phorm's opt-in /opt-out originally came with a glaringly obvious CSRF vulnerability meaning anyone could set your opt-in /opt-out cookie by posting an image in a forum
Oh, and regarding Phorm's "phishing protection", I understand you only get if you opt-in, and you can opt-out by blocking webwise.net cookies, in which case your IP address will be blacklisted for 30 minutes... So what happens if your kids have a PC and have blocked Phorm's cookies on their computer, or you connect to your phorming ISP and are allocated an IP address that is still blacklisted having only just been released by a user who blocks webwise.net cookies, or as others have mentioned the phishers use an https address - would I be right that in all cases you'd not be protected, but would believe you are.