Quote:
Originally Posted by SelfProtection
So if BT actually test Phorm again & they still use these Web links, could any Web Server redirect the client & either log them out of BT Webwise or actually log then in when they are logged out!
|
Not now Phorm have changed it to check referrer - unless someone finds a browser/ add-on flaw that allows them to spoof the browser's referrer - it used to be possible to spoof referrer using Flash, but that was fixed in recent versions.
Having read R.Clayton's analysis, I've an idea or two about other potential issues, but we won't know unless or until Phorm goes live so I'm in no hurry to find out if I'm right. And given all the delays, they've had plently of time to review their code and fix any other oversights.