Quote:
Originally Posted by Dephormation
BT CUSTOMERS BEWARE
Do not log into the BT site, then visit any Phorm/third party operated web site with a *.bt.com subdomain;
eg
webwise.bt.com
www.webwise.bt.com
BT.com seem to be using a Siteminder security system that sets one or more cookies in the bt.com domain (potentially including your email address, and a security credential which authenticates you to BT.com).
A third party able to impersonate your IP address may be able to access your account details using a copy of the same security credential (SMSESSION cookie) revealed by your browser. Cookies affected; SMSESSION = (Netegrity site minder encrypted cookie) A Phorm/third party web site may have access to your email address (even if you do not enter that email address into any contact forms). Cookies affected; btcom.userName = (email address)
btcom.dateVisited = (date of visit) If my analysis is correct (I'd appreciate independent confirmation by a BT subscriber with Netegrity Siteminder knowledge, or sufficient tech insight to confirm the presence and configuration of the cookies manually) this is a very serious privacy and security flaw.
|
I've referenced this post over on BT Beta forums.
My new tag when communicating with BT/Phorm
"We're watching you, watching us"