Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

[popper]

i was reading a news story here, and for some reason it reminds me of another story i read somewere that says it too can potentially do this, and much more, but in hardware

http://community.zdnet.co.uk/blog/0,...331828b,00.htm
Thursday 29 May 2008, 5:25 PM
Online backup insecure, says Heise

Posted by Tom Espiner
"....
An undisclosed Heise employee hacked into some online backup services by intercepting the connection between client and the backup server, bypassing the encryption used. A basic man-in-the-middle attack.

"Attackers can read and even change the data being backed up or restored when it's transmitted over the internet," said the Heise article.

Heise pretended to be the backup server to the client, and the client to the backup server, using fake certificates. For the vulnerable systems, neither client nor server checked the certificates for authenticity, said a source at Heise.
....
"

http://www.heise-online.co.uk/securi...--/news/110771
"....
While all of the tested systems encrypt communication with the backup server using SSL, external attackers can sniff the access code as plain text by acting as a man-in-the-middle (MITM) if the locally installed backup software does not perform sufficiently rigorous checks on the authenticity of the server's certificates.

In the vulnerable systems, we were able to hijack the connection from the client software to the backup servers.

....
Although this MITM attack scenario may not be relevant for every customer, the scope of these security problems can hardly be overstated.

While companies say they store customer data safely, some of the elementary security measures they take are implemented so carelessly and unprofessionally that they can easily be overcome.

Backups are matters of trust, and that does not change when they are made on-line.

Those who are sloppy with security here risk losing the long-term trust of their customers.

The providers we contacted know this, and all of them have promised to close the holes we discovered.
...
"

[tdadyslexia]

Quote:

Originally Posted by icsys

Can't you see the seagulls circling overhead?

Nop it's the Vulchers circling overhead.

[Edit] Click on the Attached Thumbnail for a laugh.

[popper]

http://www.guardian.co.uk/technology...nance.telecoms
Newly asked questions

When will BT start its next ad-serving trial with Phorm?

Charles Arthur
The Guardian,
Thursday June 12 2008

---------- Post added at 06:45 ---------- Previous post was at 05:20 ----------

http://www.whatdotheyknow.com/search/phorm/
Dear Sir or Madam, With regard to the covert trials carried out by BT and 121 Media/Phorm in 2006 and 2007: - What attempts were made by ICO to obtain evidence/documentation from BT - What evidence/documentation was requested by ICO, and d... Awaiting response.
Request sent to Information Commissioner’s Office by I Cooper on 11 June 2008.

[Dephormation]

Can you blinking believe this?

Concerning EU: Telecoms Council Agenda for 12 June 2008...

"On the second question, I intend to take the opportunity to emphasise the importance the UK attaches to independent regulators separated from market participants and the day-to-day pressure of politics."
Baroness Vadera (Parliamentary Under-Secretary, Department for Business, Enterprise & Regulatory Reform; Labour)

The importance the UK attaches to dependent market regulators?

Is this woman taking the Micky?

I've got a letter open in front of me now, currently banging copies off left right and centre, which includes these quotes from a certain regulator (Richard Thomas, please resign btw);

“BT’s view is that as the 2007 trial was small scale and technical in nature and no adverts were served” .

“On this basis, and taking into account the difficulties involved in providing meaningful and clear information to customers… in this case, this is not an issue we intend to pursue further with BT” .

“We've worked with BT and Phorm and we are not going to take any punitive action at this stage" .


PS A thought, if you're in the process of writing to Vivane Reding (EC Commissioner) perhaps it would be worth emphasising how independent the Information Commissioner Richard Thomas ISN'T.

[BetBlowWhistler]

Quote:

Originally Posted by popper

http://www.guardian.co.uk/technology...nance.telecoms
Newly asked questions

When will BT start its next ad-serving trial with Phorm?

from the page

Quote:

The second trial of Phorm's server-side adware system has been much delayed since BT's relationship with Phorm came to light in February;

Surely this will be the third trial in addition to the ones in 2006 & 2007!

I know this subject is complex, but this just smacks of lazy journalism.

[popper]

hmm, thats very interesting read pete, considering its dated Monday, 9 June 2008

it looks like we need to get a really good grasp of what Baroness Vadera's real motivations and goals are.....

she seems very good at saying one thing, and working for something totally different, a perfect Govt person infact.

you remember reading this "You will be reassured to know that none of my opposite numbers in other member states, or indeed the views from the European Parliament, support the Commission's original proposals. "

well the rest of the text from above, also makes it quite clear that infact she does NOT (as yet)have majority backing for this oposition.

"My officials have been working closely with officials from the incoming French presidency in developing their alternative to the Commission's agency proposals on which the French Minister and I will look to galvanise member state support."


this one needs careful parseing.... we are talking the wireless selloff etc, the one were we end users might one day get to use the 3rd Broadband pipe for fixed fee mobile data without the need for a seperate fee tied to a BT/VM phoneline etc.

"I will make it clear that enforced (regulatory) harmonisation runs the risk of spectrum being underused if services do not develop as expected.

For this reason I believe that market-led harmonisation, achieved through a technology and service neutral approach, is more appropriate as it can adapt to changing market conditions and avoid inefficient use of spectrum."

given her position, she must already know about the fact the old GSM/2.5G wireless bananza made them a bundle, AND the massive multinational mobile companys took these wireless freqs/spectrum and Did exactly NOTHING with them...,no "harmonisation",no leaseing to smaller 3rd partys, or companies looking to provide some kind of services to the end users,Nothing..., they just took the spectrum and lets them go totally/virtually unused so as to keep raking it in on what they already had in the UK market place.

enforced (regulatory) harmonisation , with at the very least a "use it,or loose it" was and is clearly needed there.....

and the same may happen again, but this time, theres no fallback as they have sold off the ALL the spectrum with nothing to fall back on later when it all goes pear shaped.

you might wonder what the wireless part of this has to do with target based advertising or DPI ,she clearly knows theres going to be problems later after they have their cash in the banks and the fittings installed, and hence the double talk and good soundbite text.

you already know about the Phorm like mobile story, the location-based tracking and targeting of your mobile in the hypermarket, and now we have the final part of the jigsaw being mentioned here

http://www.dailywireless.org/2008/06/11/7846/
"
Nokia Advertising Alliance

Nokia today announced the launch of the Nokia Advertising Alliance, which is intended to simplify mobile advertising for brand advertisers.

The program brings together couponing, location-based targeting, image recognition, and other emerging technologies, to increase consumer engagement.

Brands can work with Nokia with the latest mobile technologies for campaigns.

Members of the Alliance are integrated with the Nokia Media Network allowing brands to plan, execute and measure mobile advertising campaigns through a single Nokia interface.

Companies that have been initially certified as Members of the Alliance, including i-movo, Mobile Acuity, Mobiqa, and uLocate, with many additional members in testing.
....
"

[Wossi]

Popper, any reason there is an advert for T-Mobile/Blackberry in your post #8657? Or is it just me seeing it?

[SelfProtection]

Is this Feasible?

A small Open Source utility that uses the Wincap Monitor driver, logging the sites that have been re-directed to Phorm nebuad etc.

The log then being sent to (as an encrypted blob) a Server, so that Website Owners can prove that their page(s) have been scanned by an ISP & (how many times) & therefore either prove Copyright infringement or get the due recompense for their intrusion!

Don't want to identify the user so a unique random number generation to identify the program used to upload the data!

[Rchivist]

Google showing Phorm at 975p - it looks like the dry rot in the £10 floor just gave way. Someone just sold £8K at 975p.

[popper]

Quote:

Originally Posted by Wossi

Popper, any reason there is an advert for T-Mobile/Blackberry in your post #8657? Or is it just me seeing it?

perhaps its the doubleclick link i forgot to remove, i just see a tiny x square onscreen #8657 , as i always block all ads, i pay for my BB and i dont want ad's or any other junk taking away my precious payed for bandwidth, sorry about that, times run out and i cant edit it out now....

(left click and highlight the post No on the blue right, rightclick and "copy" the text, and paste it in to the reply gets you that linked post above btw )

[Wossi]

Quote:

Originally Posted by popper

perhaps its the doubleclick link i forgot to remove, i just see a tiny x square onscreen #8657 , as i always block all ads, i pay for my BB and i dont want ad's or any other junk taking away my precious payed for bandwidth, sorry about that, times run out and i cant edit it out now....

(left click and highlight the post No, rightclick and "copy" the text, and paste it in to the reply gets you that linked post above btw )

Ah, no worries, just wondered that's all.

[Dephormation]

Quote:

Originally Posted by SelfProtection

Is this Feasible?

A small Open Source utility that uses the Wincap Monitor driver, logging the sites that have been re-directed to Phorm nebuad etc.

The log then being sent to (as an encrypted blob) a Server, so that Website Owners can prove that their page(s) have been scanned by an ISP & (how many times) & therefore either prove Copyright infringement or get the due recompense for their intrusion!

Don't want to identify the user so a unique random number generation to identify the program used to upload the data!

I'm working on something similar.

It captures leaked UIDs as primary evidence of copyright infringement. If the UID really is as anonymous as Phorm claim, and ICO accept their assurance, then there is no requirement to remove it from logs. (Which is not to say I agree with either Phorm or ICO, to my mind claiming a user identifier UID is not PII is absolutely and obviously utter bunk).

Pete.

---------- Post added at 10:29 ---------- Previous post was at 10:18 ----------

PS. Should add, concealing copyright infrigement (eg, stripping evidence of copying like UIDs) is an aggravating factor in considering damages IIRC

---------- Post added at 10:40 ---------- Previous post was at 10:29 ----------

Noted on London Stock Ex site, BT seem to be systematically buying voting shares at present, in advance of AGM. Around 2,500,000 a day if I'm reading right. (I know nothing about share trading btw, this might just be noise).

[popper]

Quote:

Originally Posted by SelfProtection

Is this Feasible?

A small Open Source utility that uses the Wincap Monitor driver, logging the sites that have been re-directed to Phorm nebuad etc.

The log then being sent to (as an encrypted blob) a Server, so that Website Owners can prove that their page(s) have been scanned by an ISP & (how many times) & therefore either prove Copyright infringement or get the due recompense for their intrusion!

Don't want to identify the user so a unique random number generation to identify the program used to upload the data!

sure, thats what wireshark uses on the windows port i think, then a simple "Rebol" script to parse the log for what you want, encrypt it as you please or just use the inbuilt binary encode,for fun Encrypt data in image and send it in whatever protocol you want to use,tcp,udp,muticast etc should be doable by any good scripting writer (not me )

theres plenty of client/server Rebol scripts around if you look, just load them into your OS of choice on any machine, or even have your local script get the latest update placed on some url somewere , good for collective working etc
http://www.rebol.net/

[Florence]

What a lot are missing with this type of technology is the corrupt nature of many who can see the large $$$$ signs. Once this is placed into BT's network with the only ones controlling it being Phorm, a company that for years has made loss after loss that seems on paper unable to sustain a good business plan. If they noticed something that could net them more money the greed factor kicks in and only phorm will/wouild know the changes to the program and the alteration of the gathered infromation. Many companies could lose future investment plans, BT could lose out unless they decide to move all their invester pages over to https since they are trying to move shareholders over to internet instead of via post. Even government documents could become targets if the MP is using BT total broadband and working from home to make things worse this could in turn put the whole UK at risk not protect the BT customers.

As a police officer said to me you have to learn to think like the criminal to catch the best criminals, not that I am saying Kent is a criminal but to catch the best in placing rootkits etc you have to start to think like them.
Kents rootkits were the best in the spyware/malware/adware out now he is out to cream the best the top ISPs customers under the guise of targeted adverts.... Patent tells more than Kent ever would if only the government had eyes and a mind to read...

[Dephormation]

Quote:

Originally Posted by Florence

What a lot are missing with this type of technology is the corrupt nature of many who can see the large $$$$ signs. ... if only the government had eyes and a mind to read...

I agree completely. I used to wake up thinking this was some kind of mad nightmare. Unregulated mass communication interception by a private company couldn't possibly be tolerated by a democratic Government.

That's why its so important to keep fighting until Phorm is ash.