Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

[SelfProtection]

This vulnerability apparently also affects Firefox 2 so watch for anything unusual.

http://neowin.net/news/main/08/06/19...-in-firefox-30

[vicz]

Quote:

Originally Posted by zwade

Is this the kind of thing you were looking for?

Sweet! (only one face though?)

[Florence]

Quote:

Originally Posted by funchords

Thanks!!

--Robb Topolski (aka funchords)
Hillsboro, Oregon USA

Robb and we need to thank you for such a good report on both but Phorm the most since this is the present battle.

[vicz]

Quote:

Originally Posted by funchords

These do appear to be twins separated at birth. The Wikileaked Phorm results revealed that Phorm used appended javascript there as well. That was a surprise, as I had understood differently.

One of the reasons that I focused my report on the packet injection and forgery is because Phorm not only did it also, but when they switch to redirects they are going to have to perform an even more complicated series of interception and forgeries.

Packet forgery is the "smoking gun" in the Comcast case, our huge "Network Neutrality" controversy in the USA. Evesdropping and packet forgery strikes at the heart of the sanctitity of private communications and the end-to-end model that makes privacy and security work on the Internet.

If these two companies are linked somehow, what one does, the other will eventually do. If Phorm is going from spoofing the end of a HTTP/TCP conversation to the middle of one, eventually so will NebuAd. It will be seen as an even more severe intrusion onto the integrity of the network link, and hopefully stop it before its tried.

There has to be a link? The technology seems to have forked from a common approach. The Gator and 121 architectures are so similar. The spin is the same. The victims are the same....

[roadrunner69]

Robb. Excellent report. Good to see you here.

[Dephormation]

[popper]

Quote:

Originally Posted by NTLVictim

Any answer to "fairy tight" would get me banned..

However, I have discovered THIS on my travels, can the honourable members on here please tell me what is good/bad/useful about it?

Many thanks.

Oh, and we have many lurkers, please keep your answers as close to English as you can, the easier the description, the further the spread.

its pritty useful infact, in effect a hosts file is very much like a phonebook, you want to talk to a website/person you look them up in the Hosts file/phonebook by name.

now your local hosts file, just like your phone book is the very first thing you check, and if you cant find the name there,or dont have one, you use your ISP given DNS server/ring Directory Enquirys.

now instead of always using the ISPs DNS or the DE to find the right No, you make your own local Hosts file/DE that will always be the very first thing your browser uses to lookup and find the No.

for the bad sites, whatever that might be, you dont use the real No. in there, you replace it with a local Ip adress false No instead.

so any time www.badWebsite.com is referenced by any webpage, instead of going to the real webside IP address, it now gets sent to the local IP 127.0.0.1 ,and so cant access any of the content on that bad sites pages ,you are not connecting to it, so it cant send you anything.

as an example of forcing a URL look up to direct to somewere else.

if for instance you have a hosts file with this in it

87.106.129.133 www.cableforum.co.uk

that would work and send your browser to CF, as its the right current IP No.

However if you instead had this IP No. in your hosts file.

91.186.24.166 www.cableforum.co.uk

no matter how many times you tryed it, you would not get to CF but rather www.CableHell.co.uk instead.

the names are the same But the browser now thinks 91.186.24.166 IS CableForum not CH.

just as
127.0.0.1 www.cableforum.co.uk

wouldnt go past the local machine, never mind make it on to your LAN or the wider WAN/ISP

direct IP No.s always override the website name as found in any DNS list, be it the Hosts file or an ISP/3rd party DNS server.

---------- Post added at 18:20 ---------- Previous post was at 18:16 ----------

just a small point Pete, its a capital A in NebuAd

Quote:

Originally Posted by roadrunner69

Last night was a great release and brought quite a few previously quiet members to the debate, well worthwhile i'd say.

I couldn't help thinking last night, Florence will be kicking herself in the morning for missing this

Florence kicking herself? It's not just Florence LOL, I've nearly broken my left shin having just logged in after 2 days away!

Can I just post an "I agree" type of post? I agree with all but one of the POV posted here recently. I could not credit that anyone can say they have read the whole thread (let alone the whole forum as pointed out was actually claimed).

Now I am, really, no bully. It does not take a bully to express a completely opposing view to what was posted by the antihanff member. I think we would do well to encourage the posting of views that oppose the vast majority of us. It generates debate, and more to the point, debate we will win time and time again, not because of bullying and not because of unacceptable language, but because the facts, when presented well just speak for themselves...

Hank

[Dephormation]

Quote:

Originally Posted by popper

just a small point Pete, its a capital A in NebuAd

Try a page refresh, and look back a few posts. I've tried to make it a bid more catchy too...

[popper]

LOL,

NebuAd and Phorm , its just not cricket.

[BadPhormula]

Quote:

Originally Posted by serial

Rather than have to find the evil doers, its so much easier if they can "buy" a targetted "campaign" with Phorm. They pick the keywords to be analysed, set up a few channels, then anyone with a profile that causes concern they get a warrant and pull their complete history from the ISP.

That is the kind of function creep we will read about in times ahead of us if these evil scums manage to get their feet under the table.

I'm sure others here have considered that Phormscum and NebuBad will be on their bestest behaviour at the moment. The early stages require them to try and slip in under the radar as quietly as possible. They are looking not to raise too much awareness about their infiltration and hopefully not setoff any tripwires (failed already). The aim of the exercise is to creep into the networks with a minimum of fuss and to wave potentially huge wads of cash at their creedy nieve host ISPs bases. They buy off the outer defense perimeter with gifts and promises of great benefits (i.e. buy off the likes of Simon Davies with paid work that will tie his hands, buy off gullible politicians and critical journalist with PR psychology and hospitality sweetners). They do under the table deals with authority, government officials and regulators.

Eventually when Kent Ertugrul has done his best PR psychology lying work and splashed a bit of cash around the hope is that the insidious spying network has got a green light to be installed across the board and all the paperwork has been rubber stamped (we can see that the HomeOffice and Police have already tacitly colluded with BT/Phormscum in allowing this). The next stage is to catch as many victims in the spy-net as possible and this will be achieved through public apathy, public misunderstanding, campaigns of deception in collusion with national media outlets doing their hardest to look the other way, and a process of osmosis.

Eventually once the hard struggle of slowly strangling the opposition has been effective they (Phormscum/NebuBad types) can move up a gear and start altering the system in unopposed way 'we' fear would eventually happen. This is when the dark forces in government will start to look for a bit of payback for helping these filths to get their shiity system through the door in the first place.

If you need an example of how these kind of things are done just go back 15 years and imagine what kind of things were thought up with regards surveillance everywhere. Now we have it 'ALL' ... CCTV, License plate recognition cameras, DNA databases, ID databases (early days) and all the laws and paperwork to harmonise the complete system. So if you don't understand or don't believe in mission creep you only have to look at the evidence of what has been happening regarding this technology abuse over the years. Now add Phorm spying via ISPs, the system is ripe for this kind of abuse to go ahead relatively unchallenged.


Start learning about PGP, Secure Private Networks, SSL/TLS and start telling your friends and family about it too.





Note: Regarding creeping into the networks and what this actually looks like from a analogy point of view - David Attenborough did a fantastic natural history series about "The Private Life of Plants" in one of the episodes Attenborough covered the parasites of the plant world. The Borneo Stranger Fig (a member of the vine family) is a brilliant example of Phormscum on British networks. The Stranger Fig sends out tiny tendrils to search out its victims. Once a victim is found (a healthy tree) the tendril shoots up the tree and thickens out, eventually the Stranger Fig totally embraces the tree with its vine and strangles the tree to death, by this time the Fig is so massive and has put down so many of its own roots that when the dead tree within collapses the Stranger Fig has the structure to stand alone without support. And the life cycle process continues as the Stanger Fig network of vines strangles all the victims in the forest.

http://en.wikipedia.org/wiki/Strangler_fig [ wiki LINK ]

images of the Phorm parasite Stranger Fig network [ Google image LINKS ]

[Phormic Acid]

Quote:

Originally Posted by pseudonym

Quote:

I've been following the reports about Nebuad, there were reports early on about user's acquiring cookies when visiting google so it was clear early on that it wasn't entirely passive.

I read things like,

Charter Will Monitor Customers’ Web Surfing to Target Ads

Mr. Dykes said that the company also examines other information about users’ computers in order to identify when an I.P. address is changed. But he declined to explain what that information is and how it is used.

And, I thought the best explanation was that an ISP’s DHCP servers would pass on changes of IP address, the other information being the MAC of the modem or similar. If the whole process is bootstrapped using a tracking cookie, then, fundamentally, it’s a cookie tracking system. NebuAd and Mr Dykes are far more opaque than Phorm. I agree that NebuAd are Phorm’s evil twin. Phorm may be wrong, but at least they’re trying. Richard Clayton found them very trying.

Quote:

Originally Posted by pseudonym

Unlike PageSense, as Nebuad are less sensitive than Phorm about looking at IP addresses, it would only need to occasionally inject script tags into some requests for pages from certain sites, so that it could link the user's current IP address (and the profile built since the last injection) to their unique ID from their faireagle cookie and possibly also to transfer the profile ID to its partner ad-network's cookies.

Phorm managed to get a test of PageSense up and running without injecting cookies, by seeding the cookies through an advert delivery system. If, once NebuAd have tied an IP address to a particular cookie, the system is passive, I have to wonder at the need to inject packets at all. Could they not seed cookies through their advert delivery system, as Phorm did? NebuAd’s system will notice any IP address change as soon as one of their adverts is requested.

Alexander - on this page: https://nodpi.org/2008/06/18/material-change/

I'm not seeing any content after the banner at the top (I have tried reloading/refreshing - no joy)

Hank

[serial]

Quote:

Originally Posted by BadPhormula

Start learning about PGP, Secure Private Networks, SSL/TLS and start telling your friends and family about it too.

With the new law just passed in Sweden, the Swedish authorities have said that anything encrypted will be treated as suspicious. They have one of the top 500 super computers in the world ready for key breaking. Computer power and storage is so immense now that current encryption is nothing for those governments with the money and interest to break it.

And if you send something today they can't decrypt, then most likely they will store it until they can.

[Wildie]

Not sure if this been posted as the thread moving quickly again and i cannot keep up.
http://www.fudzilla.com/index.php?op...=7996&Itemid=1