25-05-2008, 11:47
|
#7156
|
|
Inactive
Join Date: Apr 2008
Posts: 133
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
|
|
|
|
25-05-2008, 12:16
|
#7157
|
|
Inactive
Join Date: Apr 2008
Services: Virgin - BB,TV,Phone
Sky box - with no sub
Freeview - idtv
Posts: 270
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
|
Originally Posted by Florence
Might also be worth checking these again think Phorm are manipulating NS to hide locations.
|
Quote:
Originally Posted by serial
|
So they are now resolving to the US again:
(Asked whois.arin.net:43 about +207.44.186.90)
OrgName: ThePlanet.com Internet Services Inc.
OrgID: TPCM
Address: 315 Capitol
Address: Suite 205
City: Houston
StateProv: TX
PostalCode: 77002
Country: US
ReferralServer: rwhois: //rwhois.theplanet.com: 4321
NetRange: 207.44.128.0 - 207.44.255.255
CIDR: 207.44.128.0/17
OriginAS: AS13749 AS13884 AS21844 AS30315
OriginAS: AS36420
NetName: NETBLK-THEPLANET-BLK-EV1-9
NetHandle: NET-207-44-128-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.EV1SERVERS.NET
NameServer: NS2.EV1SERVERS.NET
|
|
|
|
|
25-05-2008, 12:57
|
#7158
|
|
Inactive
Join Date: Jun 2003
Services: The wonders of Sky TV BT line and Aquiss.net ADSL cable dies on 5th RIP VM.
Posts: 4,004
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by icsys
So they are now resolving to the US again:
(Asked whois.arin.net:43 about +207.44.186.90)
OrgName: ThePlanet.com Internet Services Inc.
OrgID: TPCM
Address: 315 Capitol
Address: Suite 205
City: Houston
StateProv: TX
PostalCode: 77002
Country: US
ReferralServer: rwhois: //rwhois.theplanet.com: 4321
NetRange: 207.44.128.0 - 207.44.255.255
CIDR: 207.44.128.0/17
OriginAS: AS13749 AS13884 AS21844 AS30315
OriginAS: AS36420
NetName: NETBLK-THEPLANET-BLK-EV1-9
NetHandle: NET-207-44-128-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.EV1SERVERS.NET
NameServer: NS2.EV1SERVERS.NET
|
Just shows you that you cannot trust this man or company an inch.. if they do place servers insice the ISP the informatin willwing its way to america then to the highest bidder.. adverts bah that is the smoke screen that the daft ISPs hace fallen for hook line and sinker sad to say thye seem to have sat on their brains and killed them..
|
|
|
|
|
25-05-2008, 16:30
|
#7159
|
|
Inactive
Join Date: Apr 2008
Posts: 114
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by serial
|
What are you using to get the IP addresses? My DNS lookup says (for example) that www.webwise.com is still on Gyron in London E14 at 89.145.112.31 and 89.145.112.32.
I am using the tools at:
http://cgibin.erols.com/ziring/cgi-bin/nsgate/gate.pl
|
|
|
|
|
25-05-2008, 16:46
|
#7160
|
|
Permanently Banned
Join Date: Mar 2008
Posts: 1,028
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by Portly_Giraffe
|
This is what I get:
Quote:
$ dig www.webwise.bt.com
; <<>> DiG 9.4.1-P1 <<>> www.webwise.bt.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29860
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;www.webwise.bt.com. IN A
;; ANSWER SECTION:
www.webwise.bt.com. 600 IN A 207.44.186.90
;; AUTHORITY SECTION:
webwise.bt.com. 600 IN NS DYDNS0.bt.com.
webwise.bt.com. 600 IN NS DYDNS1.bt.com.
webwise.bt.com. 600 IN NS EDDNS0.bt.com.
webwise.bt.com. 600 IN NS EDDNS1.bt.com.
;; ADDITIONAL SECTION:
DYDNS0.bt.com. 133199 IN A 193.113.32.156
DYDNS1.bt.com. 53 IN A 193.113.32.157
EDDNS0.bt.com. 53 IN A 193.113.57.242
EDDNS1.bt.com. 53 IN A 193.113.57.243
;; Query time: 37 msec
;; SERVER: REMOVED
;; WHEN: Sun May 25 16:35:19 2008
;; MSG SIZE rcvd: 218
|
Quote:
$ dig openinternetalliance.net
; <<>> DiG 9.4.1-P1 <<>> openinternetalliance.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61265
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;openinternetalliance.net. IN A
;; ANSWER SECTION:
openinternetalliance.net. 86400 IN A 89.145.112.31
openinternetalliance.net. 86400 IN A 89.145.112.32
;; AUTHORITY SECTION:
openinternetalliance.net. 86400 IN NS ns1.openinternetalliance.net.
openinternetalliance.net. 86400 IN NS ns2.openinternetalliance.net.
;; ADDITIONAL SECTION:
ns1.openinternetalliance.net. 86400 IN A 38.105.138.53
ns2.openinternetalliance.net. 86400 IN A 38.105.138.54
;; Query time: 140 msec
;; SERVER: REMOVED
;; WHEN: Sun May 25 16:38:43 2008
;; MSG SIZE rcvd: 166
|
Quote:
$ dig www.121media.com
; <<>> DiG 9.4.1-P1 <<>> www.121media.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63399
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.121media.com. IN A
;; ANSWER SECTION:
www.121media.com. 900 IN CNAME phorm.com.
phorm.com. 98 IN A 89.145.112.31
phorm.com. 98 IN A 89.145.112.32
;; AUTHORITY SECTION:
phorm.com. 172598 IN NS ns1.phorm.com.
phorm.com. 172598 IN NS ns2.phorm.com.
;; ADDITIONAL SECTION:
ns1.phorm.com. 172598 IN A 38.105.138.53
ns2.phorm.com. 172598 IN A 38.105.138.54
;; Query time: 127 msec
;; SERVER: REMOVED
;; WHEN: Sun May 25 16:39:50 2008
;; MSG SIZE rcvd: 170
|
Quote:
$ dig www.phorm.com
; <<>> DiG 9.4.1-P1 <<>> www.phorm.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5394
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.phorm.com. IN A
;; ANSWER SECTION:
www.phorm.com. 900 IN CNAME phorm.com.
phorm.com. 300 IN A 89.145.112.31
phorm.com. 300 IN A 89.145.112.32
;; AUTHORITY SECTION:
phorm.com. 172800 IN NS ns1.phorm.com.
phorm.com. 172800 IN NS ns2.phorm.com.
;; ADDITIONAL SECTION:
ns1.phorm.com. 172800 IN A 38.105.138.53
ns2.phorm.com. 172800 IN A 38.105.138.54
;; Query time: 489 msec
;; SERVER: REMOVED
;; WHEN: Sun May 25 16:36:27 2008
;; MSG SIZE rcvd: 158
|
Quote:
$ dig www.webwise.com
; <<>> DiG 9.4.1-P1 <<>> www.webwise.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8547
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;www.webwise.com. IN A
;; ANSWER SECTION:
www.webwise.com. 900 IN A 89.145.112.31
www.webwise.com. 900 IN A 89.145.112.32
;; AUTHORITY SECTION:
webwise.com. 900 IN NS ns1.webwise.com.
webwise.com. 900 IN NS ns2.webwise.com.
;; ADDITIONAL SECTION:
ns1.webwise.com. 900 IN A 38.105.138.53
ns2.webwise.com. 900 IN A 38.105.138.54
;; Query time: 141 msec
;; SERVER: REMOVED
;; WHEN: Sun May 25 16:41:21 2008
;; MSG SIZE rcvd: 148
|
And if I check all 3 IPs I get the following:
Quote:
$ whois 207.44.186.90
OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 315 Capitol
Address: Suite 205
City: Houston
StateProv: TX
PostalCode: 77002
Country: US
ReferralServer: rwhois://rwhois.theplanet.com:4321
NetRange: 207.44.128.0 - 207.44.255.255
CIDR: 207.44.128.0/17
OriginAS: AS13749, AS13884, AS21844, AS30315
OriginAS: AS36420
NetName: NETBLK-THEPLANET-BLK-EV1-9
NetHandle: NET-207-44-128-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.EV1SERVERS.NET
NameServer: NS2.EV1SERVERS.NET
Comment:
RegDate:
Updated: 2008-02-28
OrgAbuseHandle: ABUSE271-ARIN
OrgAbuseName: The Planet Abuse
OrgAbusePhone: +1-281-714-3560
OrgAbuseEmail: abuse@theplanet.com
OrgNOCHandle: THEPL-ARIN
OrgNOCName: The Planet NOC
OrgNOCPhone: +1-281-714-3555
OrgNOCEmail: noc@theplanet.com
OrgTechHandle: TECHN33-ARIN
OrgTechName: Technical Support
OrgTechPhone: +1-214-782-7800
OrgTechEmail: admins@theplanet.com
# ARIN WHOIS database, last updated 2008-05-24 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Found a referral to rwhois.theplanet.com:4321.
%rwhois V-1.5:003eff:00 whois.theplanet.com (by Network Solutions, Inc. V-1.5.9.5)
%referral rwhois://root.rwhois.net:4321/auth-area=.
%ok
|
Quote:
$ whois 89.145.112.31
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '89.145.112.0 - 89.145.113.255'
inetnum: 89.145.112.0 - 89.145.113.255
netname: G-CUS-PH02
descr: Phorm IPv4 Assignment
country: GB
admin-c: GAT1-RIPE
tech-c: GAT1-RIPE
status: ASSIGNED PA
mnt-by: GYRON-MNT
mnt-lower: GYRON-MNT
mnt-routes: GYRON-MNT
source: RIPE # Filtered
role: Gyron Admin Team
address: Gyron Internet Ltd
address: 6 Greenwich View Place
address: Millharbour
address: LONDON
address: E14 9NN
phone: +44 (0) 207 043 1443
fax-no: +44 (0) 207 043 1444
abuse-mailbox: abuse@gyron.net
admin-c: RB30-RIPE
tech-c: RB30-RIPE
tech-c: OB924-RIPE
tech-c: BPM1-RIPE
nic-hdl: GAT1-RIPE
remarks: Please use this contact in preference to any others
remarks: that may be listed in the RIPE database
source: RIPE # Filtered
% Information related to '89.145.64.0/18AS29017'
route: 89.145.64.0/18
descr: GYRON-AGG Gyron Internet Ltd AS29017
origin: AS29017
mnt-by: GYRON-MNT
source: RIPE # Filtered
NOTE: the .32 IP is the same
|
So it seems the www.webwise.bt.com is in fact in the US and all the rest are controlled by Phorm in the UK (registered to Phorm in the UK).
Of course this means the www.webwise.bt.com is subject to US Law and can have all the logs subpoenaed. It would be advisable not enter any information onto that website. It also seems it should be classed as illegal under Data Protection Act which disallows the exporting of personal data outside the EU.
Anyone brought this to the attention of ICO yet? I notice there is at least 1 form on there which requires you to enter sensitive personal data:
http://www.webwise.bt.com/webwise/contact.php
So this would indeed appear to be in direct breach of the DPA. In theory if ThePlanet have any DPI kit in their data centre (which I believe although I could be wrong, is required under US anti terrorist initiatives) they could in essence get all the details you enter on that form. I know there is a degree of logging in the US similar to data retention laws in the EU, but I don't know to what extent so I can't give any informed comments on it. I will however try to find out.
One thing I do know however, is there are no rights afforded under the Fourth Amendment of the Constitution for any personal data given to third parties (I covered this just the other day on a paper I wrote about the Patriot Act Sunset Clauses), so in essence if ThePlanet were to use any of the data going through their networks, I don't think BT would have any recourse (or the public).
Alexander Hanff
|
|
|
|
|
25-05-2008, 17:17
|
#7161
|
|
Inactive
Join Date: Apr 2008
Posts: 831
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by AlexanderHanff
snip
So it seems the www.webwise.bt.com is in fact in the US and all the rest are controlled by Phorm in the UK (registered to Phorm in the UK).
Of course this means the www.webwise.bt.com is subject to US Law and can have all the logs subpoenaed. It would be advisable not enter any information onto that website. It also seems it should be classed as illegal under Data Protection Act which disallows the exporting of personal data outside the EU.
Anyone brought this to the attention of ICO yet? I notice there is at least 1 form on there which requires you to enter sensitive personal data:
http://www.webwise.bt.com/webwise/contact.php
So this would indeed appear to be in direct breach of the DPA. In theory if ThePlanet have any DPI kit in their data centre (which I believe although I could be wrong, is required under US anti terrorist initiatives) they could in essence get all the details you enter on that form. I know there is a degree of logging in the US similar to data retention laws in the EU, but I don't know to what extent so I can't give any informed comments on it. I will however try to find out.
Alexander Hanff |
I am in the process of cotacting ICO with reference particularly to the BT Webwise Contact Us page, and the trace information above will be very helpful. I will copy the ICO complaint to the BT legal department.
Interesting that the page has the BT logo in the same place as it is on bt.com homepage, and the links at the bottom are just the same as on the genuine BT page, and the link to contact.php says "contact BT" but contains NO warnings that you just stepped out of the EU privacy protection zone. It's a complete utter con - and what's more - they know, and they know that we know - because I asked them about it AGES ago, and they even put up mirror BT Webwise pages on bt.com in response to my complaint about not wanting to visit FASTHOSTS or US hosted pages - but they didn't create any warnings.
Add to this the fact that BT Retail's own ISP pages currently offer NO customer route to information about BT Webwise, and it looks pretty pathetic - their BTYahoo! help returns zero hits for "webwise", and the bt.com search pages return one hit for "webwise" with a broken link (because they've just changed all the webwise pages to php but not told the bt.com search engine which still links to index.html rather than index.php so returning an error page). And they talk about informed consent!
I've also made reference to it in my original letter to BT Retail Legal department but not with all that trace info as the letter went in over a week ago.
I've also asked Emma Sanderson if she could just fill in the blanks with regard to which coloured boxes on the BT Webwise network diagram relate to which IP addresses, at which location, in which country, and under whose control, and in partiucular, which of the coloured boxes are FASTHOSTS and which are THEPLANET.COM and which are BT.
I'm expecting at least a reply from ICO.
|
|
|
|
|
25-05-2008, 17:26
|
#7162
|
|
Permanently Banned
Join Date: Mar 2008
Posts: 1,028
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by R Jones
I am in the process of cotacting ICO with reference particularly to the BT Webwise Contact Us page, and the trace information above will be very helpful. I will copy the ICO complaint to the BT legal department.
I've also made reference to it in my letter to BT Retail Legal department but not with all that trace info as the letter went in over a week ago.
I've also asked Emma Sanderson if she could just fill in the blanks with regard to which coloured boxes on the BT Webwise network diagram relate to which IP addresses at which location in which country and under whose control and in partiucular, which of the coloured boxes are FASTHOSTS and which are THEPLANET.COM and which are BT.
I'm expecting at least a reply from ICO.
|
Good job, did you read the paragraph I added to the end of my previous post. I added it after you quoted it so I just want to make sure you have seen it.
Actually, saying that, even if personal data given to third parties was protected under the constitution, I can't see even that would help a non US citizen, since the constitution would not apply afaik.
Alexander Hanff
|
|
|
|
|
25-05-2008, 17:38
|
#7163
|
|
Inactive
Join Date: Jan 2006
Posts: 3,270
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
it appears 4 people so far have submitted that the
http://www.webwise.bt.com
is not a Phish , but it seems they may not know about the background as it related to Phorm and BT or the statement nothing personal goes outside the internal BT network etc.
perhaps it needs explaining to them and others so as to make it clear ,as it stands currently it is ....!
http://www.phishtank.com/phish_detai...hish_id=450504
|
|
|
|
|
25-05-2008, 17:46
|
#7164
|
|
Inactive
Join Date: Apr 2008
Posts: 114
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by R Jones
I've also asked Emma Sanderson if she could just fill in the blanks with regard to which coloured boxes on the BT Webwise network diagram relate to which IP addresses, at which location, in which country, and under whose control, and in partiucular, which of the coloured boxes are FASTHOSTS and which are THEPLANET.COM and which are BT.
|
And don't forget Gyron, who now appear to be the main hosting provider for Phorm.
|
|
|
|
|
25-05-2008, 18:05
|
#7165
|
|
Inactive
Join Date: May 2008
Location: Kent
Services: No DPI Kit snooping on USERS
Posts: 447
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by AlexanderHanff
Good job, did you read the paragraph I added to the end of my previous post. I added it after you quoted it so I just want to make sure you have seen it.
Actually, saying that, even if personal data given to third parties was protected under the constitution, I can't see even that would help a non US citizen, since the constitution would not apply afaik.
Alexander Hanff
|
just posted a link over on the BT forums back to this information and added some of the information about the webwise opt-in pages hosted in US
http://www.beta.bt.com/bta/forums/th...D=23149婭
peter
|
|
|
|
|
25-05-2008, 18:15
|
#7166
|
|
Inactive
Join Date: Apr 2008
Services: Virgin - BB,TV,Phone
Sky box - with no sub
Freeview - idtv
Posts: 270
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Is it beneficial for multiple complaints to be sent to the ICO regarding the direct breach of the DPA with 'webwise.bt.com/webwise/contact.php' or is it better to just have one concise complaint?
|
|
|
|
|
25-05-2008, 18:29
|
#7168
|
|
Inactive
Join Date: Jan 2006
Posts: 3,270
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
iv marked that
http://www.phishtank.com/phish_detai...hish_id=450834
as a phish, you can do the same for the original one too,
http://www.phishtank.com/phish_detai...hish_id=450504
the more it gets the more it becomes confirmed ( it appears 4 are enough to get it listed as "is not a phish").
although there does not seem to be a way to add information to the page explaining why we know it to be the case.....!
or that it can be classed as the new form of Phishing, that being the intra-ISP assisted Phishing.
|
|
|
|
|
25-05-2008, 18:33
|
#7169
|
|
Permanently Banned
Join Date: Mar 2008
Posts: 1,028
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by popper
iv marked that as a phish, you can do the same for the original one too,the more it gets the more it becomes confirmed.
although there does not seem to be a way to add information the the page explaining why we know it to be the case.....!
or that it can be classed as the new form of Phishing, that being the intra-ISP assisted Phishing
|
Verified.
Alexander Hanff
|
|
|
|
|
25-05-2008, 19:05
|
#7170
|
|
Inactive
Join Date: Jun 2003
Services: The wonders of Sky TV BT line and Aquiss.net ADSL cable dies on 5th RIP VM.
Posts: 4,004
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by popper
|
I joined and verified it as phishing
---------- Post added at 19:05 ---------- Previous post was at 18:47 ----------
I have sent an email to Emma Sanderson which I hope will answer a few questions if I get a reply it will depend on if I have permission to copy and paste the email or just summerize it.
Quote:
Hello Emma Sanderson,
I have been following the phorm problems but became aware that a BT.com domain name that requests personal identifiable information is located on a hosting company in America that is listed in the top 10 phishing hosting companies.
Could you please explain the reasons for this, if it is within the DPA since the personal information would be outside the EU and have customers been informed this contact us page is hosted in America. If this site is not yours then you have someone out there phishing BT which is strange since you are not a bank so not such a good lucrative phish.
I am aware of Phorm and do not agree to this method of intrusion but I am not a customer this would involve. While I do work on a website that goes that extra little bit to help protect members from phishing.
This link to http://www.webwise.bt.com and the hosting phishing will be made public on our forums. I will also be posting a copy of this email.
To try and help members and customers be prepared to protect their privacy from American phishing sites it could help if you would let us know if not BTwho has control of http://www.webwise.bt.com?
If this Domain is BT's why it is hosted on third party hosting outside the EU?
If you intended to notify visitors that this domain was gathering information that was personal to them and outside the EU so not protected by the UK DPA?
I await your reply which will be posted if you agree otherwise I will just post quick summery the reply to the members.
Regards
*****
|
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 19:19.
|
Join CF
You are here: 
