28-05-2008, 20:58
|
#7411
|
Permanently Banned
Join Date: Mar 2008
Posts: 1,028
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by mark777
Just trying to anticipate the wriggles. This means that it was sent from the server? Does it mean it was copied to a phorm e-mail address?
If not, what would be left on the server in the way of logs etc?
I'm just trying establish if BT/Phorm can argue that no data was collected/kept by phorm. They can probably argue it's not phishing because BT themselves must have pointed the URL towards that site.
Having said that, BT could have pointed it towards the information page, Phorm could have added the 'contact us' bit by themselves. That would be phishing.
Perhaps BT need to confirm that they authorised Phorm to collect the 'contact us' information?
|
Well the fact that the sensitive personal data is being collected on a server in the US is the first issue; this would appear to break EU Data Protection directives with regards to exporting sensitive personal data outside Europe without explicit informed consent.
The second issue is the ww3.phorm.com reference header. This suggests that the email which BT's system is replying to has been sent directly from ww3.phorm.com, logically a Phorm controlled server. This means that Phorm potentially have access to -all- the data submitted in that contact us form.
The third issue is the ww3.phorm.com server must utilise some form of parser to then forward that contact us forms contents to BT via email.
We have no idea what is being logged, whether this information is being retained by Phorm or why it is even being sent to Phorm in the first place.
I think this is an important issue and shows a complete lack of transparency by all parties and seems to be breaking yet more laws.
It is simply unacceptable.
Alexander Hanff
|
|
|
28-05-2008, 21:01
|
#7412
|
Inactive
Join Date: Apr 2008
Posts: 831
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by mark777
Just trying to anticipate the wriggles. This means that it was sent from the server? Does it mean it was copied to a phorm e-mail address?
If not, what would be left on the server in the way of logs etc?
I'm just trying establish if BT/Phorm can argue that no data was collected/kept by phorm. They can probably argue it's not phishing because BT themselves must have pointed the URL towards that site.
Having said that, BT could have pointed it towards the information page, Phorm could have added the 'contact us' bit by themselves. That would be phishing.
Perhaps BT need to confirm that they authorised Phorm to collect the 'contact us' information?
|
Thanks - I too want to investigate the wriggle room!
This contact form was filled in after the moderator of the forum specifically squashed a phishing discussion about this site, and told us NOT to report it to anti-phishing sites and he said, "Before you start to send emails to the moderators and our abuse team about this, http://webwise.bt,com isn't a phishing site. It's merely a part of BT.com that is hosted on a different set of servers, much like bt.custhelp.com which is hosted on Right Now's servers in California. Right Now's servers also handle all of the traffic in the "Contact Us" section of BT.com just like the form on the Webwise site and with a similar level of security for handling details like your account numbers.
Sending us lots of emails reporting this will delay the abuse team from dealing with genuine reports of phishing sites so I'd appreciate it if you didn't.
Thanks"
He doesn't say - this BT Webwise site is managed by a recognised commercial partner.
He doesn't say - Phorm run our Webwise customer help service.
He is responding to a specific debate on his forum about the security of data handled by this site, which has taken place on the forum he moderates, and following his "reassurance" I decided to test it out by using the contact form.
BT have also kept insisting all over the place that they do not send identifiable personal data to Phorm.
But is there any "technical" wriggle room relating to the headers?
|
|
|
28-05-2008, 21:05
|
#7413
|
Permanently Banned
Join Date: Mar 2008
Posts: 1,028
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by R Jones
Thanks - I too want to investigate the wriggle room!
This contact form was filled in after the moderator of the forum specifically squashed a phishing discussion about this site, and told us NOT to report it to anti-phishing sites and he said, "Before you start to send emails to the moderators and our abuse team about this, http://webwise.bt,com isn't a phishing site. It's merely a part of BT.com that is hosted on a different set of servers, much like bt.custhelp.com which is hosted on Right Now's servers in California. Right Now's servers also handle all of the traffic in the "Contact Us" section of BT.com just like the form on the Webwise site and with a similar level of security for handling details like your account numbers.
Sending us lots of emails reporting this will delay the abuse team from dealing with genuine reports of phishing sites so I'd appreciate it if you didn't.
Thanks"
He doesn't say - this BT Webwise site is managed by a recognised commercial partner.
He doesn't say - Phorm run our Webwise customer help service.
He is responding to a specific debate on his forum about the security of data handled by this site, which has taken place on the forum he moderates, and following his "reassurance" I decided to test it out by using the contact form.
BT have also kept insisting all over the place that they do not send identifiable personal data to Phorm.
But is there any "technical" wriggle room relating to the headers?
|
The only information I can find on the "References" header is that it is the true message origin which the email is replying to. I have looked at several definitions and they all say the same thing. So in the absence of data to the contrary I have to assume that to be correct, but I am open to any email gurus interpretation.
Alexander Hanff
|
|
|
28-05-2008, 21:15
|
#7414
|
Inactive
Join Date: Mar 2008
Services: 0.4 Mbps BB + Phone
Posts: 447
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Thanks Alexander.
So even 'between' trials, Phorm is intercepting BT user data without their knowledge and passing it through their servers?
This includes <form> data and PII? This must be done either with the full knowledge of BT or Phorm is phishing. Woops.
EDIT : Is it worth taking over to BadPhorm for an opinion re: the e-mail references bit ?
|
|
|
28-05-2008, 21:16
|
#7415
|
Permanently Banned
Join Date: Mar 2008
Posts: 1,028
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by mark777
Thanks Alexander.
So even 'between' trials, Phorm is intercepting BT user data without their knowledge and passing it through their servers?
This includes <form> data and PII? This must be done either with the full knowledge of BT or Phorm is phishing. Woops.
|
As I said, that is the only way I can interpret the evidence. I could of course be wrong and certainly hope I am, but something tells me I am not.
Alexander Hanff
|
|
|
28-05-2008, 21:21
|
#7416
|
Inactive
Join Date: May 2008
Location: Kent
Services: No DPI Kit snooping on USERS
Posts: 447
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
interesting
see attached png image
it's from the ww3.phorm.com
it seems to suggest if you opt-out your profile is destroyed!!
no mention that phorm view all sites and what they are comparing against only monitor WHEN ON THEIR SITES
as you see blatently incorrect
peter
|
|
|
28-05-2008, 21:38
|
#7417
|
Inactive
Join Date: May 2008
Location: Kent
Services: No DPI Kit snooping on USERS
Posts: 447
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by serial
|
i noted the source of the page
<meta name="description" content="Does Webwise spy on you? BT and TalkTalk Carphone Warehouse customers are about to find out. Warning: Webwise infringes your privacy.">
<meta name="keywords" content="webwise phorm BT talktalk carphonewarehouse carphone warehouse phishing spying">
we need to add more in these two lines, you are allowed 256 chars in each, and google etc scan these i believe at a higher wieghting than page content
could add
illegal interception wiretap ripa DPA data protection act
to the keywords
and
illegal under ripa, data protection act and EU perc etc
to the description
that should help get it up the search engine ratings
peter
---------- Post added at 21:38 ---------- Previous post was at 21:30 ----------
just had a virus warning when i posted the last reply !!!!
FILES\CONTENT.IE5\DMRBACPE\BOARD[1].HTM.
Infection: Constructor.DOS.BWG.203
any thoughts
peter
|
|
|
28-05-2008, 21:42
|
#7418
|
Inactive
Join Date: Apr 2008
Posts: 831
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by bluecar1
i noted the source of the page
<meta name="description" content="Does Webwise spy on you? BT and TalkTalk Carphone Warehouse customers are about to find out. Warning: Webwise infringes your privacy.">
<meta name="keywords" content="webwise phorm BT talktalk carphonewarehouse carphone warehouse phishing spying">
we need to add more in these two lines, you are allowed 256 chars in each, and google etc scan these i believe at a higher wieghting than page content
could add
illegal interception wiretap ripa DPA data protection act
to the keywords
and
illegal under ripa, data protection act and EU perc etc
to the description
that should help get it up the search engine ratings
peter
---------- Post added at 21:38 ---------- Previous post was at 21:30 ----------
just had a virus warning when i posted the last reply !!!!
FILES\CONTENT.IE5\DMRBACPE\BOARD[1].HTM.
Infection: Constructor.DOS.BWG.203
any thoughts
peter
|
Make sure that any keywords in the tags ARE replicated in the body text itself. Otherwise google can penalise you for keyword stuffing.
|
|
|
28-05-2008, 21:44
|
#7419
|
Permanently Banned
Join Date: Mar 2008
Posts: 1,028
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
I had a bunch of errors about 10 minutes ago, maybe the forum has been compromised, someone needs to contact an admin, I will msg Mick.
Alexander Hanff
|
|
|
28-05-2008, 21:45
|
#7420
|
Inactive
Join Date: Apr 2008
Posts: 831
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by mark777
Thanks Alexander.
So even 'between' trials, Phorm is intercepting BT user data without their knowledge and passing it through their servers?
This includes <form> data and PII? This must be done either with the full knowledge of BT or Phorm is phishing. Woops.
EDIT : Is it worth taking over to BadPhorm for an opinion re: the e-mail references bit ?
|
Done.
and I've asked Emma for an explanation.
and I've asked the forum moderator for an explanation.
---------- Post added at 21:45 ---------- Previous post was at 21:44 ----------
Quote:
Originally Posted by AlexanderHanff
I had a bunch of errors about 10 minutes ago, maybe the forum has been compromised, someone needs to contact an admin, I will msg Mick.
Alexander Hanff
|
Same here.
|
|
|
28-05-2008, 21:46
|
#7421
|
Inactive
Join Date: Apr 2008
Location: UK
Posts: 160
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Constructor.DOS.BWG
Aliases
Constructor.DOS.BWG (Kaspersky Lab) is also known as: Constructor.BAT.BWG (Kaspersky Lab),
Description added May 31 2002
Behavior Virus Constructor
Technical details
Constructor creates batch payload programs. It is written in Basic for DOS.
It creates payload programs of the following types:
internet worms
mIRC worms
pIRC worms
installing to the win.ini
installing to the system registry startup key
installing to the startup directory
deletes antivirus programs
Constructor inserts the following comment in the beginning of batch files:
REM generated with BATCH WORM GENERATOR x.xx
|
|
|
28-05-2008, 21:46
|
#7422
|
Permanently Banned
Join Date: Mar 2008
Posts: 1,028
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
I have forwarded all this recent information on the www.webwise.bt.com issue to Chris Williams.
Alexander Hanff
|
|
|
28-05-2008, 21:49
|
#7423
|
Inactive
Join Date: Apr 2008
Posts: 831
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by AlexanderHanff
I have forwarded all this recent information on the www.webwise.bt.com issue to Chris Williams.
Alexander Hanff
|
Thanks Alex. I'll pm you with an email address for Chris.
|
|
|
28-05-2008, 21:52
|
#7424
|
Permanently Banned
Join Date: Mar 2008
Posts: 1,028
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by R Jones
Thanks Alex. I'll pm you with an email address for Chris.
|
I have Chris' email, I talk to him almost daily at the moment oh you meant your email address no problem.
Alexander Hanff
|
|
|
28-05-2008, 21:52
|
#7425
|
Inactive
Join Date: Mar 2008
Location: South Birmingham
Posts: 1,427
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
I had a page full of errors about 10 mins ago too
|
|
|
Currently Active Users Viewing This Thread: 31 (0 members and 31 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 13:06.
|