Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

[tarka]

Quote:

Originally Posted by SimonHickling

This received today from BT.

I'm pondering my response

Simon,

I wonder if we used a real world example to highlight why they cannot assume implied consent? For example autosport.com run a lot of normal news items which are readable by the public however you have to pay a subscription to read their more involved articles. The following is a link on autosports front page but when you follow it you are prompted to log in to read the entire article.

http://www.autosport.com/journal/article.php/id/1623

Google will not be allowed to view the content of these subscription articles as they have taken sufficient steps to prevent the article being generally available to the public. You have to log in with your account to view the article and notice that the authentication is not using the HTTP authentication that phorm say they will ignore.

Webwise/Phorm will still profile the content even when you QUITE CLEARLY cannot assume "implied consent".

This is just one example, how many other websites use how many different methods to protect their content? Some will use cookies to authenticate their users (like this forum) some will use server side sessions instead of cookies (this would be my personal choice), some may even use something as primitive as including something in the html code to identify the current user.

The point is that there is no standard way to protect content, it is impossible for them to say that they will recognise every single way people have protected their web pages and therefore cannot assume that they have implied consent.

[TheBruce1]

Anyone know when Steve Gibson`s podcast on phorm will be available.

[Rchivist]

Quote:

Originally Posted by rryles

I was looking over the last few pages of the thread this morning and was going to make the same point but you beat me to it.

This is a very good argument against the only "benefit" webwise offers.

> As an average web user why should I want webwise?

> Because it protects you from phising attacks for free

> Only the ones that don't use SSL - which is a diminishing percentage. The freely available browser based solutions that are enabled by default can stop every phishing attempt that webwise can and many more.

That's very difficult to argue against. The only thing missing is some hard facts on how common https versus http phishing urls are. I've had a look but so far only found anecdotal evidence from several years ago.

Well - set up a phishing trap and follow up all the phishing emails you get. Shouldn't take too long. I have a heavily spammed account I can check every now and again for my HBOS/A&L/Lloyds/Nationwide phishing emails.

[tarka]

Quote:

Originally Posted by rryles

I was looking over the last few pages of the thread this morning and was going to make the same point but you beat me to it.

This is a very good argument against the only "benefit" webwise offers.

> As an average web user why should I want webwise?

> Because it protects you from phising attacks for free

> Only the ones that don't use SSL - which is a diminishing percentage. The freely available browser based solutions that are enabled by default can stop every phishing attempt that webwise can and many more.

That's very difficult to argue against. The only thing missing is some hard facts on how common https versus http phishing urls are. I've had a look but so far only found anecdotal evidence from several years ago.

That is a very good point and one I had not thought of. Phishing sites using SSL will not be detected by webwise. That is one HUGE hole in their most argued point about protecting users against phishing attacks.

Well spotted!

[Deko]

has the PIA gone MIA ?

[AlexanderHanff]

Quote:

Originally Posted by TheBruce1

Anyone know when Steve Gibson`s podcast on phorm will be available.

It was recorded yesterday and will be available on Thursday and I thoroughly enjoyed it, first half had me laughing out loud (great for old school geeks) and the second half was entirely on Phorm and he covered pretty much all of the technical points.

Shame you guys don't get to listen to it til Thursday

Alexander Hanff

---------- Post added at 11:28 ---------- Previous post was at 11:26 ----------

Quote:

Originally Posted by Deko

has the PIA gone MIA ?

As I said last week Simon Davies is out of the country for the next couple of weeks, so it will be some time now before it raises it's head.

Alexander Hanff

[TheBruce1]

Quote:

Originally Posted by AlexanderHanff

It was recorded yesterday and will be available on Thursday and I thoroughly enjoyed it, first half had me laughing out loud (great for old school geeks) and the second half was entirely on Phorm and he covered pretty much all of the technical points.

Thanks Alex, should be a good listen.

[davews]

Quote:

Originally Posted by TheBruce1

Anyone know when Steve Gibson`s podcast on phorm will be available.

From: Steve Gibson <news07_@_grc.com>
Newsgroups: grc.securitynow

High Quality - 51,224,683 bytes
http://media.grc.com/sn/sn-151-.mp3

Low Quality - 12,824,812 bytes
http://media.grc.com/sn/sn-151-lq.mp3

--
Available now on his own servers.

[OldBear]

Just to go slightly OT for a moment. Saw this on the BBC website:

Virgin rapped on broadband speeds

Just love this bit:

Quote:

BT argued that Virgin's usage caps meant that downloads during peak times would be slower than advertised.

Talk about pot... kettle... black!

OB

[davews]

Quote:

Originally Posted by rryles

> Because it protects you from phising attacks for free

> Only the ones that don't use SSL - which is a diminishing percentage. The freely available browser based solutions that are enabled by default can stop every phishing attempt that webwise can and many more.

That's very difficult to argue against. The only thing missing is some hard facts on how common https versus http phishing urls are. I've had a look but so far only found anecdotal evidence from several years ago.

Has anybody actually asked Phorm if their anti-phishing protection only does http:// ? I know they don't profile https:// but there is nothing to say that the anti-phishing, largely done on urls, does not. We shouldn't jump to conclusions.

But I would still have far more confidence in my browser in-built anti-phishing than Phorm's variant. They refuse to say which external databases they are using, most others are quite happy to state this.

[HamsterWheel]

Quote:

Originally Posted by davews

Has anybody actually asked Phorm if their anti-phishing protection only does http:// ? I know they don't profile https:// but there is nothing to say that the anti-phishing, largely done on urls, does not. We shouldn't jump to conclusions.

.

I'm certain that Webwise will warn of both http and https phishing sites. I have asked them to confirm this though.
Remember Phorm are a sponsoring member of the AWG http://www.antiphishing.org/sponsors.html and would not be daft enough to offer something that did not cope with a large proportion of phishing attacks.

Also remember that their anti-phishing will not need you to download updates of known sites like most of the norton's etc do, so will be much more up-to-date. So a much better, and free offering than that currently available.
You see - Phorm is simply the best :-)

[tarka]

Quote:

Originally Posted by davews

Has anybody actually asked Phorm if their anti-phishing protection only does http:// ? I know they don't profile https:// but there is nothing to say that the anti-phishing, largely done on urls, does not. We shouldn't jump to conclusions.

But I would still have far more confidence in my browser in-built anti-phishing than Phorm's variant. They refuse to say which external databases they are using, most others are quite happy to state this.

As far as I am aware it won't be possible to check https url's for phisihing attacks. The first step in the process before any URL is sent is to establish the secure connection with the server, only then is the request sent at which point it is not possible to read the request (unless they have huge computers which will break all of the encryption). The only way they could check it is to intercept the https request and present an intermediate certificate which would cause alerts in your browser indicating a "man in the middle attack".

The only information they can glean is the ip address however to black list an ip address could black list a large number of other sites that would be running on the same server.

---------- Post added at 12:00 ---------- Previous post was at 11:56 ----------

Quote:

Originally Posted by HamsterWheel

I'm certain that Webwise will warn of both http and https phishing sites. I have asked them to confirm this though.
Remember Phorm are a sponsoring member of the AWG http://www.antiphishing.org/sponsors.html and would not be daft enough to offer something that did not cope with a large proportion of phishing attacks.

Also remember that their anti-phishing will not need you to download updates of known sites like most of the norton's etc do, so will be much more up-to-date. So a much better, and free offering than that currently available.
You see - Phorm is simply the best :-)

Antivirus software and browsers (that already provide this protection and CAN check https url's) automatically download the latest phising site lists without any intervention from the user.

[JackSon]

McAfee Site Advisor doesn't download a list at all; it submits the url once entered and compares it with a central database - which also means it is more up to date than a copy kept on a client machine so Webwise doesn't have any advantage over this free product either. Furthermore it scores domains on features other than just phishing - it will flag up sites that have suspicious downloads on offer (trojans and the like), sites that use browser exploits, will flag up spammy domains, or will even flag up domains for being associated with other flagged parts of the web. Those are features WebWise does not boast, despite being able to "see all of the internet".

[phormwatch]

[QUOTE=HamsterWheel;34589883]I'm certain that Webwise will warn of both http and https phishing sites. I have asked them to confirm this though.
Remember Phorm are a sponsoring member of the AWG http://www.antiphishing.org/sponsors.html and would not be daft enough to offer something that did not cope with a large proportion of phishing attacks.

Dave Jevans, Chairman of the APWG, sent me an email saying this about Phorm: 'I don't like the categorization that its an "anti phishing solution".'

[tarka]

I just did a quick search for some information to confirm the SSL connection process and found this.

http://publib.boulder.ibm.com/infoce...5/s5sslsf.html

Notice that at step 6 where the data exchange occurs (the sending and receiving of requests and data) that the encrypted tunnel is already established.