Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

[Berealwith]

Tops ............lol these forum games....sry admin

[Heed]

A related story on Slashdot re. NebuAd and the U.S. Senate inquiry. Might be a good idea to post some comments re. Phorm so the discussion can also be widened out to include both sides of the pond.

http://yro.slashdot.org/yro/08/07/08/226227.shtml

[OldBear]

Quote:

Originally Posted by Earl of Northesk

Personal Internet Security: Follow-up :

"There is another issue here which I find absolutely fascinating, which is the knotty problem of Phorm. A number of aggrieved subscribers think that an offence has been committed with their particular Internet services purely and simply because BT conducted trials secretly. However, I happen to know that a number of these aggrieved subscribers have hawked themselves around, Home Office, the Information Commissioner, law enforcement, and been given the brush-off time and time again. What are the Government actually going to do in terms of providing the relevant resources and expertise out there so that action can actually be taken against e-crime?"

You know something? I really, really like this gentleman!

Quote:

Originally Posted by warescouse

Phorm - I think you may get burned

Yup!

[pseudonym]

Quote:

Originally Posted by HamsterWheel

I see the thread is now more concerned with dog appreciation (cue jokes about Phorm) but to drag it back on topic.
http://news.bbc.co.uk/1/hi/technology/7494988.stm

So all of you who said that people's browsers sorted out phishing attacks will have to think again. Half of them are way out of date and prone to all sorts of hacking and phishing attempts. Webwise will save the day !

Since you raise the subject of out of date and insecure software (something against which phorm won't provide any protection), have you read this article on Phorm's 2007 test?


http://www.spikelab.org/blog/btProxyHorror.html

Quote:

Via: 1.0 PSBTTEST:3131 (squid/2.6.STABLE6.2.7-6)

Quote:

The other thing I learnt is all versions of squid prior to 2.6.12 suffer from a couple serious security vulnerabilities...
But so long nothing new, big telcos running bugged software is unfortunately quite a common practice.
But I was just scratching the surface. Another look at the dump revealed several referrals to dns.sysip.net (212.187.177.142), an ip owned by Level3:

And I'll also remind you Phorm's opt-in /opt-out originally came with a glaringly obvious CSRF vulnerability meaning anyone could set your opt-in /opt-out cookie by posting an image in a forum

Oh, and regarding Phorm's "phishing protection", I understand you only get if you opt-in, and you can opt-out by blocking webwise.net cookies, in which case your IP address will be blacklisted for 30 minutes... So what happens if your kids have a PC and have blocked Phorm's cookies on their computer, or you connect to your phorming ISP and are allocated an IP address that is still blacklisted having only just been released by a user who blocks webwise.net cookies, or as others have mentioned the phishers use an https address - would I be right that in all cases you'd not be protected, but would believe you are.

[Tarquin L-Smythe]

“Personal Internet Security”

A lot to read in the report lots of posturing and promises,but yet again the emphasis is set on financial loss and child abuse,whilst the aforementioned subjects are in no way trivial I read very little about data harvesting which surely is the root of all evils,lots of talk of "wake up calls" on data loss but little about data theft,liked the bit about the Govt running an public information scheme to help everyone understand the implications of good security as long as it goes further than misplacing your disk's or drives or getting your laptop pinched .Yes a lot of good promises but nothing this year,surely on a financial note tighter security would mean less financial loss so more financial input from the private sector for funding would seem a sensible place to start.Nice to see that the ineffectualness of the ICO and Police was highlighted. But its all talk and conjecture at this moment they need a push to commit themselves but I fear fighting the next election is uppermost in all govt parties in and out of office.All in all a good read needs to be thoroughly dissected I am sure we will do exactly that.

I bid you good night . Tarquin

[Rchivist]

Quote:

Originally Posted by Tarquin L-Smythe

“Personal Internet Security�

A lot to read in the report lots of posturing and promises,but yet again the emphasis is set on financial loss and child abuse,whilst the aforementioned subjects are in no way trivial I read very little about data harvesting which surely is the root of all evils,lots of talk of "wake up calls" on data loss but little about data theft,liked the bit about the Govt running an public information scheme to help everyone understand the implications of good security as long as it goes further than misplacing your disk's or drives or getting your laptop pinched .Yes a lot of good promises but nothing this year,surely on a financial note tighter security would mean less financial loss so more financial input from the private sector for funding would seem a sensible place to start.Nice to see that the ineffectualness of the ICO and Police was highlighted. But its all talk and conjecture at this moment they need a push to commit themselves but I fear fighting the next election is uppermost in all govt parties in and out of office.All in all a good read needs to be thoroughly dissected I am sure we will do exactly that.

I bid you good night . Tarquin

Good night, and good morning. Another nice quote here from the same report:
http://www.publications.parliament.u...ch/131/131.pdf

Q31 Earl of Erroll: A quick rider before I start. The
first thing I was going to say was that I did not feel
there was disrespect in the response from the
Government at all. I rather felt that there were
probably problems of budget and a feeling of how
were you going to get it out of the Treasury, therefore
the usual thing was to say “Well, let’s talk about it a
bitmore and then hope that something appears in the
next budget round� or something like that, which
was disappointing. I think what the Earl of Northesk
was asking was slightly different from what I am
about to ask which was that he was thinking about
how this was classified and whether Phorm is a crime
or is not. There are rules that would suggest that it is
but no government department wants to pick it up
and say that it is. Everyone wants to shift the buck

[bluecar1]

Quote:

Originally Posted by R Jones

Good night, and good morning. Another nice quote here from the same report:
http://www.publications.parliament.u...ch/131/131.pdf

Q31 Earl of Erroll: A quick rider before I start. The
first thing I was going to say was that I did not feel
there was disrespect in the response from the
Government at all. I rather felt that there were
probably problems of budget and a feeling of how
were you going to get it out of the Treasury, therefore
the usual thing was to say “Well, let’s talk about it a
bitmore and then hope that something appears in the
next budget round� or something like that, which
was disappointing. I think what the Earl of Northesk
was asking was slightly different from what I am
about to ask which was that he was thinking about
how this was classified and whether Phorm is a crime
or is not. There are rules that would suggest that it is
but no government department wants to pick it up
and say that it is. Everyone wants to shift the buck

way to go, Earl of Errol

i think we have a new allie, have not seen the name before, alex, give that man an invite

peter

[Rchivist]

Quote:

Originally Posted by bluecar1

way to go, Earl of Errol

i think we have a new allie, have not seen the name before, alex, give that man an invite

peter

Remember that this is priveliged because it was said in Parliament by a member of the House of Lords, so as long as it is quoted accurately, carefully and attributed, you can quote it all over the place, as long as you do so in "reporting" on the parliamentary proceedings. BT can't send you threatening legal letters!

Can anyone confirm whether El Reg has got this stuff? I don't want to bombard Chris if his usual bloodhounds have scented it out.

[OldBear]

Quote:

Originally Posted by bluecar1

way to go, Earl of Errol

i think we have a new allie, have not seen the name before, alex, give that man an invite

peter

The Earl is someone who (IMHO) would not be happy with the implemtation of Phorm/Webwise. He is a man very concerned with data protection and civil liberties.

I read an excellent debate in which both he and Baroness Miller spoke. You can read it here: http://www.theyworkforyou.com/lords/...8-06-12a.724.5

You guys might finds the debate interesting. What I know you will find interesting is this paragraph spoken by Baroness Miller: (My bold)

Quote:

I was talking with the chief executive of Phorm this week who told me that once something is stored you have lost control over it. Phorm has been the subject of an interesting article in the Economist recently which some of your Lordships may have read. It is a company on the cutting edge of what can protect the public. A bit of controversy surrounds its work because, with its client BT, it intercepted people's online business without BT customers knowing. But Phorm is certainly correct when it says that if consumers knew what was actually stored they would decide to opt for true anonymity online. This is what Phorm is trying to develop with major telecommunications clients on a global scale.

Source: http://www.publications.parliament.u...80612-0009.htm - Column 726

Is it just me, or did the CEO of Phorm actually mislead the Baroness to what Phorm actually does? I think he did.

Anyway, the Earl of Errol is a good man (with great understanding of the data protection minefield) and, from what I have read, I doubt if he would let Phorm anywhere near his browsing. (My opinion.)

OB

[phormwatch]

Tinyurl is now allowing you to enter custom URLs when creating tinyurl's. I have registered 'phorm' and 'webwise':

http://tinyurl.com/phorm

http://tinyurl.com/webwise

Register your combinations now!

[Rchivist]

A precautionary note to avoid embarrassment:

There is a new Windows update out to fix DNS vulnerabilities, which may possibly result in odd things happening to browsing if it goes at all awry. Just might be best to bear this in mind before we make any wild accusations about trials beginning in secret or anything. Don't want to look as stupid as BT.

http://news.bbc.co.uk/2/hi/technology/7496735.stm

---------- Post added at 09:41 ---------- Previous post was at 09:29 ----------

Quote:

Originally Posted by phormwatch

Tinyurl is now allowing you to enter custom URLs when creating tinyurl's. I have registered 'phorm' and 'webwise':

http://tinyurl.com/phorm

http://tinyurl.com/webwise

Register your combinations now!

Where? Can't see anything on a quick glance on the tiny url homepage

[phormwatch]

http://tinyurl.com/

You should see a 'custome alias' text box under the 'Enter a long URL to make tiny:' text box.

[madslug]

Quote:

Originally Posted by R Jones

There is a new Windows update out to fix DNS vulnerabilities, which may possibly result in odd things happening to browsing if it goes at all awry.
http://news.bbc.co.uk/2/hi/technology/7496735.stm

I heard this on the BBC World Service last night too. It does not sound like anything more than the DNS hijack vulnerability that Richard Clayton was mentioning with regard to the 307 redirects performed by the Layer 7 switch. If I recall, the earlier tests were demonstrated using a spoofed paypal site - https and all.

Here is a question for the techies: if everyone used their computer's host file for the DNS lookups that it was designed for, would that help to avoid the redirects performed by the Layer 7 switch or any other hacker/malware?

[Tarquin L-Smythe]

Quote:

Originally Posted by OldBear

The Earl is someone who (IMHO) would not be happy with the implemtation of Phorm/Webwise. He is a man very concerned with data protection and civil liberties.

I read an excellent debate in which both he and Baroness Miller spoke. You can read it here: http://www.theyworkforyou.com/lords/...8-06-12a.724.5

You guys might finds the debate interesting. What I know you will find interesting is this paragraph spoken by Baroness Miller: (My bold)


Source: http://www.publications.parliament.u...80612-0009.htm - Column 726

Is it just me, or did the CEO of Phorm actually mislead the Baroness to what Phorm actually does? I think he did.

Anyway, the Earl of Errol is a good man (with great understanding of the data protection minefield) and, from what I have read, I doubt if he would let Phorm anywhere near his browsing. (My opinion.)

OB

OB the good Baroness was saved by the good guys see from post #8844 ,don't you love a happy ending.especialy as the good Lady Baroness is Guesting the meeting. No cred for Kenty boy in the Lords

[madslug]

Quote:

Originally Posted by warescouse

I really liked this site's word possibly for the likes of Phorm and NebuAd.

Malvertising

Check it out. They say:-
"An Internet-based criminal method for the installation of unwanted or malicious software through the use of Internet advertising media networks and exchanges."

Malvertising has been around since at least April last year - first in spam directing people to a Google/Yahoo PPC url that had been infected. Some ads, after infecting you, sent you on to the real site while others dumped you onto a site which had copied the original, hoping that you would place an order and confirm any PI that they had not been able to harvest off your computer.

One thing the article omitted was the number of tracking scripts which are also infected by malware - you will see many forums where sites have been blacklisted because of 3rd party scripts that they have hosted for years without any problems, yet they have suddenly been infected by malware.

What I found most interesting in the article was that these scripts hosted by sites have access to the DOM - that I did not know.

Below the article, there is a comment about Phorm which makes for some very interesting reading too, considering the date it was written. Perhaps it explains why the fora are no longer filled by PhormPRTeam.