28-05-2008, 19:04
|
#7396
|
-.- ..- .-. ... -.-
Join Date: Mar 2008
Posts: 2,854
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Are we on the right track with this campaign thingy?
Put yourself in the shoes of Joe Public. You know nothing at all about Phorm. You see a poster implying that your days of 'hiding' are over and you have nothing to 'protect' you. Isn't it a bit victim? And what do you do once you become aware that your 'hiding' days are over? Do you just get mad? Frustrated? Scared? Where do you turn for help?
We're not criminals. We would be the criminalised if deployment goes ahead.
Needs more thought I reckon.
|
|
|
28-05-2008, 19:16
|
#7397
|
Permanently Banned
Join Date: Mar 2008
Posts: 1,028
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
It keeps on coming:
http://www.p2pnet.net/story/16064
Alexander Hanff
|
|
|
28-05-2008, 19:17
|
#7398
|
Inactive
Join Date: Apr 2008
Services: Virgin - BB,TV,Phone
Sky box - with no sub
Freeview - idtv
Posts: 270
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by Kursk
Are we on the right track with this campaign thingy?
Put yourself in the shoes of Joe Public. You know nothing at all about Phorm. You see a poster implying that your days of 'hiding' are over and you have nothing to 'protect' you. Isn't it a bit victim? And what do you do once you become aware that your 'hiding' days are over? Do you just get mad? Frustrated? Scared? Where do you turn for help?
We're not criminals. We would be the criminalised if deployment goes ahead.
Needs more thought I reckon.
|
I tend to agree.
The Gadget show, whether 'geeky' or not, was great for exposure.
The daily tabloids and other mainstream programs are the best way... the problem is how to get them to take up the story?
|
|
|
28-05-2008, 19:40
|
#7399
|
Inactive
Join Date: Apr 2008
Posts: 128
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by serial
|
Very good - I'll definitely be making posts linking to that on other forums I frequent.
Have you considered adding the recent opinion from the EU?
Edit: With a link to http://www.p2pnet.net/story/16046
|
|
|
28-05-2008, 19:54
|
#7400
|
Inactive
Join Date: Mar 2008
Services: 0.4 Mbps BB + Phone
Posts: 447
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by icsys
I tend to agree.
The Gadget show, whether 'geeky' or not, was great for exposure.
The daily tabloids and other mainstream programs are the best way... the problem is how to get them to take up the story?
|
How long will it be before they profile pron and gambling? That's 50% + put off.
Phorm have been careful to say they specifically exclude these because they know it will make a big chunk of Joe public angry/worried. But they are not going to ignore half the net for long.
I don't quite know how we would use this, but given the specific exclusions, phorm must know it would be dangerous to them.
Anyone know what the original reason for the introduction of premium rate 'phone numbers was? (I don't).
What are they used for now?
Anyone know much about how Kent's old spyware stuff worked? Did it involve pron and gambling? If it did, his ISPyware won't ignore it for long.
---------- Post added at 19:54 ---------- Previous post was at 19:40 ----------
Quote:
Originally Posted by serial
|
Very useful. Could you include a link to the inphormationdesk as well?
http://www.inphormationdesk.org/
The idea behind that site is to be simple as well, but it contains quite a bit of further information for those interested. It avoids the use of a forum as well.
|
|
|
28-05-2008, 19:57
|
#7401
|
Inactive
Join Date: Mar 2008
Location: South Birmingham
Posts: 1,427
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by serial
|
Thanks serial, I'll add the new site to my blog, and also some of the other forums I frequent.
|
|
|
28-05-2008, 20:07
|
#7402
|
Inactive
Join Date: Apr 2008
Posts: 831
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Over on BT Beta forums we were assured recently by our forum moderator that webwise.bt.com was not a phishing site.
I have been trying to submit an enquiry via the webwise.bt.com/contact.php page, which appeared to be broken - but it seems although the confirmation page never showed up an email did get through. I got a reply today - the body text was the usual BT Webwise spin, and the headers are here (edited to protect the innocent)
X-Apparently-To: ******-webwise@yahoo.co.uk via 87.***.***.61; **, ** May 2008 **:30:45 +0000
X-Originating-IP: [217.32.164.151]
Authentication-Results: mta163.mail.ukl.yahoo.com from=bt.com; domainkeys=neutral (no sig)
Received: from 217.32.164.151 (EHLO smtp4.smtp.bt.com) (217.32.164.151)
by mta163.mail.ukl.yahoo.com with SMTP; **, ** May 2008 **:30:43 +0000
Received: from E03MVA2-UKBR.domain1.systemhost.net ([193.113.197.106]) by smtp4.smtp.bt.com with Microsoft SMTPSVC(6.0.3790.1830);
**, ** May 2008 **:30:43 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: FW: BT.webwise.com Contact Request
Date: **, ** May 2008 15:30:43 +0100
Message-ID: <***********@**********2-UKBR.domain1.systemhost.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: BT.webwise.com Contact Request
Thread-Index: ********3L4La2sQ69Q0WaQ3lWM+7bAgAia1zL
References: <********.************@ww3.phorm.com>
From: <bt.webwise.help.desk@bt.com>
To: <******@*******>
X-OriginalArrivalTime: ******** (UTC) FILETIME=[*************]
I'm a bit puzzled by the References: line
References: <*********.*******@ww3.phorm.com>
and wondering what that was doing in a reply to a contact form email made via what we were assured by an official BT forum moderator, was a genuine non-phishing site. In fact we were roundly told off for reporting the site as a phishing site and told to stop it.
I did a lookup on www3.phorm.com and got this:
Registrant:
Phorm, Inc.
264 W. 40th St., 16th Floor
New York, New York 10018
United States
Registered through: GoDaddy.com, Inc. ( http://www.godaddy.com)
Domain Name: PHORM.COM
Created on: 29-Apr-00
Expires on: 29-Apr-09
Last Updated on:
Administrative Contact:
Cote, Chris chris.cote@phorm.com
Phorm, Inc.
264 W. 40th St., 16th Floor
New York, New York 10018
United States
2123592030 Fax --
Technical Contact:
Clark, Allan allan.clark@phorm.com
Phorm, Inc
264 W40 Street
16th Floor
New York, New York 10018
United States
2123592030 Fax --
Domain servers in listed order:
NS1.PHORM.COM
NS2.PHORM.COM
I'm not up on the technicalities of headers so I would appreciate some advice before I take this further.
|
|
|
28-05-2008, 20:08
|
#7403
|
Inactive
Join Date: Feb 2004
Services: Finding people (retired)
Posts: 1,065
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by serial
The wording probably needs to be made simpler so any help/comments/opinions are very welcome.
Or PM me or comment here etc.
|
Use what I have written and change it as you will..
To my everlasting shame, when I was young I worked for a publicity company, but I'm better now.
I've also maintained an academic interest in psychological warfare since then, so if push comes to shove (in this case) I am prepared to assume the morals of a sewer rat, for the greater good.
|
|
|
28-05-2008, 20:08
|
#7404
|
Inactive
Join Date: Mar 2008
Location: South Birmingham
Posts: 1,427
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
on the brief news bulletin on BBC 1 just before 8 O'clock they mentioned how they got hold of a fake driving licence under the name of the Home Secretary, Jacqui Smith.
http://news.bbc.co.uk/1/hi/uk/7424238.stm
Response from the Government
Quote:
We took our documents to home office minister Meg Hillier.
"People will always try to create forgeries. We need to make sure that we secure peoples' identities," she said.
|
Is this a different home office to the one we've been getting in touch with?
|
|
|
28-05-2008, 20:21
|
#7405
|
Permanently Banned
Join Date: Mar 2008
Posts: 1,028
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by R Jones
Over on BT Beta forums we were assured recently by our forum moderator that webwise.bt.com was not a phishing site.
I have been trying to submit an enquiry via the webwise.bt.com/contact.php page, which appeared to be broken - but it seems although the confirmation page never showed up an email did get through. I got a reply today - the body text was the usual BT Webwise spin, and the headers are here (edited to protect the innocent)
X-Apparently-To: ******-webwise@yahoo.co.uk via 87.***.***.61; **, ** May 2008 **:30:45 +0000
X-Originating-IP: [217.32.164.151]
Authentication-Results: mta163.mail.ukl.yahoo.com from=bt.com; domainkeys=neutral (no sig)
Received: from 217.32.164.151 (EHLO smtp4.smtp.bt.com) (217.32.164.151)
by mta163.mail.ukl.yahoo.com with SMTP; **, ** May 2008 **:30:43 +0000
Received: from E03MVA2-UKBR.domain1.systemhost.net ([193.113.197.106]) by smtp4.smtp.bt.com with Microsoft SMTPSVC(6.0.3790.1830);
**, ** May 2008 **:30:43 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: FW: BT.webwise.com Contact Request
Date: **, ** May 2008 15:30:43 +0100
Message-ID: <***********@**********2-UKBR.domain1.systemhost.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: BT.webwise.com Contact Request
Thread-Index: ********3L4La2sQ69Q0WaQ3lWM+7bAgAia1zL
References: <********.************@ww3.phorm.com>
From: <bt.webwise.help.desk@bt.com>
To: <******@*******>
X-OriginalArrivalTime: ******** (UTC) FILETIME=[*************]
I'm a bit puzzled by the References: line
References: <*********.*******@ww3.phorm.com>
and wondering what that was doing in a reply to a contact form email made via what we were assured by an official BT forum moderator, was a genuine non-phishing site. In fact we were roundly told off for reporting the site as a phishing site and told to stop it.
I did a lookup on www3.phorm.com and got this:
Registrant:
Phorm, Inc.
264 W. 40th St., 16th Floor
New York, New York 10018
United States
Registered through: GoDaddy.com, Inc. ( http://www.godaddy.com)
Domain Name: PHORM.COM
Created on: 29-Apr-00
Expires on: 29-Apr-09
Last Updated on:
Administrative Contact:
Cote, Chris chris.cote@phorm.com
Phorm, Inc.
264 W. 40th St., 16th Floor
New York, New York 10018
United States
2123592030 Fax --
Technical Contact:
Clark, Allan allan.clark@phorm.com
Phorm, Inc
264 W40 Street
16th Floor
New York, New York 10018
United States
2123592030 Fax --
Domain servers in listed order:
NS1.PHORM.COM
NS2.PHORM.COM
I'm not up on the technicalities of headers so I would appreciate some advice before I take this further.
|
Here is some more info:
Quote:
$ dig ww3.phorm.com
; <<>> DiG 9.4.1-P1 <<>> ww3.phorm.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43499
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;ww3.phorm.com. IN A
;; ANSWER SECTION:
ww3.phorm.com. 900 IN A 88.208.250.85
;; AUTHORITY SECTION:
phorm.com. 900 IN NS ns2.phorm.com.
phorm.com. 900 IN NS ns1.phorm.com.
;; ADDITIONAL SECTION:
ns2.phorm.com. 142158 IN A 38.105.138.54
ns1.phorm.com. 142158 IN A 38.105.138.53
;; Query time: 123 msec
;; SERVER: 87.127.87.185#53(87.127.87.185)
;; WHEN: Wed May 28 20:14:44 2008
;; MSG SIZE rcvd: 128
|
The IP is registered to:
Quote:
$ whois 88.208.250.85
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '88.208.250.0 - 88.208.250.255'
inetnum: 88.208.250.0 - 88.208.250.255
netname: FASTHOSTS-UK-NETWORK
descr: UK's largest web hosting company based in Gloucester
descr: England
country: GB
admin-c: MW8691-RIPE
tech-c: GD8691-RIPE
status: ASSIGNED PA
mnt-by: AS15418-MNT
remarks: report abuse to abuse@fasthosts.co.uk
remarks: All reports via other channels will be ignored.
remarks: INFRA-AW
source: RIPE # Filtered
person: Mark Wood
address: Fasthosts Internet Limited
address: Suite 7, Discovery Court
address: 154 Southgate Street
address: Gloucester, GL1 2EX
phone: +44 1452 541251
fax-no: +44 1452 541633
nic-hdl: MW8691-RIPE
mnt-by: AS15418-MNT
source: RIPE # Filtered
person: George Daly
address: Fasthosts Internet Limited
address: Discovery House
address: 154 Southgate Street
address: Gloucester, GL1 2EX
phone: +44 1452 541251
fax-no: +44 1452 541633
nic-hdl: GD8691-RIPE
mnt-by: AS15418-MNT
source: RIPE # Filtered
% Information related to '88.208.192.0/18AS15418'
route: 88.208.192.0/18
descr: FasthostInternet Ltd
origin: AS15418
mnt-by: AS15418-MNT
source: RIPE # Filtered
|
Clearly, that contact form seems to touching Phorm's equipment somewhere along the line. This needs addressing.
A lookup on what the "References" header is reveals this:
Quote:
References: Message-ID of the message that this is a reply to, and the message-id of this message, etc.
|
This pretty much paints the whole scene. The email you got from BT is a reply to an email sent by a web site owned by Phorm (ww3.phorm.com) which confirms that the form you submitted was done on a Phorm server.
Angry does not even begin to describe how this makes me feel, especially given that BT have out and out lied in their response to this issue.
Alexander Hanff
|
|
|
28-05-2008, 20:29
|
#7406
|
Inactive
Join Date: Apr 2008
Posts: 831
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by AlexanderHanff
Here is some more info:
The IP is registered to:
Clearly, that contact form seems to touching Phorm's equipment somewhere along the line. This needs addressing.
A lookup on what the "References" header is reveals this:
This pretty much paints the whole scene. The email you got from BT is a reply to an email sent by a web site owned by Phorm (ww3.phorm.com) which confirms that the form you submitted was done on a Phorm server.
Angry does not even begin to describe how this makes me feel, especially given that BT have out and out lied in their response to this issue.
Alexander Hanff
|
Good. I was hoping for a smoking gun.
The moderator response when we had our phishing row about webwise.bt.com on Beta forums was
http://www.beta.bt.com/bta/forums/me...ID=23304#23304
" Before you start to send emails to the moderators and our abuse team about this, http://webwise.bt,com isn't a phishing site. It's merely a part of BT.com that is hosted on a different set of servers, much like bt.custhelp.com which is hosted on Right Now's servers in California. Right Now's servers also handle all of the traffic in the "Contact Us" section of BT.com just like the form on the Webwise site and with a similar level of security for handling details like your account numbers.
Sending us lots of emails reporting this will delay the abuse team from dealing with genuine reports of phishing sites so I'd appreciate it if you didn't.
Thanks"
I've emailed him directly to ask for an explanation and said that I submitted the form after his reassurance that this was an internal site and that if my details have been compromised then I hold BT responsible on the basis of his official advice.
This is now the second bit of documented evidence we have of communications through that site ending up in Phorm's hands.
What next? - I'm all fired up and ready to go!
|
|
|
28-05-2008, 20:44
|
#7407
|
Permanently Banned
Join Date: Mar 2008
Posts: 1,028
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Just make things a little more interesting, click this link in your browser:
http://ww3.phorm.com/
Hmmmm
Alexander Hanff
---------- Post added at 20:44 ---------- Previous post was at 20:33 ----------
Quote:
Originally Posted by R Jones
Good. I was hoping for a smoking gun.
I've emailed him directly to ask for an explanation and said that I submitted the form after his reassurance that this was an internal site and that if my details have been compromised then I hold BT responsible on the basis of his official advice.
This is now the second bit of documented evidence we have of communications through that site ending up in Phorm's hands.
What next? - I'm all fired up and ready to go!
|
The only explanation I can think of is this:
1. You fill in the contact form on www.webwise.bt.com (a server hosted in the US off the BT core network on an IP address recently associated with Phorm).
2. The script behind that form seems to be sending the form data to ww3.phorm.com.
3. ww3.phorm.com appears to be then sending that data to BT via email, which explains the reference header.
If anyone has anything to add, please feel free.
Alexander Hanff
|
|
|
28-05-2008, 20:50
|
#7408
|
Inactive
Join Date: Mar 2008
Services: 0.4 Mbps BB + Phone
Posts: 447
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by AlexanderHanff
A lookup on what the "References" header is reveals this:
This pretty much paints the whole scene. The email you got from BT is a reply to an email sent by a web site owned by Phorm (ww3.phorm.com) which confirms that the form you submitted was done on a Phorm server.
Alexander Hanff
|
Just trying to anticipate the wriggles. This means that it was sent from the server? Does it mean it was copied to a phorm e-mail address?
If not, what would be left on the server in the way of logs etc?
I'm just trying establish if BT/Phorm can argue that no data was collected/kept by phorm. They can probably argue it's not phishing because BT themselves must have pointed the URL towards that site.
Having said that, BT could have pointed it towards the information page, Phorm could have added the 'contact us' bit by themselves. That would be phishing.
Perhaps BT need to confirm that they authorised Phorm to collect the 'contact us' information?
|
|
|
28-05-2008, 20:51
|
#7409
|
Inactive
Join Date: Apr 2008
Posts: 28
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by serial
Over on BadPhorm a while back user HowardR posted from his BT source that they would win because:
"An argument -- any argument -- is won when a simple question elicits a simple answer, not when a mass of technicalities covering past, present and future are all dredged up. Either the answer is so good, the debate ends there and then, or it's so poor, the questioner's position is strengthened to the point of being uncontestable."
So I decided to try to make a page, simple for the layman, yet still accurate. I came up with:
http://www.DoNotTrustWebwise.org/
Thanks to Madslug for all the help and also Deph Pete.
The wording probably needs to be made simpler so any help/comments/opinions are very welcome.
It would be helpful to keep them in the thread here:
http://badphorm.co.uk/e107_plugins/f....php?6158.last
Or PM me or comment here etc.
|
serial.. you may want to mention the trials if you can fit it in..
|
|
|
28-05-2008, 20:52
|
#7410
|
Inactive
Join Date: Apr 2007
Location: Hampshire
Services: VM BB 10Mb XL & TV L
Posts: 150
|
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by icsys
I tend to agree.
The Gadget show, whether 'geeky' or not, was great for exposure.
The daily tabloids and other mainstream programs are the best way... the problem is how to get them to take up the story?
|
The Gadget Show was a bit silly at the beginning, but the presenter was passionate, and the message was the clearest that I've seen i.e. simple concepts such as the equivalent of phone wire-tapping and that you pay the ISP for a connection to the internet and that your ISP should not be selling your surfing habits.
I was disappointed with the BBC 24 and BBC news web site coverage, it felt distant and as if the BBC felt it had to cover the story but didn't really see anything wrong with Phorm. The Click! presenter emphasised the word "some", when introducing the segment and saying "some" people had issues with Phorm - the emphasis made me think that the BBC were saying "some" as in these are loony people that the BBC are distancing themselves from.
|
|
|
Currently Active Users Viewing This Thread: 6 (0 members and 6 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 04:05.
|