Forums
| BadPhorm - When good ISPs go bad! :: Forums :: Tips & Breaking News :: Tips |
|
<< Previous thread | Next thread >> |
| T-mobile Web-n-Walk "invisible" invisible proxy | ||
| Go to page >> | |
|
Moderators: Jim Murray, narcosis, felixcatuk, Sammy
|
| Author | Post | ||
| Simplepieman |
| ||
 Registered Member #296 Joined: Sat Apr 05 2008, 01:42PMPosts: 86 | Something unsurprising about T-mobile UMTS (3G) Web-n-Walk datacard is that they have an "invisible" invisible proxy, i.e. L7 switch installed, but no evidence of Phorming (no webwise cookies). I say unsurprising because T-mobile have an adult content filter and also seem to compress images when browsing to an extent that the banner on the BBC news webpage looks like a junior school arts project. I know they're using an L7 switch using 2 tests: 1.) Browse a site on one of my own servers, running TCPdump on the server and netstat on the client. Netstat reports a different local port number than the server does for remote port number in the tcpdump. Therefore there is a man in the middle. 2.) Manual TCP request. Telnet to port 80 of my server. Telnet connects and netstat reports connection but tcpdump on the server shows no SYN/ACK handshake. Submit a HTTP /1.0 GET request manually and when the resuest is sent, only then does my server report a connection, again from the right IP but the wrong port number. I say "invisible" invisible proxy because when I go to whatsmyip.org and get "more" information it reports "Proxy: No Proxy or Invisible Proxy Used" http://www.whatsmyip.org/more However when I go to the University of Washington intergrity checker it detects page modifictions, the most worrying of which is the actual REMOVAL of META keyword tag! Heaven knows why but his is most worrying. Two other concerns: 1.) What else is this proxy doing? I will write to T-Mobile with a data subject request. 2.) The true stealthiness of the invisible proxy is worrying me, as existing tools on | ||
| Back to top | | ||
| BadPhormula |
| ||
BadPhormula  Registered Member #188 Joined: Sun Mar 16 2008, 05:00PMPosts: 546 | Simplepieman wrote ... Something unsurprising about T-mobile UMTS (3G) Web-n-Walk datacard is that they have an "invisible" invisible proxy, i.e. L7 switch installed, but no evidence of Phorming (no webwise cookies). I say unsurprising because T-mobile have an adult content filter and also seem to compress images when browsing to an extent that the banner on the BBC news webpage looks like a junior school arts project. I know they're using an L7 switch using 2 tests: 1.) Browse a site on one of my own servers, running TCPdump on the server and netstat on the client. Netstat reports a different local port number than the server does for remote port number in the tcpdump. Therefore there is a man in the middle. 2.) Manual TCP request. Telnet to port 80 of my server. Telnet connects and netstat reports connection but tcpdump on the server shows no SYN/ACK handshake. Submit a HTTP /1.0 GET request manually and when the resuest is sent, only then does my server report a connection, again from the right IP but the wrong port number. I say "invisible" invisible proxy because when I go to whatsmyip.org and get "more" information it reports "Proxy: No Proxy or Invisible Proxy Used" http://www.whatsmyip.org/more However when I go to the University of Washington intergrity checker it detects page modifictions, the most worrying of which is the actual REMOVAL of META keyword tag! Heaven knows why but his is most worrying. Two other concerns: 1.) What else is this proxy doing? I will write to T-Mobile with a data subject request. 2.) The true stealthiness of the invisible proxy is worrying me, as existing tools on Yes I noticed this, the 'websense' proxy. it modifies your original pages and injects its own code! However 'websense' is supposed to be a security enhancement to stop malware, not a data mining profiler like Phormscum's 'webwise'. I have a feeling that 'websense' is going to be effected by legal arguments like Phormscum's 'webwise'. I'd hate to think Phormscum would use 'websense' in some kind of defense of their spyware 'webwise' crapolla. http://badphorm.co.uk/e107_plugins/forum/forum_viewtopic.php?3196 http://badphorm.co.uk/e107_plugins/forum/forum_viewtopic.php?3218 [ Edited Wed Apr 30 2008, 09:11PM ] Fight the Total Surveillance | ||
| Back to top | | ||
| serial |
| ||
  Registered Member #100 Joined: Wed Mar 05 2008, 06:22PMPosts: 667 | Might be of interest: Mike Millers Profile at NebuAd To save you the click: Mike is an online advertising industry veteran and early pioneer in behavioral advertising, bringing nearly two decades of experience in sales, marketing, and business development to NebuAd. With a disciplined approach to understanding and exceeding client objectives, he has directed successful marketing campaigns for companies including Expedia, University of Phoenix, NexTag, Experian, Microsoft, T-Mobile, and Nike, as well as leading advertising agencies including Avenue A, Modem Media, Carat, and OMD. Mike has spent the past 10 years building successful sales and business development teams at leading online advertising companies such as Orbitz (NASDAQ: OWW), Aptimus (NASDAQ: APTM), and Excite@Home. Mike holds a BS in Finance from the University of the Pacific and an MBA in Marketing from Santa Clara University. http://parasitestxt.org/ (Personal opinion and statement in this forum post is my copyright and may not be used nor reproduced elsewhere without my permission. To request permission send a personal message using the button below.) | ||
| Back to top | | ||
| madslug |
| ||
 Registered Member #266 Joined: Tue Apr 01 2008, 12:11PMPosts: 771 | Websense - where have I heard that before? Looking around it looks like a 'proxy' much like bluecoat. Used by businesses and schools, etc to block which sites their network can access. Even BT offer websense as part of their IT security features. Why would t-mobile be showing signs of a security proxy? Who is tracking your surfing? iCab mobile browser with its privacy controls now available to iPhone and iPod from the App Store - turn images off for faster and beacon free surfing. | ||
| Back to top | | ||
| felixcatuk |
| ||
felixcatuk   Registered Member #95 Joined: Wed Mar 05 2008, 12:03AMPosts: 2540 | Just because there's no cookie, doesn't mean there's no profile. It will be interesting to hear what T-Mobile say to your subject access request. A profile could be linked to you using a Phorm like UID number, such as your MSISDN (phone number) or IMSI (SIM card number). Another tangential connection, T-Mobile provide the underlying network for Virgin Mobile in the UK (who are now part of Virgin Media). [ Edited Wed Apr 30 2008, 10:59PM ] Ready to leave BT? Call 0800 800 030 / 0800 328 6738, get your MAC code | ||
| Back to top | | ||
| BadPhormula |
| ||
| BadPhormula Registered Member #188 Joined: Sun Mar 16 2008, 05:00PMPosts: 546 | felixcatuk wrote ... Just because there's no cookie, doesn't mean there's no profile. It will be interesting to hear what T-Mobile say to your subject access request. A profile could be linked to you using a Phorm like UID number, such as your MSISDN (phone number) or IMSI (SIM card number). Another tangential connection, T-Mobile provide the underlying network for Virgin Mobile in the UK (who are now part of Virgin Media). Now you're scaring me! I have to use broadband mobile for my out and aboutness. I had a poor signal yesterday so I decided to use the free WiFi provided by a hostelry I was lunching at, unfortunately they resticted access to my home VPN so I was wideopen exposed to being data raped. Most of the time I can get a signal, I use T-Mobile and 3UK. 3UK shares the network with T-Mobile and since this join up I have noticed some strange goings on. I am considering a Vodafone broadband connection because Vodafone allegedlly have better coverage and a most resiliant network. But since all this sh*t about profiling customer personal data has come to light thanks to Phormscum I'm worried that they are 'all' at it and we are at their collective mercy if we don't employ encrypted VPNs. [ Edited Thu May 01 2008, 07:33PM ] Fight the Total Surveillance | ||
| Back to top | | ||
| madslug |
| ||
| Registered Member #266 Joined: Tue Apr 01 2008, 12:11PMPosts: 771 | Unless the business supplying the free wi-fi is stinging you for something while you surf and needs to give you a username and password, assume that you are being profiled. No WEP = profiled. Bandwidth is not free, if you are not paying for it directly the money is still coming from somewhere. Most free wi-fi is 'sold' to business to make them profit. Who is tracking your surfing? iCab mobile browser with its privacy controls now available to iPhone and iPod from the App Store - turn images off for faster and beacon free surfing. | ||
| Back to top | | ||
| BadPhormula |
| ||
| BadPhormula Registered Member #188 Joined: Sun Mar 16 2008, 05:00PMPosts: 546 | madslug wrote ... Unless the business supplying the free wi-fi is stinging you for something while you surf and needs to give you a username and password, assume that you are being profiled. No WEP = profiled. Bandwidth is not free, if you are not paying for it directly the money is still coming from somewhere. Most free wi-fi is 'sold' to business to make them profit. Well I assumed the "free" WiFi is paid for by the fact we pay for food and drink and they want our custom. From what I remember when I have used McD's free WiFi I was able to connect to my remote VPN. (I will check tomorrow) As more and more people get mobile and depend on these mobile data connections to make a living (or just personal use) it concerns me that some of them may not be able to use a home/office VPN, because not everyone will be using a laptop with the appropriate widely available software... instead they will be using a mobile phone with web capabilites and fixed in stone (non-encryption functionality) software. Trust in these telcom companies will rapidly diminish as we expose more of their sh*tty cavalier behaviour towards us. [ Edited Thu May 01 2008, 09:04PM ] Fight the Total Surveillance | ||
| Back to top | | ||
| Simplepieman |
| ||
| Registered Member #296 Joined: Sat Apr 05 2008, 01:42PMPosts: 86 | Bad - if you are in control of your VPN server I have found it practical to have the server accept connection on port 443 as well as the usual port. That way its harder to block because it looks like SSL traffic. In fact some incarnations of OpenVPN include HTTPS wrappers so that proxies will pass the packets. | ||
| Back to top | | ||
| BadPhormula |
| ||
| BadPhormula Registered Member #188 Joined: Sun Mar 16 2008, 05:00PMPosts: 546 | Simplepieman wrote ... Bad - if you are in control of your VPN server I have found it practical to have the server accept connection on port 443 as well as the usual port. That way its harder to block because it looks like SSL traffic. In fact some incarnations of OpenVPN include HTTPS wrappers so that proxies will pass the packets. Thanks, I have played with OpenVPN on Linux and even tunnelled TCP services down its UDP, which has some weird effects on SSH. My present box is OpenBSD which is having some problems with SSH (known timing issues) which need to be resolved before I get around to adding more features to my box (that will be soon). I'm hoping to put all of my experiments into layman tutorials for other people that are concerned about this plaintext Internet we have become so complacent in trusting with our personal data. I just want to do my bit to make people more aware of the practical ways of defeating Phormscum and its sneaky friends. Btw OpenBSD boxes are quite popular for hacker attacks because they are considered to be where the good stuff is (i.e. used by pros), infact I've just had several hundred SSH attacks over the past few minutes from some @sshole in Thialand. But if you want to learn about security you've got to throw yourself into the lions den and fight fire (to mix my metaphors). [ Edited Thu May 01 2008, 10:27PM ] Fight the Total Surveillance | ||
| Back to top | | ||
| Go to page >> | |
Powered by e107 Forum System