Forums
| BadPhorm - When good ISPs go bad! :: Forums :: Phorm Discussion :: Phorm Past and Present |
|
<< Previous thread | Next thread >> |
| Phorm Security Specialist London UK job being advertised | ||
|
Moderators: Jim Murray, narcosis, felixcatuk, Sammy
|
| Author | Post | ||
| VforVendetta |
| ||
 Registered Member #281 Joined: Wed Apr 02 2008, 10:59PMPosts: 147 | I guess the conversation went something like this - ISP Marketing: "Our security guys don't know anything about your kit. Who's going to make sure that your system is secure?" Phorm: "Don't worry we will do that for you. Remember we are privacy and security specialists as well as being advertising gurus." ISP Marketing: "Great, we like your can do attitude." a little while later ..... Phorm to Recruiter: "We need a Hacker, sorry meant to say Security Specialist. Get one for us fast, I don't care how much it costs. See the real job description at totaljobs.com (Job id: 40048670) Security Specialist Location: London Salary: unspecified Company: Phorm UK Job type: Permanent [ Edited Wed Aug 06 2008, 06:57AM ] If privacy is outlawed, only outlaws will have privacy. Philip R. Zimmermann Jr. | ||
| Back to top | | ||
| felixcatuk |
| ||
felixcatuk  Registered Member #95 Joined: Wed Mar 05 2008, 12:03AMPosts: 1097 | Apparently they need someone who has "Experience with general hacking tools and techniques, including buffer overflows, race conditions, XSS, XSRF, and SQL injections". BT/Virgin/TalkTalk customers - you don't need Webwise and Phorm, pure and simple. Regulators will not protect you from Phorm. Find a Phorm Free ISP. Protect your privacy. Protect your web content. Phorm must be stopped. www.Dephormation.org.uk: Free Anti-Phorm Countermeasures for Firefox Users and Web Sites Sign the No. 10 Downing Street Petition PhormUKPRTeam/PhormUKTechTeam is a PR consultant from Citigate Dewe Rogerson. | ||
| Back to top | | ||
| felixcatuk |
| ||
| felixcatuk Registered Member #95 Joined: Wed Mar 05 2008, 12:03AMPosts: 1097 | Ohhh wait; "The platforms being tested are bespoke developments, being deployed in company data centres and partner telecommunications networks. " Shouldn't you identify security flaws like buffer overflow, race conditions, XSS, XSRF, and SQL injection at the design/system test stage? Well before you deploy into a telco data centre? [ Edited Wed Aug 06 2008, 07:12AM ] BT/Virgin/TalkTalk customers - you don't need Webwise and Phorm, pure and simple. Regulators will not protect you from Phorm. Find a Phorm Free ISP. Protect your privacy. Protect your web content. Phorm must be stopped. www.Dephormation.org.uk: Free Anti-Phorm Countermeasures for Firefox Users and Web Sites Sign the No. 10 Downing Street Petition PhormUKPRTeam/PhormUKTechTeam is a PR consultant from Citigate Dewe Rogerson. | ||
| Back to top | | ||
| VforVendetta |
| ||
| Registered Member #281 Joined: Wed Apr 02 2008, 10:59PMPosts: 147 | By the way I was not implying that all hackers are evil. 08.08.08 Anybody going? hackers are people too ;-) If privacy is outlawed, only outlaws will have privacy. Philip R. Zimmermann Jr. | ||
| Back to top | | ||
| Midnight_Voice |
| ||
 Registered Member #180 Joined: Thu Mar 13 2008, 08:51PMPosts: 334 | Aren't Phorm being a bit optimistic, advertising the job as 'Permanent'? [ Edited Wed Aug 06 2008, 08:12AM ] I'm a nonconPhormist; I won't be conned by Phorm | ||
| Back to top | | ||
| madslug |
| ||
  Registered Member #266 Joined: Tue Apr 01 2008, 12:11PMPosts: 497 | Why would they need to know "Good understanding of information security fundamentals, common security mechanisms including encryption, # functions, digital signatures, authentication protocol." - not worried about SSL,are they? Proud to be a Phorm free ISP - www.mADSLax.co.uk - Griffin reseller | ||
| Back to top | | ||
| Jim Murray |
| ||
  Registered Member #1 Joined: Thu Feb 21 2008, 08:29PMPosts: 263 | madslug wrote ... Why would they need to know "Good understanding of information security fundamentals, common security mechanisms including encryption, # functions, digital signatures, authentication protocol." - not worried about SSL,are they? Very curious indeed. Perhaps they are just now realising what an almighty big target they make and that the internet is absolutely full of people who'd just love to take a shot at it. That or the 'partner ISP's' are putting the boot in heavily because of all the adverse publicity Phorm has attracted. Either way, the list of folks with those kind of credentials is pretty short. I know a sizeable number of them and not one has a nice thing to say about Phorm. I suspect that advert will be running for quite some time.... Jim. Admin/press enquiries : [email protected] | ||
| Back to top | | ||
| Jim Murray |
| ||
| Registered Member #1 Joined: Thu Feb 21 2008, 08:29PMPosts: 263 | felixcatuk wrote ... Ohhh wait; "The platforms being tested are bespoke developments, being deployed in company data centres and partner telecommunications networks. " Shouldn't you identify security flaws like buffer overflow, race conditions, XSS, XSRF, and SQL injection at the design/system test stage? Well before you deploy into a telco data centre? Short answer.. YES! The entire Phorm project has been one of stealth, I strongly suspect they were hoping nobody would notice their 'system' and if they did that they wouldn't have a clue what it was or was doing. Now that any such hope is long since dashed they're scurrying to secure the thing as best they can before someone splits it wide open and leaves them with some very expensive egg on their faces. And they're looking for a CISSP too... I wonder if they actually know what that means! (hint for phorm - google CISSP ethics). Jim. [ Edited Wed Aug 06 2008, 04:35PM ] Admin/press enquiries : [email protected] | ||
| Back to top | | ||
| Nick255 |
| ||
 Registered Member #538 Joined: Wed Sep 03 2008, 03:45PMPosts: 1 | It is also possible that this is how Phorm intends to combat the use of SSL and VPNs. Phorm is in a perfect position to use buffer overruns and other exploits to install spyware/rootkit software. As for the legal arguments, they could argue that since they are entitled to that information anyway as part of the TOS, they have a right to use other means to obtain it should their system be circumvented. | ||
| Back to top | | ||
| Midnight_Voice |
| ||
| Registered Member #180 Joined: Thu Mar 13 2008, 08:51PMPosts: 334 | Nick255 wrote ... It is also possible that this is how Phorm intends to combat the use of SSL and VPNs. Phorm is in a perfect position to use buffer overruns and other exploits to install spyware/rootkit software. As for the legal arguments, they could argue that since they are entitled to that information anyway as part of the TOS, they have a right to use other means to obtain it should their system be circumvented. And have the ISP involved sued rotten? I rather doubt this. I'm a nonconPhormist; I won't be conned by Phorm | ||
| Back to top | | ||
Powered by e107 Forum System