Here we go again - ISP DPI, but is it interception?
Charles Lindsey
chl at clerew.man.ac.uk
Thu Jul 29 12:47:45 BST 2010
On Wed, 28 Jul 2010 18:22:20 +0100, Peter Fairbrother
<zenadsl6186 at zen.co.uk> wrote:
> James Firth wrote:
> If they don't go to the full URL they won't be able to detect whether
> there is some bad stuff on the served page - and thus they won't be able
> to do the job they claim to be doing.
Actually, they might do better by going to the home page of the site and
crawling from there, rather than just examining some particular page for
malware.
>> What if shadow visits to the site, hypothesising that the full URL is
>> visited, caused undesired consequences such as repeat posting or
>> triggered
>> other state-changing behaviour in the destination website?
>
> Extremely likely - for instance, another access to a session-cookied
> site will almost always change the server state.
On the contrary, since TalkTalk won't be sending the proper 'cookie', they
are most unlikely to mess up some ongoing transaction, and it they do,
then it indicates that the site itself is badly designed and insecure, in
which case it deserves all it gets.
> It won't work, so it's not a good thing.
It COULD work if performed in an intelligent manner. Whether TalkTalk have
the necessary inteligence is a separate issue. You should not
underestimate them based on the meafre information we have so far (note
that they are not yet actually testing for malware - they are just
debugging their address gathering machinery).
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ukcrypto
mailing list