Mel
0
I was doing a tiny bit of research on Phorm last night and it occurred to me that as the Opt-out is cookie based, it should be possible to opt-in an unwilling Phorm ISP customer using cross site request forgery (csrf).
All that's required is an image link which could be hidden on a webpage or in a forum post or blog etc.
Don't worry, no opt-in images here, but you can download my test page from rapidshare.
Download-Link #1: http://rapidshare.com/files/100013497/Phorm_opt-in_exploit.html
You can check your webwise opt-in/opt-out status here http://webwise.bt.com/webwise/
All that's required is an image link which could be hidden on a webpage or in a forum post or blog etc.
Don't worry, no opt-in images here, but you can download my test page from rapidshare.
Download-Link #1: http://rapidshare.com/files/100013497/Phorm_opt-in_exploit.html
You can check your webwise opt-in/opt-out status here http://webwise.bt.com/webwise/
Last edited: