Guspaz
Guspaz
Premium,MVM
join:2001-11-05
Montreal, QC
 ·Colbanet
| Rogers hacks into your HTTP connections!
»arstechnica.com/news.ars/post/20···ges.html
Yes, I'll admit the title is a bit sensationalist, but it's pretty accurate. They're using "Deep Packet Inspection" to (presumably) identify HTTP connections, find the start of an HTML document that you're downloading, and insert their own content into your webpage. The example Ars shows has Rogers inserting information on user bandwidth usage into the front page of Google.
Have they even thought about how this might break applications that use HTTP to communicate? What about programs that rely on parsing web sites for info?
While it appears you can opt-out, the mere fact that they're doing it is extremely frightening. Such a service would be fine if it were opt-in, but it doesn't seem to be.
Hopefully this gets canned so that other large ISPs such as Bell, Telus, Videotron, etc. don't get any ideas.
Net-neutrality? Comcast sending RST packets? Forget about that, that's small stuff. Rogers wants to control what you see on the internet. As the article points out, it's a very small step from this to inserting advertisements into pages as you browse. |
|
Exit
Premium,ExMod 2002
join:2001-04-10
Canada | They are becoming the Chinese government |
|
me13
| Now they have p$ssed Google. »www.thestar.com/Business/article/284761 |
|
wesleyw
join:2003-01-01
v5c1b
| reply to Guspaz
lol...
oh noes, they're hacking my h titty p!
it's pretty lame, not really frightening. doing something like modifying the webpages sent to you is super easy. if you want frightening, be aware that any time you are using a comp on a public network (school, library, work, etc), -anyone- connected to the network, not just the IT admin people, can do the same thing to you. this gets a lot more fun when completely different pages are sent. or even better, you go to do some online banking, but the site you log into isn't really your bank.
people have a lot more to be concerned about than rogers modifying http pages, lol. (don't get me wrong, rogers should foad, haha) |
|
Guspaz
Guspaz
Premium,MVM
join:2001-11-05
Montreal, QC
·Colbanet
| said by wesleyw  :lol... oh noes, they're hacking my h titty p! it's pretty lame, not really frightening. doing something like modifying the webpages sent to you is super easy. if you want frightening, be aware that any time you are using a comp on a public network (school, library, work, etc), -anyone- connected to the network, not just the IT admin people, can do the same thing to you. this gets a lot more fun when completely different pages are sent. or even better, you go to do some online banking, but the site you log into isn't really your bank. people have a lot more to be concerned about than rogers modifying http pages, lol. (don't get me wrong, rogers should foad, haha) You seem to have a fundamental misunderstanding of how networks work. On a public wired network (possibly wireless too, I'm not sure if they use per-client encryption), nobody else can see your traffic. This is the entire premise behind switches (as opposed to hubs). Only the IT people can do this, because only they have access to the router.
Your concern about the online bank is also false. That is called a "man in the middle" attack, and is solved by certificates (your browser would immediately know if the remote end wasn't the issuer of the certificate because the keys wouldn't match, and would block access). |
|
jackr
join:2004-03-10
Barrie, ON
2 edits | reply to wesleyw
Um, you like the idea of your privacy being exploited without a courts (or your) consent. Are you posting from China or are you just another Rogers toady?
Either way, you should be banned for being that obtuse and trolling. |
|
wesleyw
join:2003-01-01
v5c1b
| reply to Guspaz
lol
"You seem to have a fundamental misunderstanding of how networks work"
you seem to put to much faith in things working exactly how they are intended. surely it can't be possible to sniff switches?! Even without sniffing a switch you can perform a man in the middle attack, which you clearly don't understand, based on your comments. There's really no use in me explaining it in detail, check google if you really care, needless to say, it's quite easy.
Yes, online banks do use certificates. There is two problems with your assumption though. The majority of browsers out there do not block access if a certificate is not signed, they simply notify the user. There's a pretty good chance the user will just hit ok to get past this message. An even better route though is to not even use https, just plain http. For stealing bank info using a man in the middle attack definitely wouldn't be the easiest route. Dns spoofing would be easier, or a number of things.
I'm really not trying to start arguments here, my point really is just that modifying http pages is far from haxoring your internets. |
|
jackr
join:2004-03-10
Barrie, ON | Re: Rogers hacks into your HTTP connections!
Whatever you say internet tough guy. Whatever you say.  |
|
