Another regular expression security vulnerability has been found. Regular expressions will probably be used by the likes of Phorm, NebuAd and the rest of those immoral¹ deep packet inspection "services" that run at your ISP and inspect your packets. Yes, you can supposedly opt out, but how do they know you've opted out? They use deep packet inspection to check for the cookie and its assigned value. So regardless of your opt in/out status, your packets get read. If black hats find security flaws in that part of the deep packet inspection code, you guessed it, they potentially have ISP-wide control over equipment that is already designed to capture data on the wire.

It may even happen without being detected.

This becomes a national security problem and initially affects countries like UK and USA.

Why is it so significant? Well, imagine a scenario where the enemies of these countries drain money from credit cards of the entire population, plunging the national economy into further turmoil. What is it going to take to get these governments to realize we are on the verge of an Internet security crisis and the enemy is coming from within? Short-sighted CEOs of the ISPs are after the money to subsidise bandwidth costs. It doesn't take much effort to think beyond that to see the unintended consequences and the potential scale of impact against the entire country. It's time for people to wake up, step up to their responsibilities and prevent these mechanisms from being installed everywhere. ISPs should charge appropriately for net-neutral bandwidth.

¹ I can't say illegal because the law is way behind on privacy issues. I feel justified in saying immoral because we, the users, do not want it, it invades our privacy and affects the performance and the amount of bandwidth we're already paying for, and that it brings us no great benefit that we signed up for initially and only makes us feel exploited and used for someone else's gain.