Firewall Wizards mailing list archives
Re: Newspaper Article about Cable Modem security
From: "Holger Heimann" <hh () it-sec de>
Date: Tue, 9 Nov 1999 10:40:18 +0100
I just loosley followed the discussion, because we've already been demonstrating the thread even for users of conventional modems using dial-in ISPs (with changing IPs) in 1998. I wondered what's new with this. Since then we offer a free little online "Netbios vulnerability check" which should be suitable for cablemodem users also, I think it's time to throw it in now: http://www.it-sec.de/vulchke.html We did a survey in 1998 where we found more than 12 percent of the people using dial-in ISPs and having file sharing enabled offering their disks to the world. By using hashes over the service characteristics a computers shows to the net, we were even able to recognise computers, when they dialed in again and got a different IP number. Highlight: a police department's disk ad no passwords, was even writable and connected to the internal network. so long, Holger -----Ursprüngliche Nachricht----- Von: Steven Osman <sosman () terratron com> An: <firewall-wizards () nfr net> Gesendet: Montag, 8. November 1999 14:46 Betreff: Re: Newspaper Article about Cable Modem security
Saso, and everyone on this thread... One thing that the ISP invonving themselves in security CAN gain is
this...
Lawsuits galore! If you claim to help secure people's networks -- better do a good job of
it.
If you do a half-ass job (which is what the ISPs will be able to do at best), people will eventually get hacked, and go to their ISPs for
answers.
One of the wonderful things about living in the United States is the legal system and how easy it is to sue someone. You can sue them even if your contract explicitly said you don't hold them liable for security
violations.
Nobody said you'll win every time, but if you don't, it will sure be one hell of a headache for the ISP. Furthermore, this issue of liability raises an interesting point. Which
ISP
would YOU choose: 1. I'll filter out some things you can do with your internet connection.
If
you get hacked, don't look at me 2. I will let you do anything you want to with your internet connection.
If
you get hacked, don't look at me Case #1, you need to take extra steps to secure your home. Case #2, you need to take extra steps to secure your home. In this case, some people
may
opt to "leave their options open" and go with #2. Steven Osman Terratron Technologies Inc. ----- Original Message ----- From: Saso <Saso () vsecureit net> To: <firewall-wizards () nfr net> Sent: Thursday, November 04, 1999 4:02 PM Subject: Re: Newspaper Article about Cable Modem securityISP involving themselves in security issues can't gain a thing. And
quite
frankly, I don't think ISPs should do anything more than they can if a customers asks them to. If a customer wants port 139 to be closed for his xDSL line, why not.
But
ifthey don't want it to, it's their own decision and they should be wellawareof that.
Current thread:
- RE: Newspaper Article about Cable Modem security, (continued)
- RE: Newspaper Article about Cable Modem security Michael Cassidy (Nov 02)
- Re: Newspaper Article about Cable Modem security Steven Osman (Nov 01)
- Re: Newspaper Article about Cable Modem security Wozz (Nov 01)
- Re: Newspaper Article about Cable Modem security REID FOX (Nov 01)
- Re: Newspaper Article about Cable Modem security Joseph S D Yao (Nov 02)
- Re: Newspaper Article about Cable Modem security Robert Graham (Nov 01)
- RE: Newspaper Article about Cable Modem security Robert Graham (Nov 01)
- RE: Newspaper Article about Cable Modem security Russ (Nov 02)
- Re: Newspaper Article about Cable Modem security Saso (Nov 05)
- Re: Newspaper Article about Cable Modem security Steven Osman (Nov 08)
- Re: Newspaper Article about Cable Modem security Holger Heimann (Nov 09)
- Re: Newspaper Article about Cable Modem security Saso (Nov 05)
- RE: Newspaper Article about Cable Modem security David Lang (Nov 05)
- RE: Newspaper Article about Cable Modem security sean . kelly (Nov 02)
- RE: Newspaper Article about Cable Modem security sean . kelly (Nov 02)
- RE: Newspaper Article about Cable Modem security Kevin Johnston (Nov 05)
- RE: Newspaper Article about Cable Modem security R. DuFresne (Nov 06)
- RE: Newspaper Article about Cable Modem security dreamwvr (Nov 06)
- RE: Newspaper Article about Cable Modem security ark (Nov 05)