Interesting People mailing list archives
more on Verizon "Broadband Router" the perfect Trojan Horse
From: David Farber <dave () farber net>
Date: Fri, 30 Jun 2006 08:45:57 -0400
Begin forwarded message: From: Jon Strayer <jon () strayer org> Date: June 30, 2006 8:38:47 AM EDT To: dave () farber net Subject: Re: [IP] Verizon "Broadband Router" the perfect Trojan Horse On 6/29/06, David Farber <dave () farber net> wrote:
Maybe it a lack of coffee, but I have a hard time going from this (Appendix D):From: "David P. Reed" <dpreed () reed com>
"To support web-based applications or other CPE-related web pages on a back-end web site for access from a browser within the CPE's local network, the CPE WAN Management Protocol provides an optional mechanism that allows such web sites to customize their content with explicit knowledge of the customer associated with that CPE. That is, the location of users browsing from inside the CPE's LAN can be automatically identified without any manual login process. " To this:
For the worst example: I direct the reader to Appendix D. Appendix D describes an architecture for intercepting web page requests from the customer and redirecting them based on arbitrary policy choices.
Specifically, step two of the process is: "The web site redirects the browser to a specific URL accessible only from theCPE's private-network (LAN) interface through which the browser "kicks" the
CPE, providing the CPE via CGI arguments with information it needs to follow the subsequent steps (see section D.4)." If the web site you are trying to reach doesn't redirect you back to your CPE, nothing happens.
In other words, the standard contains the perfect tool for controlling every Internet access a customer (or the Internet-based equipment the customer might choose to buy at a later time) might make, since Verizon owns and controls the router.
If and only if the rest of the web cooperates. -- Esse quam videri (to be rather than to seem) ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Verizon "Broadband Router" the perfect Trojan Horse David Farber (Jun 29)
- <Possible follow-ups>
- more on Verizon "Broadband Router" the perfect Trojan Horse David Farber (Jun 30)