Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1999-q3

NFR Wizards Archives: Re: Newspaper Article about Cable Modem s

Re: Newspaper Article about Cable Modem security

Holger Heimann (hhit-sec.de)
Tue, 9 Nov 1999 10:40:18 +0100

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Ivan Buttinoni: "Re: ICMP"
Previous message: Mike Smith: "British Telcom's "new" HTTP"
Next in thread: David Lang: "RE: Newspaper Article about Cable Modem security"

I just loosley followed the discussion, because we've already been
demonstrating the thread even for users of conventional modems using dial-in
ISPs (with changing IPs) in 1998. I wondered what's new with this.

Since then we offer a free little online "Netbios vulnerability check" which
should be suitable for cablemodem users also, I think it's time to throw it
in now:

http://www.it-sec.de/vulchke.html

We did a survey in 1998 where we found more than 12 percent of the people
using dial-in ISPs and having file sharing enabled offering their disks to
the world. By using hashes over the service characteristics a computers
shows to the net, we were even able to recognise computers, when they dialed
in again and got a different IP number.

Highlight: a police department's disk ad no passwords, was even writable and
connected to the internal network.

so long,
Holger

-----Ursprüngliche Nachricht-----
Von: Steven Osman <sosmanterratron.com>
An: <firewall-wizardsnfr.net>
Gesendet: Montag, 8. November 1999 14:46
Betreff: Re: Newspaper Article about Cable Modem security

> Saso, and everyone on this thread...
>
> One thing that the ISP invonving themselves in security CAN gain is
this...
> Lawsuits galore!
>
> If you claim to help secure people's networks -- better do a good job of
it.
> If you do a half-ass job (which is what the ISPs will be able to do at
> best), people will eventually get hacked, and go to their ISPs for
answers.
>
> One of the wonderful things about living in the United States is the legal
> system and how easy it is to sue someone. You can sue them even if your
> contract explicitly said you don't hold them liable for security
violations.
> Nobody said you'll win every time, but if you don't, it will sure be one
> hell of a headache for the ISP.
>
> Furthermore, this issue of liability raises an interesting point. Which
ISP
> would YOU choose:
>
> 1. I'll filter out some things you can do with your internet connection.
If
> you get hacked, don't look at me
> 2. I will let you do anything you want to with your internet connection.
If
> you get hacked, don't look at me
>
> Case #1, you need to take extra steps to secure your home. Case #2, you
> need to take extra steps to secure your home. In this case, some people
may
> opt to "leave their options open" and go with #2.
>
> Steven Osman
> Terratron Technologies Inc.
>
>
> ----- Original Message -----
> From: Saso <Sasovsecureit.net>
> To: <firewall-wizardsnfr.net>
> Sent: Thursday, November 04, 1999 4:02 PM
> Subject: Re: Newspaper Article about Cable Modem security
>
> > ISP involving themselves in security issues can't gain a thing. And
quite
> > frankly, I don't think ISPs should do anything more than they can if a
> > customers asks them to.
> >
> > If a customer wants port 139 to be closed for his xDSL line, why not.
But
> if
> > they don't want it to, it's their own decision and they should be well
> aware
> > of that.
>

Next message: Ivan Buttinoni: "Re: ICMP"
Previous message: Mike Smith: "British Telcom's "new" HTTP"
Next in thread: David Lang: "RE: Newspaper Article about Cable Modem security"

This archive was generated by hypermail 2.0b3 on Tue Nov 09 1999 - 18:14:48 CST