baseline privacy ... not

Karsten km at themcminns.com
Wed May 28 11:14:06 EDT 2003 

In my case after wading through hours of frustration
of trying to get AT&T/Comcast cable to bend to my
will I ended up with installing a Cisco CPE and
an old pentium running xBSD for a firewall. It doesn't help
the shared line scenario, but its a start.

-Karsten

On Friday 23 May 2003 05:37 am, John S. Denker wrote:
#  Hi --
#
#  1) In a cable-modem system, the layer-1 signal to/from
#  your cable is physically present in your neighbors' homes.
#
#  2) To defend against the obvious privacy problems this
#  implies, the standards provide for Baseline Privacy (BPI)
#  which encrypts the signals.
#
#  So you're safe, right?
#
#  3) Evidence suggests that most cable-modem customers in
#  the US are not protected.  Many service providers have
#  Baseline Privacy turned off.  Defeated.  Disabled.
#  Skipped.  No privacy.
#
#  The evidence for this comes from
#    -- directly examining the configuration of a few modems
#    -- talking to The Cable Guy
#    -- noting that when certain small providers do implement
#       BPI, they brag about it and claim this gives them an
#       advantage over the "established" providers.
#          http://gemnets.com/c5_technical.html#question5
#
#  4) From this it appears that in most cases, all that
#  protects your privacy is security-by-obscurity.
#
#  And if you want an upper bound on how much obscurity
#  there is, note that there is a vibrant community of
#  cable-modem firmware hackers:
#     http://www.cablemodemhack.com/
#
#
#  5) It's interesting to think what customers ought to
#  do about this, short-term and/or long-term.
#    -- Obviously end-to-end security is needed.  But it is
#  not always feasible at present.  I would connect to google
#  via SSL if I could, but google doesn't implement https.
#  And that would still leave me open to traffic analysis.
#    -- Link-by-link security is never a substitute for
#  overall security, but you need some link-by-link security
#  just to cut down on traffic analysis and DoS attacks,
#  including ARP poisoning and the like.
#
#  One idea that comes to mind is to use IPsec to secure the
#  connections to an onion routing system.  Or mist / crowd /
#  whatever.
#
#  Comments?  Suggestions?
#
#
#  ---------------------------------------------------------------------
#  The Cryptography Mailing List
#  Unsubscribe by sending "unsubscribe cryptography" to
 majordomo at metzdowd.com #
#


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list