baseline privacy ... not
Karsten
km at themcminns.com
Wed May 28 11:14:06 EDT 2003
In my case after wading through hours of frustration
of trying to get AT&T/Comcast cable to bend to my
will I ended up with installing a Cisco CPE and
an old pentium running xBSD for a firewall. It doesn't help
the shared line scenario, but its a start.
-Karsten
On Friday 23 May 2003 05:37 am, John S. Denker wrote:
# Hi --
#
# 1) In a cable-modem system, the layer-1 signal to/from
# your cable is physically present in your neighbors' homes.
#
# 2) To defend against the obvious privacy problems this
# implies, the standards provide for Baseline Privacy (BPI)
# which encrypts the signals.
#
# So you're safe, right?
#
# 3) Evidence suggests that most cable-modem customers in
# the US are not protected. Many service providers have
# Baseline Privacy turned off. Defeated. Disabled.
# Skipped. No privacy.
#
# The evidence for this comes from
# -- directly examining the configuration of a few modems
# -- talking to The Cable Guy
# -- noting that when certain small providers do implement
# BPI, they brag about it and claim this gives them an
# advantage over the "established" providers.
# http://gemnets.com/c5_technical.html#question5
#
# 4) From this it appears that in most cases, all that
# protects your privacy is security-by-obscurity.
#
# And if you want an upper bound on how much obscurity
# there is, note that there is a vibrant community of
# cable-modem firmware hackers:
# http://www.cablemodemhack.com/
#
#
# 5) It's interesting to think what customers ought to
# do about this, short-term and/or long-term.
# -- Obviously end-to-end security is needed. But it is
# not always feasible at present. I would connect to google
# via SSL if I could, but google doesn't implement https.
# And that would still leave me open to traffic analysis.
# -- Link-by-link security is never a substitute for
# overall security, but you need some link-by-link security
# just to cut down on traffic analysis and DoS attacks,
# including ARP poisoning and the like.
#
# One idea that comes to mind is to use IPsec to secure the
# connections to an onion routing system. Or mist / crowd /
# whatever.
#
# Comments? Suggestions?
#
#
# ---------------------------------------------------------------------
# The Cryptography Mailing List
# Unsubscribe by sending "unsubscribe cryptography" to
majordomo at metzdowd.com #
#
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list