Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on Verizon "Broadband Router" the perfect Trojan Horse

From: David Farber <dave () farber net>
Date: Fri, 30 Jun 2006 08:45:57 -0400


Begin forwarded message:

From: Jon Strayer <jon () strayer org>
Date: June 30, 2006 8:38:47 AM EDT
To: dave () farber net
Subject: Re: [IP] Verizon "Broadband Router" the perfect Trojan Horse

On 6/29/06, David Farber <dave () farber net> wrote:

From: "David P. Reed" <dpreed () reed com>
Maybe it a lack of coffee, but I have a hard time going from this (Appendix D): 

 "To support web-based applications or other CPE-related web pages on
a back-end
  web site for access from a browser within the CPE's local network,
the CPE WAN
  Management Protocol provides an optional mechanism that allows such
web sites to
  customize their content with explicit knowledge of the customer
associated with that
  CPE.  That is, the location of users browsing from inside the CPE's
LAN can be
  automatically identified without any manual login process. "

To this:


For the worst example: I direct the reader to Appendix D.   Appendix
D describes an architecture for intercepting web page requests from
the customer and redirecting them based on arbitrary policy
choices.


Specifically, step two of the process is:
 "The web site redirects the browser to a specific URL accessible
only from the
CPE's private-network (LAN) interface through which the browser "kicks" the 
 CPE, providing the CPE via CGI arguments  with information it needs
to follow the
 subsequent steps (see section D.4)."

If the web site you are trying to reach doesn't redirect you back to
your CPE, nothing happens.


In other words, the standard contains the perfect tool for
controlling every Internet access a customer (or the Internet-based
equipment the customer might choose to buy at a later time) might
make, since Verizon owns and controls the router.


If and only if the rest of the web cooperates.


--
Esse quam videri
(to be rather than to seem)


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: