Re: Newspaper Article about Cable Modem security

["Steven Osman" <sosman () terratron com>]

Saso, and everyone on this thread...

One thing that the ISP invonving themselves in security CAN gain is this...
Lawsuits galore!

If you claim to help secure people's networks -- better do a good job of it.
If you do a half-ass job (which is what the ISPs will be able to do at
best), people will eventually get hacked, and go to their ISPs for answers.

One of the wonderful things about living in the United States is the legal
system and how easy it is to sue someone.  You can sue them even if your
contract explicitly said you don't hold them liable for security violations.
Nobody said you'll win every time, but if you don't, it will sure be one
hell of a headache for the ISP.

Furthermore, this issue of liability raises an interesting point.  Which ISP
would YOU choose:

1. I'll filter out some things you can do with your internet connection.  If
you get hacked, don't look at me
2. I will let you do anything you want to with your internet connection.  If
you get hacked, don't look at me

Case #1, you need to take extra steps to secure your home.  Case #2, you
need to take extra steps to secure your home.  In this case, some people may
opt to "leave their options open" and go with #2.

Steven Osman
Terratron Technologies Inc.


----- Original Message -----
From: Saso <Saso () vsecureit net>
To: <firewall-wizards () nfr net>
Sent: Thursday, November 04, 1999 4:02 PM
Subject: Re: Newspaper Article about Cable Modem security

> ISP involving themselves in security issues can't gain a thing. And quite
> frankly, I don't think ISPs should do anything more than they can if a
> customers asks them to.
>
> If a customer wants port 139 to be closed for his xDSL line, why not. But
if
> they don't want it to, it's their own decision and they should be well
aware
> of that.