RE: Newspaper Article about Cable Modem security

["Keller Dennis (DDSP)" <dkeller () ddc dla mil>]

But your average home user does not think about security.  Should your local
ISP provide a level of security?  No (and this will be hotly debated) but
they *should* provide information on the risks and solutions.  It is
ultimately up to the consumer to take some responsibility.  

Regards,
Dennis Keller
Network Security Administrator
DDSP-Z
dkeller () ddc dla mil


> -----Original Message-----
> From: REID FOX [mailto:reidfox () direct ca]
> Sent: Saturday, October 30, 1999 4:06 PM
> To: Michael Kelly; Eric Toll
> Cc: firewall-wizards () nfr net; Neil.Ratzlaff () ucop edu
> Subject: Re: Newspaper Article about Cable Modem security
>
>
> I would think that anyone connected to a public network would 
> have some
> thoughts about security. If not they will find out very 
> quickly. its the
> same old adage "we never used to lock the doors" .
> I think there are also some advantages to a cable network 
> "speed for one"
> also having a regular IP Im sure has its positive merits.
> I know I would gladly give up my 28.8 dial up and take my chances with
> cable. Remember if you log a hackers IP and they are on cable 
> there is no
> question about who had that IP at the time.
> So I think these cable lans will bring on a new wave of firewalls and
> security software for the home and small business users.
> -----Original Message-----
> From: Michael Kelly <michaelkelley () home com>
> To: Eric Toll <etoll () syracusesupply com>
> Cc: firewall-wizards () nfr net <firewall-wizards () nfr net>;
> Neil.Ratzlaff () ucop edu <Neil.Ratzlaff () ucop edu>
> Date: Friday, October 29, 1999 9:39 PM
> Subject: Re: Newspaper Article about Cable Modem security
>
>
> > Eric Toll wrote:
> > > The sad part is that even if they have file and print 
> sharing turned
> > off, you can still be hacked and or hijacked, cable modem 
> networks are >not
> distributed star, but more like a bus network  ( think of it 
> like a >river )
> and anyone can get a sniffer and "drink" packets and look for 
> > "password" or
> capture 40bit encryped https sessions, save them and >crack 
> them later to
> reveal credit card numbers etc.
> > I agree with you about this. The problem I had with the 
> article was the
> > way it was presented. "Underlying Computer Code" and all that. The
> > amount of information presented to advise people on how to 
> secure thier
> > computers was almost non-existent.
> >
> > > Do you guys think we have kiddie scripters reading this 
> stuff?  I'd hate
> to think so.
> > I'd bet on it. But on the other hand, if they are just 
> script kiddies,
> > they haven't got a clue as to what anyone is talking about.

Attachment: Keller Dennis (DDSP).vcf
Description: