Re: Big Cheers for Qwest

[security curmudgeon <jericho () attrition org>]

I'm CCing the Qwest media contact listed on their page for kick. Hopefully 
Johnna can shed some light on my questions and concerns.


: Qwest would like you to know they've launched some fancy new "Consumer 
: Internet Protection."
: 
: According to Qwest, the new program notifies you that your computer is 
: infected, gives you information on how to remove the infection, and then 
: provides you with anti-virus software.
: 
: More:
: http://consumerist.com/search/internet%20qwest-launches-customer-internet-p
: rotection-program-306153.php/
: 
: Qwest:
: http://www.qwest.com/about/media/pressroom/1,1281,2234_archive,00.html
: 
: I applaud Qwest in this endeavor -- they have taken the lead among ISPs 
: to at least begin seriously addressing the botnet problem:

This will be interesting. Since Qwest gives their broadband customers a 
crappy little Actiontec router (i can't do half of my legitimate business 
work from my home network), which does manage to act as a decent firewall, 
most infections are likely from browsing bad web sites or double clicking 
attachments. Since they can't scan their customers computers, they are 
looking for this bad traffic by:

  Qwest proactively monitors its network to detect viruses or malware. 
  When one of these is discovered, the Qwest Customer Internet Protection 
  Program notifies the specific customer of the infection; gives the 
  customer information on how to remove the infection; educates the 
  customer on good Internet security practices; and provides the customer 
  with additional resources, including downloadable or online anti-virus 
  software.

  The Qwest CIPP only acts on malicious network traffic on the public 
  Internet; the program does not scan or otherwise monitor content on 
  customers' computers.

This makes me wonder what they are using to monitor, and what they are 
monitoring for. If I send Ferg a .zip with malware for him to study or 
reverse, will I be flagged? How updated are the signatures, since the big 
breakouts are often due to spyware/antivirus software not having the 
signatures for recently developed malware?

They monitor for malicious network traffic, and they don't monitor content 
on my computer. Clever wording or honest mistake? Do they monitor for 
*content on the network*?

Even more amusing, from their recommendations:

  * Make sure there's an up-to-date firewall operating on each computer 
    and on broadband Internet modems.

Qwest ships a router that does not let you load software on it really. For 
those who can, it is a very very small and very technical minority. The 
Actiontec router has a web based management interface that has a facility 
to upload new router firmware, telnet access to the router and it runs 
BusyBox (http://www.busybox.net/) that last I checked, violates the 
license (http://www.busybox.net/license.html).

  * Use passwords and strong encryption on wireless (WiFi) access points 
    to ensure networks are secure.

The router they ship comes with a blank or default password and upon 
setup, does not force you to pick a new password. If you do, there is no 
password length or complexity requirements. It also ships with WEP turned 
off.

  * Visit www.incredibleinternet.com for resources on how to have safer 
    online experiences and to learn more about identity theft prevention 
    and keeping children safer on the Internet.

Check out that site and poke around. You may notice several glaring 
security problems.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.