Saw it coming

Author	All Replies
Rhobite Premium join:2002-02-24 Cambridge, MA 1 edit	Saw it coming Cable is shared. It's always been shared, and many people don't even know that all the data on the node goes into everyone's house. All that's between you and your neighbor's browsing habits is a previously locked-down cable modem. I mentioned this on the Comcast forum a while ago, and my warning was quickly dismissed. I forget who said this (maybe qumahlin), but I was told "Technically it's possible to sniff the traffic, but it would take thousands of dollars of equipment and I've never heard of anyone doing this." Yeah, right. It was just a matter of time. This shouldn't even be a problem. I don't know the specifics on the DOCSIS encryption algorithm, but it is technically possible to have secure communications on a shared line. All you need is encryption from the headend to the CM with big keys, similar to SSL. If this isn't already being done by the cable providers, some people's jobs better be in jeopardy. Requiring signed firmware is not a solution. You CANNOT trust any equipment the customer has access to, period. Even if you make this half-assed effort to lock it down. People would just solder in a new chip with their own certificate, so they could sign firmware themselves. The only solution is to trust nobody, and encrypt all traffic on the node.
	to forum · permalink · 2004-02-05 11:04:34 ·
Rexter YeeHaw join:2002-11-17 cloud 9	This is soo true. My wireless connection is the same way. I can sniff traffic from anyone that is on the same transponder as me. But still, you have no idea where your packets are going. They can be sniffed anywhere along the line anyway. Good Internet habits are crucial no matter what kind of connection you have. So I don't mean to dismiss you warning, but to emphasize it, not only for cable customers, but any Internet connection.
	to forum · permalink · 2004-02-05 11:16:05 ·
Qumahlin Never Enough Time Premium,MVM join:2001-10-05 united state	reply to Rhobite Re: Saw it coming said by Rhobite: Cable is shared. It's always been shared, and many people don't even know that all the data on the node goes into everyone's house. All that's between you and your neighbor's browsing habits is a previously locked-down cable modem. I mentioned this on the Comcast forum a while ago, and my warning was quickly dismissed. I forget who said this (maybe qumahlin), but I was told "Technically it's possible to sniff the traffic, but it would take thousands of dollars of equipment and I've never heard of anyone doing this." Yeah, right. It was just a matter of time. This shouldn't even be a problem. I don't know the specifics on the DOCSIS encryption algorithm, but it is technically possible to have secure communications on a shared line. All you need is encryption from the headend to the CM with big keys, similar to SSL. If this isn't already being done by the cable providers, some people's jobs better be in jeopardy. Requiring signed firmware is not a solution. You CANNOT trust any equipment the customer has access to, period. Even if you make this half-assed effort to lock it down. People would just solder in a new chip with their own certificate, so they could sign firmware themselves. The only solution is to trust nobody, and encrypt all traffic on the node. Downstream traffic with no BPI can be sniffed. Upstream traffic cannot. There is more too it but not appropriate for this thread. -- Forum Posts:4004
	to forum · permalink · 2004-02-05 11:17:53 ·

Rhobite Premium join:2002-02-24 Cambridge, MA	reply to Rexter Re: This is soo true. Well you're right, a lot of people don't even want to think about what the night tech in some random data center is capable of. Just plug a stray laptop into a switch and sniff away. Everything should use SSL, for this reason. But the immediate problem is end-users sniffing each other, which is not possible with DSL (each user has their own circuit) and shouldn't be possible with cable.
	to forum · permalink · 2004-02-05 11:21:01 ·
Rexter YeeHaw join:2002-11-17 cloud 9	reply to Qumahlin Re: Saw it coming Please, we are able to read the post the first time, we don't need you to quote the whole thing again.:)
	to forum · permalink · 2004-02-05 11:25:16 ·
Rhobite Premium join:2002-02-24 Cambridge, MA	reply to Qumahlin said by Qumahlin: Downstream traffic with no BPI can be sniffed. Upstream traffic cannot. Which still opens you up to password-reset e-mails, session and login cookies, private correspondence, and browsing habits. You can still learn a lot by eavesdropping one side of a conversation.
	to forum · permalink · 2004-02-05 11:28:26 ·
b_zen Premium join:2002-07-24 Saint Louis, MO	I suggest we start a thread, that's a good discussion helper, plus we won't have to deal with that kind of self-made police LOUSY answers (as in the guy that decreed that this shouldn't be written here)... -- Join BroadbandReports.com's SETI@Home Team Don't let your computer's idle time go to waste!
	to forum · permalink · 2004-02-05 14:03:05 ·
Konaguy Live From Kailua-Kona, Hawaii Premium join:2000-10-21 Kailua Kona, HI Reviews: ·RoadRunner Cable ·Hawaiian Telcom	reply to Qumahlin When I had a Surfboard SB4100, as far as I recall BPI was not enabled.But the cable company claims to encrypt data going over the RF portion of the network using DES 56 bit encryption. "As an extra level of protection, data going through the cable modems used by Oceanic is encrypted through the RF (coaxial) portion of the Road Runner network using the DES 56-Bit Encryption standard." »www.oceanic.com/page_server/Ocea···B92.html
	to forum · permalink · 2004-02-06 00:47:58 ·
Konaguy Live From Kailua-Kona, Hawaii Premium join:2000-10-21 Kailua Kona, HI	»Baseline Privacy skipped?
	to forum · permalink · 2004-02-06 00:53:23 ·

Hacking the Surfboard > Saw it coming

This is soo true.

Re: Saw it coming

Re: This is soo true.

Re: Saw it coming