[ale] Firewalling question
Wandered Inn
esoteric at denali.atlnet.com
Fri May 7 09:19:45 EDT 1999
Michael wrote:
>
> On Thu, 06 May 1999, Glenn R. Stone wrote:
> > UnderGrid Founder wrote:
> >
> > > I've had the pleasure of playing with a Linux box with Samba on a
> > > cablemodem network and it is quite humorous as we supplied the provider with
> > > several inches of printouts of account passwords (including the provider's
> > > NT Administator account password) from just a few hours of sniffing the
> > > cable modem segment just to prove how insecure it really was... 20 mile radius
> > > LAN on one segment... our provided proof made them re-think the arch design
> > > and segment'd the network into smaller chunks...
> >
> > OK, now how do I get my own cablemodem admins (in this case, MediaNone)
> > to listen when I turn in the fact that they've got a security risk
> > running around on their own network banging on random telnet ports?
> >
> > --gs
>
> My guess is that they will tell you that the security is up to you. If you
> read closely in the contract, they(cablevision does, I don't know about media
> one) state that any material deleted or stolen from your machine does not
> put cablevision at fault. To be honest with you, securing your machine is up
> to you. Even if media one fixed its netbios problems, you can still have users that
> forget to comment out the telnet port in their config files. I guess the key
> is read and learn.......
Basically, they are pushing their problem off on to the customer. It's
like an apartment complex that has no locks installed on the doors.
Worse, since most PC users are ignorant of these issues, it would be
like putting fake locks on the doors. You think the door's locked, but
it's not. Then you find out in the small print that you are supposed to
replace the lock yourself. Then you begin to wonder about the locks on
the windows...
--
Until later: Geoffrey esoteric at denali.atlnet.com
It should be illegal to yell "Y2K" in a crowded economy.
-- Larry Wall, creator of the programming language Perl
More information about the Ale
mailing list