interesting-people message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]

Subject: [IP] more on Verizon "Broadband Router" the perfect Trojan Horse



Begin forwarded message:

From: Jon Strayer <jon@strayer.org>
Date: June 30, 2006 8:38:47 AM EDT
To: dave@farber.net
Subject: Re: [IP] Verizon "Broadband Router" the perfect Trojan Horse

On 6/29/06, David Farber <dave@farber.net> wrote:

From: "David P. Reed" <dpreed@reed.com>
Maybe it a lack of coffee, but I have a hard time going from this (Appendix D): 

 "To support web-based applications or other CPE-related web pages on
a back-end
  web site for access from a browser within the CPE's local network,
the CPE WAN
  Management Protocol provides an optional mechanism that allows such
web sites to
  customize their content with explicit knowledge of the customer
associated with that
  CPE.  That is, the location of users browsing from inside the CPE's
LAN can be
  automatically identified without any manual login process. "

To this:


For the worst example: I direct the reader to Appendix D.   Appendix
D describes an architecture for intercepting web page requests from
the customer and redirecting them based on arbitrary policy
choices.


Specifically, step two of the process is:
 "The web site redirects the browser to a specific URL accessible
only from the
CPE's private-network (LAN) interface through which the browser "kicks" the 
 CPE, providing the CPE via CGI arguments  with information it needs
to follow the
 subsequent steps (see section D.4)."

If the web site you are trying to reach doesn't redirect you back to
your CPE, nothing happens.


In other words, the standard contains the perfect tool for
controlling every Internet access a customer (or the Internet-based
equipment the customer might choose to buy at a later time) might
make, since Verizon owns and controls the router.


If and only if the rest of the web cooperates.


--
Esse quam videri
(to be rather than to seem)


-------------------------------------
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]

Powered by eList eXpress LLC