[IP] more on Verizon "Broadband Router" the perfect Trojan Horse

To: ip@xxxxxxxxxxxxxx
Subject: [IP] more on Verizon "Broadband Router" the perfect Trojan Horse
From: David Farber <dave@xxxxxxxxxx>
Date: Fri, 30 Jun 2006 08:45:57 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <2f26d0220606300538p3b61837l880a459e9f4c0da3@xxxxxxxxxxxxxx>
Reply-to: dave@xxxxxxxxxx



Begin forwarded message:

From: Jon Strayer <jon@xxxxxxxxxxx>
Date: June 30, 2006 8:38:47 AM EDT
To: dave@xxxxxxxxxx
Subject: Re: [IP] Verizon "Broadband Router" the perfect Trojan Horse

On 6/29/06, David Farber <dave@xxxxxxxxxx> wrote:

From: "David P. Reed" <dpreed@xxxxxxxx>

Maybe it a lack of coffee, but I have a hard time going from this(Appendix D):


 "To support web-based applications or other CPE-related web pages on
a back-end
  web site for access from a browser within the CPE's local network,
the CPE WAN
  Management Protocol provides an optional mechanism that allows such
web sites to
  customize their content with explicit knowledge of the customer
associated with that
  CPE.  That is, the location of users browsing from inside the CPE's
LAN can be
  automatically identified without any manual login process. "

To this:

For the worst example: I direct the reader to Appendix D.   Appendix
D describes an architecture for intercepting web page requests from
the customer and redirecting them based on arbitrary policy
choices.


Specifically, step two of the process is:
 "The web site redirects the browser to a specific URL accessible
only from the

CPE's private-network (LAN) interface through which the browser"kicks" the

 CPE, providing the CPE via CGI arguments  with information it needs
to follow the
 subsequent steps (see section D.4)."

If the web site you are trying to reach doesn't redirect you back to
your CPE, nothing happens.

In other words, the standard contains the perfect tool for
controlling every Internet access a customer (or the Internet-based
equipment the customer might choose to buy at a later time) might
make, since Verizon owns and controls the router.


If and only if the rest of the web cooperates.


--
Esse quam videri
(to be rather than to seem)


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] more on Verizon "Broadband Router" the perfect Trojan Horse
Next by Date: [IP] more on Verizon "Broadband Router" the perfect Trojan Horse
Previous by thread: [IP] more on Verizon "Broadband Router" the perfect Trojan Horse
Next by thread: [IP] lets read the spec Verizon "Broadband Router"
Index(es):
- Date
- Thread