the Net Neutrality thread

Discussion in 'Politics' started by jman42028, Nov 28, 2017.

  1. is that an apology for calling me a liar?? Because its a pretty shitty one.
    • Agree Agree x 1
  2. you are so misinformed...its actually kind of sad really.
    • Like Like x 1
    • Agree Agree x 1
  3. #343 Green Wizard, Jan 12, 2018
    Last edited: Jan 12, 2018
    so fucking cry already.

    Eavesdropping Risks
    While it's a boon to uncappers, the security implications of firmware hacking go beyond mere bandwidth-boosting and theft-of-service. The topography of cable modem networks typically puts between 500 and 1,000 homes in a neighborhood on the same circuit, their Internet traffic all mingled on the same co-ax cable. Subscribers are prevented from eavesdropping on their neighbors' traffic by their own modem, which is programmed to only pass packets destined for them. By building on TCNiSO's hacking technique, a malefactor could write custom code to forward all the raw network traffic to their PC.

    Outside security experts have generally dismissed any eavesdropping threat on modern cable systems based on a belief that cable companies are encrypting customer traffic, a capability built into all DOCSIS-certified modems since 1999. But while encryption would indeed thwart any eavesdropping attempt, in the most commonly-deployed version of the DOCSIS standard, version 1.0, the encryption option is just that -- an option, and one that's turned off by default. "The security has to be there" in the modem, says Oscar Marcia, chief security architect at for CableLabs, the industry group responsible for DOCSIS. "But the [service provider] can decide when to turn it on."

    And turning it on they are, Marcia says, but slowly, and in bits and pieces, even five years after the option became available. "It's kind of a gradual process... They want to make sure that they have all the kinks worked out of their system." He adds that he expects the process to accelerate as cable companies migrate to newer versions of the DOCSIS specifications, where encryption is "on" by default, instead of off.

    SecurityFocus asked four U.S. cable modem service providers if they protected their customers with the encryption option. Comcast, Adelphia, and CableVision's Optimum Online declined comment; a spokesman for Time Warner's Road Runner service didn't return repeated phone calls on the question. Comcast's terms of service, however, acknowledges a risk of eavesdropping by "other subscribers," and Optimum Online's bluntly admits the company doesn't utilize encryption: "All Subscriber's ethernet traffic ... will be reflected by the cable Modem in an unencrypted form onto the cable network and be subject to eavesdropping."

    The architecture of cable modem networks likely prevents eavesdropping of upstream traffic, liked typed passwords and credit card numbers, and websites using SSL would be immune from passive monitoring. "But downstream traffic is certainly visible to lots of people if crypto isn't used," said AT&T security researcher Steve Bellovin, in an e-mail interview.

    The potential for spying and other mischief based on TCNiSO's research is not lost on "DerEngel" -- the 23-year-old unemployed programmer who heads the group. In an effort to be responsible, the group programmed Sigma to block execution of the VxWorks functions that change the modem's MAC address, a capability that could otherwise wreak havoc on a network in the wrong hands. And on the group's website, DerEngel offers to provide cable companies with a tool to detect Sigma in use. "If you're going to make the crack, might as well sell the glue," he says. So far, no one's taken him up on the offer.

    International Team
    DerEngel says he and a friend began hacking cable modems three years ago. Since then, the number of coders and researchers working on TCNiSO projects has grown to ten, each with specialized skill sets, hand-picked by DerEngel with the care of the roguish ringleader in a caper movie assembling a team for a big score. He has a C coder and a Windows programmer in Australia, a programmable memory expert in the U.K., testers in Europe and Canada, and an assembly language coder in Kentucky.

    The latter is "Isabella," a 31-year-old programmer who coded Sigma from her home near Louisville. Isabella scratches out a living doing odd software and hardware jobs, like designing an electronic light toy, or writing the embedded code that operates the ghosts and goblins in a local haunted house attraction every Halloween. DerEngel approached her online last year, after hearing she was good with an assembler and might be interested in helping.

    Underemployed and intrigued by the possibilities, Isabella wrote Sigma in three months of days-long spurts of creativity. She doesn't have cable modem service. "Everybody, it seems like, messes with PC-based stuff, but nobody that I know does the embedded thing," she says, explaining her interest in the project. "And Der is really nice. Some people think he's kind of crazy, but I figured out how to deal with it."

    How crazy? When Isabella mentioned to DerEngel that she was looking for a better MIPS assembler for the job, she expected him to suggest one of the free programs already available. Instead, he wrote a new one from scratch, filling it with features particularly useful to firmware hacking. "He wrote a good assembler," she says. "Der was determined to do it."

    Indeed, the accumulated talent of the group's members has begun to dwarf their raison d'être, and the coders seem to know it. DerEngel is barely interested in discussing uncapping, and speaks instead of the possibilities of writing plug-ins for Sigma -- extensible by design -- that would transform the capabilities of the Surfboard, turning it into a NAT box and a firewall. Isabella thinks they can program the modem to tune to the channels used by the cable companies' digital music feeds, which -- like TV programming -- share the co-ax with the cable modem service. The hack might let the modem send music to the user's PC, where it could be streamed in real time.

    Ultimately, DerEngel and Isabella would even like to go legit, and turn the group into a research shop for cable system providers, or at least make a deal that allows TCNiSO to test their techniques in a sanctioned laboratory setting. But after three-years as the preeminent underground think tank for cable modem uncappers, DerEngel is realistic about the future. "In this industry you can't be the good guy and the bad guy," he says. "So I guess we have to hide for now, for that reason, because everyone will perceive us as the bad guys... I think they look at us as hacking something that we shouldn't, instead of just interested in electronics and trying to get better at what we do."

    Of course, the cable industry has its own impossible dreams, which include preventing smart coders with lots of time and restless passion from hacking the next generation of cable modems. "What you're talking about only affects the DOCSIS 1.0 modems," says CableLabs' Marcia of the Surfboard hack. The DOCSIS 1.1 and 2.0 specifications only accept firmware that's been digitally signed by the cable company. "Once you move to a DOCSIS 1.1, and we already have some cable operators deploying 1.1, this hack is not a viable hack any more.... One mistake, and it turns the modem into a brick."

    But DerEngel doesn't believe any cable modem is going to be immune from customization, and he says his team is ready to prove it. "If you have to, you can just change the [programmable memory chip] -- desolder it, put it back on there," he says. "As long as the customer has the actual hardware in their hands, the customer will always be able to change what he has."
  4. You're not happy with it?
  5. Basically.

    I have been fortunate enough to have the opportunity to pose as a new customer several times. I've been out the joint since '11 and I've been paying promotional prices about that long. Paperless billing, direct draw payments and not paying a modem rental fee keeps it at a flat $45.
  6. you really are trying to get ignored by everyone aren't you? Is that your ultimate goal? To peruse an internet forum and talk to yourself?
    • Winner Winner x 1
  7. this is about hacking a modem, not "hacking cable".
  8. upload_2018-1-12_11-8-16.png
    • Like Like x 1
  9. Read the article. It's a cable modem. Cable. An internet connection shared by thousands of your neighbors.
  10. I have to remind myself that I'm arguing with two people who still support Donald Trump.
    • Like Like x 1
  11. And gw reaches into his big bag of knowledge and delivers a winger! Smh

    Sent from my SM-G935V using Grasscity Forum mobile app
  12. Low hanging fruit actually. It's too easy.
  13. And this is purely the fault of government intervention and regulation. The FCC should not even exist. All they do is hinder communications and tech and are hugely responsible for this exact kind of fuckery.

    How can anyone who claims ownership over even half a brain not see the painfully obvious and empirically objective FACT that every single thing the government touches is wildly inefficient and turns to shit?
    • Like Like x 2
    • Winner Winner x 1
  14. #355 STIGGY, Jan 14, 2018
    Last edited: Jan 14, 2018
  15. Chicken or the egg?

    The government didn't corrupt the corporations, it's the other way around. Or is it the other way around? Hmmm.

    The electromagnetic spectrum only has so much bandwidth. For orderly communications over these spectrums, it must be divided up and managed.

    I'm not saying the government is efficient, but without a managed society, there's chaos. The debate on the best way it should be managed will go on forever.
  16. You are quite literally trying to justify evil.
    • Agree Agree x 1
  17. Good and evil will always be present. The debate is how they should be managed, and to some extent, defining what is good and evil.
    • Funny Funny x 1
  18. MODEM. cable MODEM. Its that particular MODEM. You said it yourself, what are you even trying to argue?
  19. What are you even trying to figure out? I know. You don't understand the network design that is inherent with coax and it's hacking vulnerabilities.

Grasscity Deals Near You


Share This Page