Slashdot Mirror

← Back to Stories (view on slashdot.org)

Excite@Home Claims Broadband 'Safe'

Posted by timothy on from the only-customers-with-computers-should-worry dept.

photozz writes: "Ya know it's rare when an article can get me angry, but this has managed. Cable provider Excite@Home claims that their users are 'relatively' free of attack from hackers due to DHCP, and say you should only be concerned if they are storing private information on their PC's. From the article:'The fear created in consumers' minds is actually greater than the risk that exists,' he said. 'If a customer operates the computer in a safe manner, there shouldn't be any problem.'" Perhaps not surprising that @Home would downplay the risk, but photozz is right -- the fear in broadband customers' minds ought actually be higher, not lower. BackOrifice, zombie attacks etc., ought to frighten the broadband providers into pushing at least simple firewall software themselves perhaps.

4 of 356 comments (clear)

  1. Corrections by Shagg · · Score: 5
    Actually, if you read the article, the majority of it is talking about how INSECURE broadband connections are, and experts were quoted saying that everyone should be running a "personal firewall".

    The DHCP remark was made by a DSL provider, NOT by EXCITE@HOME. The @HOME representative was quoted as saying that their techs take precautions during the installation such as "Disabling file sharing". They also say that people should take more precautions if they have "sensitive information" on their PC, not "private information", and that while Excite@home does not provide such software, they did say that they are willing to help a customer install and set it up to work with their service.

    I'm not much of a fan of @HOME's tech support and security policies either(personally I run an ipchains firewall on my @HOME account), but the original poster made a pretty inaccurate review of the article and painted Excite as being more clueless than they actually were.

    Don't be too quick to jump on the "bash @HOME's security advice" bandwagon based upon the posters comments. Read the quotes in the article for yourself first, the original poster was way off the mark.

    --
    Unix is user friendly, it's just selective about who its friends are.
  2. Re:Elf Bowling by wirefarm · · Score: 5

    "Because Windows 98 does not by default have lots of services running and doesn't have a good command prompt, it's harder and a less desirable target for crackers..."

    Would that be "Security through unusability"?

    ;-)
    Cheers,
    Jim in Tokyo

    --
    -- My Weblog.
  3. It's a double-edged sword by petermarks · · Score: 5

    I use the austrialian excite@home, and we get probed every day. It's important to warn consumers about the risks, - don't turn any services on that you can't control, stay up to date etc.

    What would be worse would be for the broadband provider to put a big filtered firewall in the way so I couldn't use the internet the way I want.

    What might be best is the ability for consumers to choose "safe/protected" mode or "open" mode where we are responsible for our own firewall.

  4. DHCP != security by Platinum+Dragon · · Score: 5

    DHCP just makes you a slightly moving target, and if an attacker is looking for victims, they probably won't restrict their portscans and probes to single addresses, but IP ranges. I occasionally do a sweep of my university's residence network just for yuks, and I've run across a few unsecured boxen, Windows and Linux alike (the guy in Pitman Hall who just installed Debian, this means you!)

    However, there are some simple ways to make your broadband connection a little bit less like swiss cheese:

    1) Disable file sharing and remote login - Running Windows? Take a look for any folder or file with that little hand icon, and un-share them. Even better, just go into Control Panel -> Network and shut it off completely. Don't think passwords on your shares will help you, as a recent bug was discovered in Win9X share-level password protection where a one-byte character string can be used to bypass a protected share should that byte happen to match the first byte of the actual password. If you're on Linux/*BSD, for the love of Bob shut off NFS, ftpd, telnetd, Apache, and the like until you know what you're doing! Can you say "backdoor"? Even experienced admins leave the occasional hole, and default installs aren't often known for being secure (OpenBSD people, stuff it while I make a point for everyone else:).

    2) Don't let anything run automatically - Java and ActiveX in IE and Netscape installing and running automagically? Kill it. Auto-DCC in IRC clients? Un-auto it. Run attachments on preview in Outlook, or run macros in Word documents? You know the drill. Don't let a damn thing run automatically unless you actually know what's taking place. If I ever see LIFE-STAGES.TXT offered to me by DCC again, I'm going to reach through the monitor and shove a virus scanner up the patoot of the victim. The world doesn't need another Melissa or backdoor being passed around just by opening an e-mail in a brain-dead-by-default program.

    3) Check for patches and follow directions - MS didn't tell people to change their Outlook settings while it took them a month to patch the program in the wake of ILOVEYOU because it was fun for everyone. Red Hat isn't releasing megs of updates for Red Hat 7 so you can sit there and kvetch about buggy .0 releases. You don't think the latest macro virus craze can get you? Think again, spam-boy; why do you think Unix/Linux vendors have been going batshit looking for format string holes in their software offerings? The exploits may be merely theoretical, but it's best to close them up before the theoretical becomes practical (with apologies to the L0pht).

    4) Extra steps if you're really careful and/or paranoid - Old 486: $50. Geek on a caffeine high: $5, $0 if s/he's already jacked on coffee. OpenBSD or Slackware burned on a CD: $0. A kickass firewall to confound the kiddiez with the latest 'sploits and nmap: priceless.

    5) Ignore the DSL/cable pissing contest - Nothing to see here, move along...

    I'm glad to say most cable installers where I live have a brain, and hence make sure filesharing is turned off in Win9x when they set up your system. Linux/BSD geeks usually have to take matters into their own hands, but most usually know enough to at least kill nfsd and ftpd if they're not going to be used. (Incidentally, this is also why Red Hat and others need to stop enabling every conceivable service by default.)

    Closing your box off to kiddies is acutallly pretty easy. However, back-patting fluff like this Excite dropping does way more harm than good by instilling that false sense of security that leads people to think its OK to let attachments run automatically, or leave all those services running on their new Mandrake box. Hard advice is better than press releases and misrepresenting technologies as security measures.
    -------------

    --

    Someday, you're going to die. Get over it.