Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adelphia's Cable Modems Compromised

Posted by CowboyNeal on from the leaving-the-door-open dept.

texus writes "The Adelphia PowerLink Cable Modem Internet Service Provider, that serves 5.5 million customers nation wide, was found to be vulnerable of a major security flaw that allows cable modem subscribers to spy on each others traffic, as well as the ability to modify other users internet packets in realtime. The severity of a potential attack could allow a malicious subscriber to gain access to the customers private activity on the net, as well as the capabilities to hijack connections, intercept SSL/SSH/VPN encrypted sessions, hijack and poison dns servers, and perform a Denial of Service on the entire subnet. The advisory on BugTraq officially states that it didn't seem like Unix machines that logged onto the network were affected, but reports from other Adelphia subscribers indicate that this was inaccurate and Unix users are vulnerable as well."

7 of 182 comments (clear)

  1. Only if you ignore the warnings. by rob_from_ca · · Score: 5, Insightful

    Yes, this is bad for a variety of reasons.

    However, this is nothing magical, from the initial bugtraq description it sounds like just plain ole' arp snooping. Which means for encrypted, authenticated traffic (SSH/VPN/SSL), it's only going to work if the user ignores the security warnings because of the wrong keys, or the keys themselves have been stolen (a whole other ball of wax).

  2. Re:Sniff SSL Connections?!? by Ed+Avis · · Score: 5, Insightful

    If you've already connected to a host in the past, and you know what its public key looks like, then you are protected from someone else pretending to be that host (unless somehow they had got hold of the private key as well). However there is always a first time connection - when ssh prompts you saying this host is not known but its public key signature is XXX - and for that you are vulnerable to man-in-the-middle attacks.

    With SSL for websites the host's public key may be signed by some authority like Verisign. But even when it isn't, don't you just click OK automatically?

    --
    -- Ed Avis ed@membled.com
  3. Re:Sniff SSL Connections?!? by rob_from_ca · · Score: 3, Insightful

    This is why if it's important to you, you should always check the fingerprints of keys via some secure channel. I usually don't bother with SSL, but I have a cheat sheet with my SSH host keys on it in my wallet, so I can make sure I've got the right system when I connect to one of my systems.

  4. Re:Uh-oh by GigsVT · · Score: 5, Insightful

    There is no exploit, at least not in the normal sense. It's just the way TCP/IP is designed.

    IMHO, this is really a trivial problem, one that nearly all cable modem networks were always subject to. They can do some stuff to mitigate it on the network side, but really this isn't anywhere near the gravity that the Slashdot blurb makes it out to be.

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.
  5. I've said this to cable customers for years. by shepd · · Score: 3, Insightful

    It doesn't even take any particular incompetence of the network admins. _Any_ shared internet service that runs unencryped is always going to be vulnerable. It's only a hacked flash away. Security updates like this are just a little taste of the truth of surfing through a shared 'net connection.

    This is just one of the reasons why I suggest to people I know that they buy DSL. Better security, assuming competent admins.

    --
    If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
  6. HOWTO cook, fry and toast people with IP... by Ektanoor · · Score: 5, Insightful

    Well, on /. we frequently see some trolls that consider themselves so smart and experienced to say some enormities. And, I'm already seeing some saying the usual: "And so what? That's just another /. newsfud". Please, while /. is well fudded, there are things you should keep the mouth shut and think a little before saying something.

    The submission shown here may look, partially innocent for house wifes and the common guy in the street. They have lived with so many hacks, virus and trojans, that there is not much to worry about that. Unfortunately, many people do not know that such silly big providers also support someone who is not so simple and humble like your personal computer. They may be segments of corporate networks, departments that are too remotely located, that it is far cheaper to link them to some provider, rather than spending money to create an isolated channel. You may understand this, and still think that the biggest problem for the majority is the fact that information can be stolen. Correct rationale, if we consider the "majority", but again, bullshit. The big problem can be one or two clients of this provider. Clients that, if something goes wrong there, no one of us may have time even to say "shit". And no one will care to put you in a shinny wooded coffin. The best you may expect is a few tons of concrete and a mixture of chemicals so that your body quickly decomposes... Or that your body is quickly turned into ashes...

    The problem between big providers and such clients, is that, being a provider with reputation, dimension and emphasis, clients tend to forget some simple rules of the trade. They think that this huge provider does his homework and maintains a minimal level of protection. Meanwhile, these same clients, do not only forget to check the security of such links, but also forget about isolating such channels from their own critical sectors of activity. In the result, a malicious hacker may break-in in minutes into some critical zone. This may be a control station of some distribution system, an industrial zone, or the control room of the corporate network.

    Such situations happen and happen too frequently to consider it mere incidents. Thankfully, many of these break-ins are made by people who still have the shoulders in their head. Thankfully, breaking into the majority of corporate networks still demands some art and skills. However, this situation may change, if we all start considering that such problems, like the one described on the submission, are mere "features" that one may live with. If you consider that it should be that way, then don't be admired to see some big factory dropping tons of shit into the air or water. Don't be admired that suddenly a whole communication network goes fool and even 911 doesn't work in the middle of some critical situation. Don't be admired that your company produces things that blast or short-circuit at first use. Don't be admired that the lights go off every 5 minutes and all your home electronics are burning out. These are not stories taken from the hat. These are very concrete scenarios of real holes found somewhere around.

    These things do not happen now so frequently because Internet is in its very early age (and still many people, like engineers, do not trust it). But some of these holes are already there, waiting right around the corner for the first maniac script kiddie (yes, there are already holes that such lamers may exploit). If we keep this mood, of not caring about security, we will have all guarantees that something will seriously go wrong in the future.

  7. another one by ArchieBunker · · Score: 2, Insightful

    http://www.customers-of-adelphia.org/

    There seems to be a rather large number of pissed off customers.

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard