[AusNOG] "All your router devices are belong to us"

Heinz N ausnog at equisoft.com.au
Sat Jun 30 20:12:24 EST 2012


> You do realise most ISPs maintain the ability to fork your data anyway 
> as part of their lawful intercept requirements right?
>
> This just looks like managed CPE to me, at a lower price point.
>
> You don't have admin on your cable modem or Foxtel box :)
>

<tinfoil hat>

Yes, you _would_ expect your ISP to have access to your bytes. You might 
also expect your ISP to administer your modem (Optus, Telstra). That is 
all fine. You _know_ this and THEY (might) have supplied the CPE. It is 
all part of the price you paid (and were hopefully informed about).

BTW: I have 100% complete and utter control of my internet connected 
devices. I insist that my clients also have this level of control: I won't 
help them otherwise.

If you buy a third party product from an overseas supplier who is subject 
to some certain (patriot act) laws, you don't want them to have any level 
of access. You have a _right_ to expect that YOU can administer your 
device and that you have COMPLETE access and control of it. You have paid 
for that, after all.

Let's move the argument that most consumer end users are completely 
clueless to one side. It is the job of _their_ ISP to help them, not some 
unknow third party.

Why does that forgeign third party company have more flagrant access to 
YOUR private internet traffic than your current ISP? Your current ISP is 
bound by the laws of _this_ land. The forgeign supplier does not care one 
little bit. In fact, those considered "aliens" by this forgeign super 
power have no rights at all. And _you_ are paying the bandwidth costs for 
them to exfiltrate your private data.

I find it personally disgusting that someone in some corporate 
headquarters somewhere in the world can decide to arbitrarily reflash YOUR 
device that you 100% paid for and then assume complete control of it and 
decide to fork off YOUR personal private data to some three letter named 
US government department. Even with completely free internet and CPE, I 
would not agree to this.

Corporate users would not stand for this crap at all, and they would vote 
with their dollars. (dumb) End users are like shooting fish in a barrel. A 
much easier target. That is why the consumer end was targetted. Don't 
forget that a lot of those end users also access their (work) corporate 
networks from home. One end of the pipe is just as good as the other if 
you want to exfiltrate data (or play man-in-the-middle).

Now, what about the ISP engineers (or family friends) that need access to 
the advanced features to fix some problem? They will also need to go 
through this (100% completely reliable) overseas cloud (and be monitored).

Methinks that something stinks. Where can I buy more tin foil? :-)

Regards,
Heinz N.

</tinfoil hat>

> </tinfoil hat>
>
> Macca
>
>
> On 30/06/2012, at 11:56 AM, Heinz N <ausnog at equisoft.com.au> wrote:
>
>> I just saw this on slashdot. Get the tin foil hats out.
>>
>> http://tech.slashdot.org/story/12/06/29/1425210/cisco-pushing-cloud-connect-router-firmware-allows-web-history-tracking
>>
>> and
>>
>> http://www.reddit.com/r/technology/comments/vptu9/linksys_just_pushed_and_installed_without_my
>>
>> Seems CISCO is disallowing local admin to their low end home/SOHO routers. Admin can apparently now only be done through their cloud (since when does a cloud ever fail!!?)...... Their conditions also state that they can monitor your traffic as they wish (and the "patriot act" NSA, FBI etc etc). No telling what the bandwidth implications of this are: and who will pay for the extra unauthorised traffic?
>>
>> You may want to rethink your equipment for SOHO clients.
>>
>> The whole issue with Telstra tracking HTTP traffic is just the start. How long before your new "trusted computing" motherboard reflashes itself and starts reporting all your stuff to Redmond (or China).
>>
>> I am happy to stick with my dumb bridged modem talking to a Linux router running iptables. Very cheap and with all the functionality of the most expensive routers and it doesn't report to some mothership cloud.
>>
>> Heinz N.
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>



More information about the AusNOG mailing list