This should help DSL and COVAD!
I am so glad I have ADSL. This is scary, can you imagine someone browsing through your PC. Anyway, I thought some of you would find this article interesting.
Published Saturday, July 10, 1999
Modem security breach lets neighbor learn a little too much
Steve Alexander / Star Tribune
Bill Jorgenson of Apple Valley knows secrets about his neighbors that he wishes he didn't, and it's all because of his new cable modem.
Three weeks ago Jorgenson, a home health care worker, ordered a high-speed Internet-access cable modem for his home PC from local cable TV provider Charter Communications. At first he was thrilled with the service. But the thrill faded when a week ago he discovered that a cable modem security breach allowed him to view the contents of the computers of more than 30 people in his area.
Jorgenson, who admits he snooped in other peoples' PCs, said he found pornography, personal financial information and address lists in the computers of other Apple Valley, Rosemount and Northfield residents who subscribe to Charter's cable modem service.
"I signed up for a cable modem for high-speed access to the Internet, but I didn't know it was high-speed access to my neighbors' computers," Jorgenson said. Cable modems are typically 30 to 50 times faster than standard computer modems.
On Friday he complained to the city of Apple Valley and to Charter Communications, the St. Louis-based cable TV company.
Charter Communications began signing up cable modem customers in the three Twin Cities suburbs about two months ago. So far about 800 consumers have signed up in those areas, but not all will be vulnerable to PC snooping.
Charles Grawe, assistant to the Apple Valley city administrator, said he's not sure whether the city's cable TV franchise agreement gives it any authority over cable modem privacy.
Charter referred calls to its Internet access provider, High Speed Access Corp. (HSA) of Denver, which said it isn't at fault. Privacy, it said, is the responsibility of consumers because all shared computer networks contain inherent security risks.
Shared files
George Salinger, HSA engineering vice president, said most consumers using cable modems never will encounter the problem, which occurs only if people decide to set up their computers to "share" files with the network so they can gain access to their PCs from another location. If consumers are going to open computers to the network, they should create passwords to protect the PCs from unauthorized snooping, he said.
Opening a computer to share its contents with the cable modem network is easily done through a Microsoft Windows function called "file sharing," Salinger said. Activating the function automatically triggers Windows to suggest that the person create a password, and only those who ignore that suggestion are at risk of having their PC privacy breached, he said.
"This is a common, well-known problem of networks. This is not an exception, and it is not the first time it has happened," Salinger said. Most cable modem systems are vulnerable, as are some types of DSL high-speed Internet access from telephone companies, he said.
Consumers are warned about the security problem when they sign up for cable modem service, but it appears that many don't understand the importance of passwords, Salinger said.
Other cable TV companies also are aware of the problem. Colleen Miller, a spokeswoman for MediaOne, the Denver-based cable TV firm that serves more than 60 percent of the Twin Cities, said her firm's cable modem installers are told to make sure that the file sharing function on a consumer's computer is turned off.
"As long as you turn off file-sharing, it's not a problem," she said.
'Network neighborhood'
Jorgenson, who describes himself as "just an average joe with a little bit of knowledge" of computers, said he discovered that other computers were open to him by clicking on the "network neighborhood" icon on his computer's Windows Explorer directory. That brought up names of other computers on the cable modem network, which were identified by "user names" belonging to some area residents and, apparently, Twin Cities companies.
One of the computers he accessed belonged to "the biggest porn freak in the world, and I didn't want to know that. One guy had a construction business, and I could look at his Word documents and see his price quotes. There's everything down to the simplest school papers and personal address books. It's horrific" that such information is readily available to outsiders, he said.
Jorgenson said it took him a while to figure out how to communicate with his neighbors about the security problem. Then one day he used his access to another person's PC to cause this message to appear on that computer's printer:
"Call Charter Communications if you can read this. If I can read your hard drive, someone else could too."
However, Jorgenson apparently was the first to complain to Charter. "Maybe I was the only one crazy enough to say I don't want anybody else looking at my computer," he said.
Charter said it has 30,000 cable TV customers in Apple Valley, Rosemount and Northfield. The 800 cable modem users, a relatively large number for a start-up service, may reflect a trial period in which HSA offered free service until July 15. After that, customers will be charged $39.95 a month for the service plus $9.95 a month to rent the cable modem, said Ferris Peery, HSA executive vice president of network sales.
Mary Neely-Carlson, a spokeswoman for HSA, said the company plans to continue consumer education efforts to encourage people to use passwords if they share their computers on the cable modem network.
"Sometimes, because it's new technology, it takes a while for consumers to understand it. You have to educate them over and over again," she said.
© Copyright 1999 Star Tribune. All rights reserved.
|
