North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: (broadband routers) PC World: Flash Attack Could Take Over Your Router
On Wed, 16 Jan 2008, Gadi Evron wrote:
Props to Jeff Chan who I saw it from.
I doubt many ISP security or customer care folks are fans of UPnP.
The distribution channel (consumer electronics retail store, discount
mail order company, etc) is less important than working with the CPE vendors. I worked with a few CPE vendors for several years since 2003 to
improve some things. You may be able to figure out which CPE vendors, because they have UPnP off by default (or don't have UPnP), and other nice things such as automatic security patch loading. CPE owners take even less care of the CPE than even PCs.
But even though a few other large ISPs copied some of my requirements for their RFPs, a lot of CPE is distributed through many channels. I'm a bit suspicious of some security researcher's statistics about UPnP gateway
configurations in different markets.
If you just want to rant at network operators go ahead. But it will
probably be more productive working with CPE vendors and ISPs on a few constructive things.
What specifications can consumer electronics stores and ISPs include in the RFPs to consumer CPE vendors? What can consumer CPE vendors include
at the price-points for the market for consumer CPE? Is the Carterphone
era over, and consumers just can't handle managing CPE anymore?