Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 65k members.


    Advertisement

    Page 6 of 7 FirstFirst ... 4567 LastLast
    Results 51 to 60 of 68

    Breaking the Terms and Conditions - Your Views Welcome

    This is a discussion on Breaking the Terms and Conditions - Your Views Welcome within the Sky Broadband help forums, part of the Sky Broadband help and support category; Originally Posted by TSx James, nice to see that you're famous I haven't been this chuffed since I got mentioned ...

    1. #51
      James67's Avatar
      James67 is offline Sky User Member
      Exchange:
      Broadband ISP: Other ISP
      Router: Non Sky Router
      Sky TV: Freesat
      Join Date
      Sep 2007
      Posts
      1,789
      Thanks
      0
      Thanked 2 Times in 2 Posts
      Blog Entries
      3

      Re: crc errors

      Quote Originally Posted by TSx View Post
      James, nice to see that you're famous
      I haven't been this chuffed since I got mentioned on the front page of the local newspaper.


    2. Advertisement
    3. #52
      RupertTHEbare's Avatar
      RupertTHEbare is offline Sky User Member
      Exchange: WSLES
      Broadband ISP: FAST
      Router: Non Sky Router
      Sky TV:
      Join Date
      Jan 2008
      Location
      Scotland
      Posts
      92
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Re: crc errors

      Quote Originally Posted by James67 View Post
      I haven't been this chuffed since I got mentioned on the front page of the local newspaper.
      As well you might for doing the 'right thing' Sir James. Hmmm, that sounds good. Maybe there's even a knighthood in it for you down the line.

      What is perhaps more worrying than either the arrogance of the Sky spokesperson or incompetence of the team that dreamed up the router's release configuration, is the whole issue about the security (sic) of WEP per se.

      With claims that a 64bit can be broken in minutes, I don't see why any router manufacturer/ISP wouldn't want to see, as standard, a "WPA-PSK [TKIP] + WPA2-PSK [AES]" key set up, say, with an automatic 64bit random key generator button right there on the interface.

      Of course that wouldn't make everyone use the security afforded, but it might make the few that do a little safer and certainly Sky wouldn't be open to the charge of crass ignorance and willful neglect of a duty of care, as they are now.

      RTB.

    4. #53
      James67's Avatar
      James67 is offline Sky User Member
      Exchange:
      Broadband ISP: Other ISP
      Router: Non Sky Router
      Sky TV: Freesat
      Join Date
      Sep 2007
      Posts
      1,789
      Thanks
      0
      Thanked 2 Times in 2 Posts
      Blog Entries
      3

      Re: crc errors

      Yeah, I was unimpressed with Sky's response.
      We pre-configure all our routers with security settings so that customers' bandwidth is protected from day one.
      The whole point is that it is not secure from day one. The only way to make the router less secure would be to disable networking altogether.

      I'm in a terrible bind here. It seems like the only way to get Sky to admit that there's a genuine issue would be to publish the details of the algorithm.

      If I publish, then it would expose anything up to a million Sky Broadband customers to the risk of being hacked, but it would hopefully be enough to force Sky to take appropriate action to secure their customers' wireless networks.

      If I don't publish, then I won't be directly responsible for exposing a million Sky Broadband customer to the risk of being hacked, but Sky will carry on saying that everything's just fine the way they are now, and if someone else works out how to crack the router (if they haven't already), those customers will be vulnerable to being hacked.

      The proper outcome of this is that Sky need to recognised the issue and respond to it in an appropriate way.

    5. #54
      James67's Avatar
      James67 is offline Sky User Member
      Exchange:
      Broadband ISP: Other ISP
      Router: Non Sky Router
      Sky TV: Freesat
      Join Date
      Sep 2007
      Posts
      1,789
      Thanks
      0
      Thanked 2 Times in 2 Posts
      Blog Entries
      3

      Re: crc errors

      After digging around the Sky website, I eventually found this, and I noticed that an entry in the Sky Broadband FAQ claiming that the router is secure has now been removed. Not exactly a comprehensive response really, and doesn't really match up well with theire comment saying "By default, our routers’ wireless security is “on” - which is not the standard practice from most Broadband providers. We do this because your Broadband security is very important to us."

    6. #55
      RupertTHEbare's Avatar
      RupertTHEbare is offline Sky User Member
      Exchange: WSLES
      Broadband ISP: FAST
      Router: Non Sky Router
      Sky TV:
      Join Date
      Jan 2008
      Location
      Scotland
      Posts
      92
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Re: crc errors

      Quote Originally Posted by James67 View Post
      If I publish, then it would expose anything up to a million Sky Broadband customers to the risk of being hacked
      Whether you publish or not, YOU will not be responsible for exposing users who are already exposed due to the actions, lack of action or ignorance of others.

      What you have to do now is follow (carefully and correctly), what must be in existence by now (a little research needed here), a methodology for informing any manufacturer, developer and the Internet community at large of a security defect or obvious exploit.

      It happens every day to Microsoft, so why not Sky?

      RTB.

    7. #56
      RupertTHEbare's Avatar
      RupertTHEbare is offline Sky User Member
      Exchange: WSLES
      Broadband ISP: FAST
      Router: Non Sky Router
      Sky TV:
      Join Date
      Jan 2008
      Location
      Scotland
      Posts
      92
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Re: crc errors

      Quote Originally Posted by James67 View Post
      "We do this because your Broadband security is very important to us."
      ROTFLMFSO.

    8. #57
      Undecided Adrian's Avatar
      Undecided Adrian is offline Sky User Member
      Exchange: Stevenage
      Broadband ISP: BT
      Router: Non Sky Router
      Sky TV: Sky+ HD
      Join Date
      May 2007
      Posts
      2,539
      Thanks
      1
      Thanked 23 Times in 21 Posts

      Re: Breaking the Terms and Conditions - Your Views Welcome

      contact news@newscientist.com as these guys will most likely to publish it, and if it does usually the papers and TV will follow suit as they all steal science based NewScientist stories.

    9. #58
      billbhellend's Avatar
      billbhellend is offline Sky User Member
      Exchange:
      Broadband ISP: Not on Sky
      Router:
      Sky TV:
      Join Date
      Nov 2007
      Posts
      50
      Thanks
      0
      Thanked 0 Times in 0 Posts

      Re: Breaking the Terms and Conditions - Your Views Welcome

      good work you could get at least a 7 figure salary for exposing that lol



    10. #59
      NewsreadeR's Avatar
      NewsreadeR is offline Site Founder
      Exchange: Marshalls Cross
      Broadband ISP: Sky Broadband Unlimited
      Router: Sagem F@ST 2504n
      Sky TV: Sky+HD box
      Join Date
      Aug 2006
      Location
      St Helens
      Posts
      22,211
      Thanks
      108
      Thanked 373 Times in 304 Posts
      Blog Entries
      48

      Re: Breaking the Terms and Conditions - Your Views Welcome

      This has also now hit TBB, although they have given no credit to anyone bar The Register.

      Sky Broadband goes further than many broadband providers and hardware suppliers in supplying its Sky Broadband wireless router, a Netgear DG834GT, with wireless security switched on by default. This means the wireless network is secure out of the box, but it appears according to an article on The Register that if you can obtain the MAC address (a number which identifies individual pieces of networking hardware, and is nothing to do with broadband migrations in this case) the default security key can be worked out and someone could potentially use the connection.
      thinkbroadband :: Sky wireless routers - users advised to set new wireless key




      ~ Never, ever, argue with an idiot. They'll drag you down to their level and beat you with experience ~

      Follow us on Twitter @skyuser

    11. #60
      NewsreadeR's Avatar
      NewsreadeR is offline Site Founder
      Exchange: Marshalls Cross
      Broadband ISP: Sky Broadband Unlimited
      Router: Sagem F@ST 2504n
      Sky TV: Sky+HD box
      Join Date
      Aug 2006
      Location
      St Helens
      Posts
      22,211
      Thanks
      108
      Thanked 373 Times in 304 Posts
      Blog Entries
      48

      Re: Breaking the Terms and Conditions - Your Views Welcome

      In response to this flaw (or not) I just hope that it does not jeopardise the FW for those who have been waiting.

      Morally, I think it is right that people should know that there is a risk, however likely it is or not.

      I have voiced my views to others regarding this and it has been suggested that we are in fact promoting (as a website) putting users at risk.

      The simple fact of the matter is the flaw (or not) should have been patched and if it means Sky no longer talk to us or as suggested, "not done ourselves any favours" then I am afraid its a case of "So be it"

      If Sky were going to get involved or were indeed testing the waters with us as a website, I feel 18 months is more than enough time for either party to build up trust. We are quite clearly here for our members and Sky's customers if they need help and have no other objectives apart from expand our arsenal of tools and utilities, as well as content.

      I would still recommend James, that you do not offer the ALGO for download to Joe Bloggs and Co. Maybe offer your findings to a security firm for them to validate / refute your claims. Putting it for download imho is the wrong thing to do.




      ~ Never, ever, argue with an idiot. They'll drag you down to their level and beat you with experience ~

      Follow us on Twitter @skyuser

     

     
    Page 6 of 7 FirstFirst ... 4567 LastLast

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2017. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION