Cable-Modem Security Worries1997-10-31 16:19 by Brian McWilliams
by Brian McWilliams, PC World News Radio
Yesterday we reported on security holes in @Home Network's cable-modem Internet access. It was discovered that some @Home customers have their Windows 95 settings configured in a way that gives other users of the service full read, write, and delete access to their hard drives and other resources.
Well, today, we learned that @Home users are not the only ones vulnerable to this problem. Steve Ringley, a subscriber to Time Warner's Road Runner service in Columbus, Ohio, told NewsRadio that soon after he signed up last month, he got a little visit from a hacker.
"Some guy came along and left a text file in my startup group over one weekend..." said Ringley.
Ringley says Road Runner was of little help in tracking how the hacker got to his computer. But on his own, Ringley determined that Windows 95 was to blame, having automatically bound his network card to both Microsoft Networking and TCP/IP when the card was installed. Unbinding networking closed the security hole.
While @Home Network says its installers ensure that Windows security is configured properly on subscriber's PCs, Ringley says Road Runner's technician didn't seem to have a clue.
"I specifically asked the guy if there was anything that I needed do to my machine to make it secure from this and he said no there wasn't. It was virtually impossible; somebody would have to know what your dynamic IP was and it changes once every hour ... and he said there was nothing I needed to do," said Ringley.
Besides having Windows configured properly, the type of cable modem used also appears to play a factor in security. Some will pass only TCP/IP data, while others are designed to use several protocols, which makes it more difficult to properly configure Windows 95's networking security. So if you subscribe to a cable-based Net access service, or if you're considering it, be sure to ask your service provider about the proper settings for your installation.