1998-10-14 - Re: FYI: More on WebTV security

Header Data

From: SDN <sdn@divcom.slimy.com>
To: cypherpunks@cyberpass.net
Message Hash: a3724ba2bb5d9ab693b435016ba2a4e18d969cad8e42149fc15b3976540258cd
Message ID: <19981013183214.A26717@divcom.slimy.com>
Reply To: <v04011722b24904a8f519@[139.167.130.246]>
UTC Datetime: 1998-10-14 02:00:11 UTC
Raw Date: Wed, 14 Oct 1998 10:00:11 +0800

Raw message

From: SDN <sdn@divcom.slimy.com>
Date: Wed, 14 Oct 1998 10:00:11 +0800
To: cypherpunks@cyberpass.net
Subject: Re: FYI: More on WebTV security
In-Reply-To: <v04011722b24904a8f519@[139.167.130.246]>
Message-ID: <19981013183214.A26717@divcom.slimy.com>
MIME-Version: 1.0
Content-Type: text/plain



On Tue, Oct 13, 1998 at 11:58:37AM -0500, Steve Bryan wrote:
> Has anyone hacked WebTV to enable a terminal to connect to a plain vanilla
> ISP (or better yet a local ethernet) or is it inexorably tied to their
> network of proxy servers? I get the impression that like a Newton or any
> other graphically limited device a WebTV browser would have to be aided by
> a proxy server that translates the content to more amenable form before it
> can take a crack at it. If it were possible to divorce it from their
> service it might be a nifty device for less than $100. This would become
> especially appealing if 128 bit crypto were thrown into the bargain.

The WebTV units are in fact tied to the WebTV service.  You can use another
ISP to reach the service, though, at a reduced cost.  (Search for OpenISP
at webtv.net.)  Retrofitting ethernet onto a box isn't practical.

The proxy servers do transform data, but I don't think the software in the
box requires it.  My understanding was that the transformations were just
for faster downloads, and did things like rescale images.  It doesn't matter
much, because there isn't a way to avoid using them.

More relevant to the list, the threat model for the WebTV service/box is
primarily concerned about loss of user data, forgotten passwords, and
unsecured data over the public internet.  It's not worried about privacy
from WebTV insiders.

As a result, all user data is stored on the service, traffic to and from the
box is encrypted, and data isn't hidden from the customer care people.

If that doesn't fit what you want out of it (and it doesn't seem very
close to a consensus cypherpunks threat model), don't get one.  I think
it's the best attempt at an easy-to-use network computer on the market,
but I don't use one myself.  It's not what I want.

Jon Leonard

The above opinions are mine and not WebTV's.





Thread