From: SDN <sdn@divcom.slimy.com>
Date: Thu, 15 Oct 1998 04:16:21 +0800
To: cypherpunks@cyberpass.net
Subject: Re: FYI: More on WebTV security
In-Reply-To: <v03102802b24934307011@[204.1.1.65]>
Message-ID: <19981014124309.A2210@divcom.slimy.com>
MIME-Version: 1.0
Content-Type: text/plain



On Wed, Oct 14, 1998 at 03:23:45AM -0700, Bill Stewart wrote:
> At 06:32 PM 10/13/98 -0700, SDN wrote:
> 
> >More relevant to the list, the threat model for the WebTV service/box is
> >primarily concerned about loss of user data, forgotten passwords, and
> >unsecured data over the public internet.  It's not worried about privacy
> >from WebTV insiders.
> >As a result, all user data is stored on the service, traffic to and from the
> >box is encrypted, and data isn't hidden from the customer care people.
> 
> If it's not secure against insiders, then it's not only not secure against cops,

I'd say it's definitely not secure against law enforcement.  That's probably
the primary reason why the boxes got export approval with 128-bit crypto.
It's just so much easier to ask the service operators what a user has been
up to, check the logs, and go...

That's why I said that the threat model wasn't something a cypherpunk would
be happy with.  There just isn't any protection against an attacker who
looks legitimite to Microsoft.

> it's also not secure against crackers, unless Microsoft hsa let the
> WebTV folks do a very good job of security.

This is less clear.  The service predates the buyout, and it hasn't (yet)
migrated to NT.  The people who run and maintain it are very competent
(at least the ones I know personally), but anyone can make mistakes,
espescially under the pressures of a startup environment.

Jon Leonard

Again, the above are my opinions.  WebTV's opinions may be entirely different.