[email protected] wrote:
Many thanks to those who replied to my original enquiry.
I asked around on the business of the modem's being snooped.
Nobody seems quite sure. The general consensus of opinion was that, as the
modem used the broadband in the manner of a mobile phone, it *couldn't* be
snooped. And if it couldn't be snooped, there was no need of encryption.
I'm new to this thread.
A core concept of security is limiting trust. By assuming encryption
by the link you are adding the ISP, router manufacturer, switch manufacturer,
link provider, base station manufacturer, card manufacturer and card firmware
programmers to the things you need to trust. That unnecessary expansion of
trust is poor security practice.
You should also look at things from the telco's point of view. Warrantless
interception is illegal. Although the telco will take some measures to
protect you from the criminality of others, they are not going to go to
massive lengths to do so.
In your particular case, you've not considered the entire problem.
Sure the link from card to basestation has some crypto (it's in the
telco's interest, as they don't want people contesting their bills).
But the often-microwave link from the basestation to the exchange?
That strikes me as the point where your data can most likely be
collected off the air (even if that link is encrypted, that link
will have the worst key management, probably unchanged from the day
it was installed).
--
Glen Turner <http://www.gdt.id.au/~gdt/>
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
