= Сообщение: 741 из 7442 ============================================== IPV6 = От : Michiel van der Vlist 2:280/5555 18 May 14 14:47:05 Кому : Markus Reschke 18 May 14 14:47:05 Тема : Comcast & IPv6 FGHI : area://IPV6?msgid=2:280/5555+5378afb5 На : area://IPV6?msgid=2:240/1661+536a9257 = Кодировка сообщения определена как: CP850 ================================== Ответ: area://IPV6?msgid=2:240/1661+536a9258 ============================================================================== Hello Markus,
On Sunday May 18 2014 13:07, you wrote to me:
MvdV>> That is good news, but of course it will only affect a small MvdV>> minoritty. Most users are perfectly happy with their MvdV>> preconfigured CPE.
MR> Recently there was an security problem with AVM's Fritzbox routers
I heard about that. But since I do not have a Fritz!box in use, I did not read about all the details.
MR> The security issue is that someone could retrieve passwords remotely. MR> That was used to reconfigure the VoIP part and allowed third parties MR> to make telephone calls via the hacked Fritzbox for free, i.e. paid by MR> the Fritzbox's user.
Yes, so I heard.
Of course these problems are not limited to Fritz!box. Didn't Sisco routers have security problems also recently?
MR> AVM fixed the problem and released new firmwares, but the enforced MR> routers got their updates a few days later because of the modified MR> firmware versions.
MR> If you own the router, you'll have to pay those calls. We got a law MR> about liability for bad products but it doesn't include pecuniary MR> losses. And you know those EULAs.
Here in The Netherlands EULAs do not go above the law.
MR> And what about the users with an enforced router which is owned by the MR> provider?
I think it is pretty clear: you can not be held responsible for what you do not control.
MR> At first the providers told the involved customers that they (the MR> customers) have to pay.
That would not fly here. The customer had no way to prevent that others made those call. If the provider owns the router and controls it, the provider is responsible. In turn he can try to claim compensation from the manufacturer, but the customer is not responsible.
MR> When the security issue went public in the main media and customers MR> complained about the enforced routers the providers backed down.
As they always do...
MR> It was one of those famous "without any prejudice" back downs to avoid MR> a leading decision by a court. So we still don't know if the provider MR> is reliable for any damages caused by his enforced router.
Here there is a procedure to geta case to court anyway. "een proefproces uitlokken". It is usually done by consumer organisations or other to setlle matters like these.
MR> There's a similar problem with the cloudification of SOHO routers. Who MR> will pay the bill if the vendor's cloud is hacked and therefore your MR> router too?
Unchartered territory for the lawyers.
Is there any indications we will see more of these issues with the coming of IPv6?