Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

A pair of articles in TheRegister.com demonstrates that security vulnerabilities are practically anywhere you bother to look these days. Today, an article, strangely entitled “Hotel hacking could pump smut into every room”, discusses vulnerabilities that the security firm SecureTest found in the way a hotel had implemented Cisco’s Long-Reach Ethernet Technology. This is the technology that some hotels use to provide pay-per-view and high-speed Internet access. SecureTest found that there were no passwords on the television set-top boxes, so they could connect to them with telnet (on TCP port 5001) and change what the television was watching – moving it to a porn channel, for example. The hotel also failed to lock down its network, so the firm was able to break into an internal FTP server and, from there, compromise the database of TV usage.

In another article, “Infrared exploits open the door to hotel hacking”, Adam Laurie, technical director at secure hosting outfit The Bunker, showed that there is precious little security in the typical hotel infra-red communication system. Once again, this can be used to take over a television in a hotel room and access free content. Well, that’s not a big deal. But you can also change the IP address and frame somebody in another room.

Both of these stories illustrate two important points. First, the perimeter is dead — if you have a network, there is a real chance that attackers will be on it, trying to compromise other machines on your network. No sense in trying to hide behind a firewall.

But, second, and perhaps more importantly, these stories show that when computer systems are designed and deployed, they invariably have security holes. Some of the holes are fundamental. Some of them are deployment-specific. And most customers aren’t aware of the holes and, largely, don’t think that they matter–until they get hit.

0 comments about this story. Start the discussion »

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me