Skip to Content
Uncategorized

Vulnerabilities: Look and You Shall Find

A pair of articles in TheRegister.com demonstrates that security vulnerabilities are practically anywhere you bother to look these days. Today, an article, strangely entitled “Hotel hacking could pump smut into every room”, discusses vulnerabilities that the security firm SecureTest found…

A pair of articles in TheRegister.com demonstrates that security vulnerabilities are practically anywhere you bother to look these days. Today, an article, strangely entitled “Hotel hacking could pump smut into every room”, discusses vulnerabilities that the security firm SecureTest found in the way a hotel had implemented Cisco’s Long-Reach Ethernet Technology. This is the technology that some hotels use to provide pay-per-view and high-speed Internet access. SecureTest found that there were no passwords on the television set-top boxes, so they could connect to them with telnet (on TCP port 5001) and change what the television was watching – moving it to a porn channel, for example. The hotel also failed to lock down its network, so the firm was able to break into an internal FTP server and, from there, compromise the database of TV usage.

In another article, “Infrared exploits open the door to hotel hacking”, Adam Laurie, technical director at secure hosting outfit The Bunker, showed that there is precious little security in the typical hotel infra-red communication system. Once again, this can be used to take over a television in a hotel room and access free content. Well, that’s not a big deal. But you can also change the IP address and frame somebody in another room.

Both of these stories illustrate two important points. First, the perimeter is dead — if you have a network, there is a real chance that attackers will be on it, trying to compromise other machines on your network. No sense in trying to hide behind a firewall.

But, second, and perhaps more importantly, these stories show that when computer systems are designed and deployed, they invariably have security holes. Some of the holes are fundamental. Some of them are deployment-specific. And most customers aren’t aware of the holes and, largely, don’t think that they matter–until they get hit.

Keep Reading

Most Popular

Workers disinfect the street outside Shijiazhuang Railway Station
Workers disinfect the street outside Shijiazhuang Railway Station

Why China is still obsessed with disinfecting everything

Most public health bodies dealing with covid have long since moved on from the idea of surface transmission. China’s didn’t—and that helps it control the narrative about the disease’s origins and danger.

individual aging affects covid outcomes concept
individual aging affects covid outcomes concept

Anti-aging drugs are being tested as a way to treat covid

Drugs that rejuvenate our immune systems and make us biologically younger could help protect us from the disease’s worst effects.

Europe's AI Act concept
Europe's AI Act concept

A quick guide to the most important AI law you’ve never heard of

The European Union is planning new legislation aimed at curbing the worst harms associated with artificial intelligence.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.