Vulnerabilities: Look and You Shall Find
A pair of articles in TheRegister.com demonstrates that security vulnerabilities are practically anywhere you bother to look these days. Today, an article, strangely entitled “Hotel hacking could pump smut into every room”, discusses vulnerabilities that the security firm SecureTest found in the way a hotel had implemented Cisco’s Long-Reach Ethernet Technology. This is the technology that some hotels use to provide pay-per-view and high-speed Internet access. SecureTest found that there were no passwords on the television set-top boxes, so they could connect to them with telnet (on TCP port 5001) and change what the television was watching – moving it to a porn channel, for example. The hotel also failed to lock down its network, so the firm was able to break into an internal FTP server and, from there, compromise the database of TV usage.
In another article, “Infrared exploits open the door to hotel hacking”, Adam Laurie, technical director at secure hosting outfit The Bunker, showed that there is precious little security in the typical hotel infra-red communication system. Once again, this can be used to take over a television in a hotel room and access free content. Well, that’s not a big deal. But you can also change the IP address and frame somebody in another room.
Both of these stories illustrate two important points. First, the perimeter is dead — if you have a network, there is a real chance that attackers will be on it, trying to compromise other machines on your network. No sense in trying to hide behind a firewall.
But, second, and perhaps more importantly, these stories show that when computer systems are designed and deployed, they invariably have security holes. Some of the holes are fundamental. Some of them are deployment-specific. And most customers aren’t aware of the holes and, largely, don’t think that they matter–until they get hit.
Keep Reading
Most Popular

These materials were meant to revolutionize the solar industry. Why hasn’t it happened?
Perovskites are promising, but real-world conditions have held them back.

Why China is still obsessed with disinfecting everything
Most public health bodies dealing with covid have long since moved on from the idea of surface transmission. China’s didn’t—and that helps it control the narrative about the disease’s origins and danger.

Anti-aging drugs are being tested as a way to treat covid
Drugs that rejuvenate our immune systems and make us biologically younger could help protect us from the disease’s worst effects.

A quick guide to the most important AI law you’ve never heard of
The European Union is planning new legislation aimed at curbing the worst harms associated with artificial intelligence.
Stay connected

Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.