Simson Garfinkel

A View from Simson Garfinkel

Vulnerabilities: Look and You Shall Find

A pair of articles in TheRegister.com demonstrates that security vulnerabilities are practically anywhere you bother to look these days. Today, an article, strangely entitled “Hotel hacking could pump smut into every room”, discusses vulnerabilities that the security firm SecureTest found…

  • August 23, 2005

A pair of articles in TheRegister.com demonstrates that security vulnerabilities are practically anywhere you bother to look these days. Today, an article, strangely entitled “Hotel hacking could pump smut into every room”, discusses vulnerabilities that the security firm SecureTest found in the way a hotel had implemented Cisco’s Long-Reach Ethernet Technology. This is the technology that some hotels use to provide pay-per-view and high-speed Internet access. SecureTest found that there were no passwords on the television set-top boxes, so they could connect to them with telnet (on TCP port 5001) and change what the television was watching – moving it to a porn channel, for example. The hotel also failed to lock down its network, so the firm was able to break into an internal FTP server and, from there, compromise the database of TV usage.

In another article, “Infrared exploits open the door to hotel hacking”, Adam Laurie, technical director at secure hosting outfit The Bunker, showed that there is precious little security in the typical hotel infra-red communication system. Once again, this can be used to take over a television in a hotel room and access free content. Well, that’s not a big deal. But you can also change the IP address and frame somebody in another room.

Both of these stories illustrate two important points. First, the perimeter is dead — if you have a network, there is a real chance that attackers will be on it, trying to compromise other machines on your network. No sense in trying to hide behind a firewall.

But, second, and perhaps more importantly, these stories show that when computer systems are designed and deployed, they invariably have security holes. Some of the holes are fundamental. Some of them are deployment-specific. And most customers aren’t aware of the holes and, largely, don’t think that they matter–until they get hit.

Want to go ad free? No ad blockers needed.

Become an Insider
Already an Insider? Log in.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

Want more award-winning journalism? Subscribe to Insider Basic.
  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning magazine and daily delivery of The Download, our newsletter of what’s important in technology and innovation.

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.