Slashdot Mirror
Hacking Hotels 101
romka1 writes "Wired has an interesting interview with Adam Laurie, chief security officer of the London security and networking firm ALD. Laurie was able, using laptop, tv tuner and an infrared port to access premium content, billing information of all the rooms in the hotel, watch how other guests access their emails and access desktop of a backend computer clicking icons on the desktop and launching applications."
probably because most of the passwords were
"password"
"(name of hotel)"
etc.
Don't Tread on Me
unfortunately its often not worth
Why is it okay for "agencies" to go and find vulnerabilities in public networks, but as soon as a high school student finds a hole, tells someone, then no onw does anything, he has to exploit it to get noticed, then charged with some stupid "hacker crime"?
"I cannot think of any need in childhood as strong as the need for a father's protection." -- Sigmund Freud
I do that, and I go to jail for 5 years. He does it and he's on Slashdot!
Well where else can you put a comment about comments being blocked?
Anyone explain why the # DVD's ripped poll has been locked?
Anyway,
-H.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
He did it for free porn!!
And I got on their "pay-for-use" wireless network by simple MAC spoofing...
Glad I didn't use the TV email function!
I go out and shoot criminals and everybody gets all pissed off about it, but when the cops do it they're like "good job, dude, here's a medal or something."
Fuck that.
In the grand tradition of shooting the messenger, I guess he'll be in Guantanamo/Belmarsh before we can blink. Maybe they'll bother charging him and giving him a trial in 10 years or so...
To be brutally honest, High School kids have no credibility and are easier to push-around and use as scape-goats. When an agency tells you your network is insecure, it's the companies fault for not being secure enough. When a kid does it, the network was secure, but this 'genius hacker' happen to break it. It works wonders with the media. Good damage control.
Nobody's gay for Mole-Man.
What the hell is premium content? I hear marketroids use it all the time now. According to dictionar.com premium means, among other things " Something offered free or at a reduced price as an inducement to buy something else.". What's the problem if someone gets "premium" content for free then?
It was for beer.
This is a classic case of "security through obscurity". The hotels (or rather, their vendors) are relying on the fact that nobody knows how their system works to keep it secure. They just broadcast everything and figure, "Hey, you need one of our special remotes to do anything, so we're safe".
I think it is important to blame the vendors as well as the hotels. Two days ago I got a sales presentation of a document management system called "DocStar". The sales weasel kept going on and on about security, repeating himself with how it has security "at the level of individual pixels". But whenever I tried to pin him down about how that system is actually secure, he had nothing. As near as I can tell, their whole pitch is "It's secure because we say it is". Right. I'm supposed to take his word for it, when vendors demonstrate over and over, with cases like this, that their security usually amounts to "We hope nobody will ever try to break in".
Gag.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Quick get an AXE!
Extracted from a REAL dictionary.
Main Entry: 1 premium
Pronunciation: 'prE-mE-&m
Function: noun
Etymology: Latin praemium booty, profit, reward, from prae- + emere to take, buy -- more at REDEEM
1 a : a reward or recompense for a particular act b : a sum over and above a regular price paid chiefly as an inducement or incentive c : a sum in advance of or in addition to the nominal value of something [bonds callable at a premium of six percent] d : something given free or at a reduced price with the purchase of a product or service
2 : the consideration paid for a contract of insurance
3 : a high value or a value in excess of that normally or usually expected [put a premium on accuracy]
I was in a hotel a few months ago, plugged into the free ethernet (for which I was very thankful), checking my e-mail, editing my documents on a remote server, chatting on IRC and browsing work sites (all over SSH, TLS, and SSL). My work consists amongst other things of testing Web browsers, and at one point I had to determine why one browser was not handling some HTTP headers correctly, so I fired up tcpdump to check exactly what headers were going over the wire.
..." and so on, with full credit card numbers, addresses, names, room numbers, lengths of stays, the works.
What I saw scared the heck out of me. SQL queries from the hotel reservation system, including things like the results of "SELECT * FROM RESERVATIONS" and "INSERT INTO ROOMS
Not only was it all unencrypted, but they were broadcasting all that information to every ethernet port in every room. You can just imagine the potential for identity theft and burgalary networks ("he'll be gone til tuesday!"). And I wouldn't be surprised if you could actually just send out your own SQL queries if you wanted to ("I'll be staying for another week, honest!").
I've not looked at the TVs in every hotel I've ever stayed at, but when I have the cable going to the TV was locked and you couldn't unscrew it if you wanted to.
;)
Still, this makes me want to pick up a USB tv tuner for next time I travel.
"Additionally, he could use hidden codes that transmitted from the remote-control device to the TV through infrared to control functions in the system...Laurie automated the process by using a program he wrote that analyzed and mapped all the possible codes in 35 minutes to see which ones were relevant for the system he was trying to crack. Laurie doesn't plan to release the program."
Booooo, release the code!
If you wanna get rich, you know that payback is a bitch
If you are talking about hacking, then you must be talking about a Chinese hotel. Most hackers originate from China, which includes Taiwan province and Hong Kong.
I'm sure I could get you're going to jail on Slashdot.........twice! (rimshot)
Maybe /. staff doesn't want us to be talking about DVD ripping with softwares?
/. staff posted a comment why no comments are allowed.
It would had been nice if
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Are these the more expensive and higher class hotels or the cheaper ones? I did not see any hotel names mentioned in the article.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Plugging the TV into the tuner, which is the size of a laptop power pack, and the tuner into his laptop, Laurie is able to use his laptop to pick up content through hotel TVs that the backend system is broadcasting but not currently displaying on the TV. Wouldn't he plug the cable, not the TV, into the tuner? Or maybe he split the cable. It would surprise me to find out that hotel TVs have some form of signal out. For what reason?
Well then, you didn't read it closely enough because he metions Holiday In..
This is because in the interests of usability, these systems do not use WEP. In the case of the university, their security consists of not honoring DHCP requests if the system doesn't know your MAC, and hiding the ESSID. Again, no WEP. I have sat in conferences and watched people checking their email. (That's also good for, how shall we say, 'social intelligence.')
The bottom line is, and always will be, that people need to pay attention to how the technology they use works. If they don't know, then it is to a certain extent their own problem.
To combat this, all my wireless systems, including the ones I use at home, use a VPN to connect to my home router, and then the traffic goes out from there. The VPN uses a cryptographic key for authentication, not a password, and all traffic except for DHCP requests go over it. The best someone can really accomplish at the network level is to bump me off the network, at which point the VPN falls over too, and no data is compromised. The system at home also uses WEP, and requires that all machines connecting over wireless use a VPN to get routed from the router to, well, anywhere, even the LAN.
"But what about after the data leaves your cable modem at home?" That's a valid concern. So any data that I'm really concerned about is encrypted going out of there too. The catch is that, of course, I can't do that all the time, and it could still give someone a lot of intelligence by monitoring the traffic. At that point, though, I have a legitimate beef with the cable company, just as users who plug their computer into a hotel ethernet port (not wireless) have a beef with the hotel if someone in the adjacent room sniffs their traffic.
The sad reality is that most people have absolutely no data security at all. Often times, they give themselves the illusion of security by doing something like using some snake-oil crypto product on their Windows machine, which is still clearly open to a number of software-based attacks. And, of course, if you compromise the hardware, nothing is going to save your ass.
Sitting at home, I see six wireless networks. One of them is mine. Four of them don't have any indication of whose they are, so they get a bit of security through obscurity in terms of someone trying to attack them directly. Nevertheless, three of the four are insecure, and the fourth uses only WEP. Of those three unsecured networks, they're broadcasting all sorts of crap in the clear, and two of the three are ridden with spyware and viruses to the point that I can tell remotely using only passive means.
The last guy got interesting. He removed the confusion about whose network was whose, at least with regard to his, by putting his last name in the SSID. The network is wide open.
When he figures out how to tap into the video feed from the hidden room cams, wake me up.
This is very easy to do. Cracking 802.11 broadcasting networks is really easy. There are websites that explain step by step how to do it. There is a coffee shop in Seattle on 15th Ave where I live that is always hoping. Mostly laptops, it looks like a friggin office. BUT friends found a flaw in the security and sniff out everything. We actually had a party in which they read emails (very private) they had transfered right off people's hard drives. Some even scoured webmail accounts after getting usernames. Some people have the most obvious password! More security is needed!!
According to dictionar.com premium means, among other things " Something offered free or at a reduced price as an inducement to buy something else.". What's the problem if someone gets "premium" content for free then?
Perhaps the problem is the premium content was not being offered for free in this case? But was available at a "reduced price", which the individual did not pay?
Once thing nice about cell phones is you don't have to worry about the premium phone service in those premium hotels that costs an arm and a leg just to make a local call, chances are the mobile is cheaper
Every hotel I've been at (including "premium" ones) have free local calls.
However, the fact I am staying at this hotel means I am far from home, making all my cell phone calls roaming calls, and calls to anywhere local (relative to the hotel) long-distance (as far as the cell phone company is concerned) on top of that.
Holiday Inn
I can't believe the article summary didn't mention the free pr0n!
My first day of work in a hotel, I see a guest come in with a VCR tucked in under his arm. I ask him if he's planning on watching some movies. He says no, he's planning on recording some. He tells me all he has to do is plug in his VCR, tune around until he finds someone watching a movie, then hit record.
Over the years, I've learned a lot more. Basically, the world of hotel entertainment is run by two companies, LodgeNet and OnCommand. Both use almost identical technology. The way it basically works if hotels buy commercial television sets that have a port on the back to control the tuner. An RF interface plugs into this port and allows signals to be sent over the coaxial cable to a server and receive signals from the server.
Let me explain how it works. The hotel puts all the regular television (called free-to-guest in the lingo) on a certain range of channels. The commercial set is then programmed to only allow tuning from the remote in that range. If the guest tried to go higher than say 30, it wraps back to say 2. Entering number from the remote higher than the range won't work either.
Now the remote has some special buttons. Let's say a guest hits the main menu button. The IR receiver on the commercial TV passes the signal to the RF unit, which sends it over the coax to the server. The server starts up up a video stream and outputs it through a video card to a modulator. The server tells the commercial TV "tune to channel 43". Since the guest can't normally tune to this channel, they only way he sees it is when the server tells his TV to tune there. The guest can now interact with the server and only he sees what he is doing because he's the only one the server lets turn to channel 43.
For hotel info, movies, this is how the guest gets the content. If it's a web browser session, it's the same thing only using essentially a terminal server session.
Now, the problem is there's only about a handful of commercial TV sets made. It's not terribly difficult to obtain or borrow a master remote from someone. You can copy the button commands into your PDA or universal remote, then next time you are at a hotel with that brand of television, just tune around until you find something interesting to watch. Or, bring your own tuner like the guy with the VCR or the article talks about.
Some ways hotels are dealing with this is locking off the connection so you can't just plug in a tuner. You can cut the cable, but I wouldn't recommend it if you don't want to be charged for the repair. But the master remotes are still out there and still universally known.
Smaller or older hotels that have regular televisions use a little IR dongle to control the television instead of card that plugs in the back, but it's the same principle.
I've always wondered why warez groups don't pick up on this as a way to get first-run movies. The hospitality window is about two months after a movie hits theaters (just after home pay-per-view but before DVD). The source is either DVD or digitial files downloaded directly to the server, so the quality should be excellent. Just bring an firewire capture card with your laptop and you can release "screener" quality with virtually no risk.
Not that I would ever do something like that of course...just saying...
- JoeShmoe
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
Maybe, just maybe, they thought of using this method of security. Honestly, I consider most of us fairly bright and all, but who would "stumble upon this accidentially?"
?!!? This is scary to say the least. Not only is the signal of what you are doing is being sent to every TV in the hotel, but a porrly sheilded/broken cable anywhere in the system could potentialy leak the signal into the air. I'm willing to bet that all of these channels are using standard cable frequencies (most which fall in
the broadcast TV UHF range, albiet with different frequencies), which can be picked up with a cheap $15 B&W portable TV with a slide tuner.
Are they really too cheap to just use a regular network and WEB-TV-like units in the rooms?
You insensitive clods, the parent post is a family guy reference, NOT A TROLL.
Giggity.
I really had no interest in watching people read their email or check out, but it was entertaining to see which pay-per-view porn movies were the most popular among my fellow travellers.
At the moment, we have a pretty crumby system - a d-link router - yes I know why this is bad, but we're changing that (we knew about this to begin with)
My question to the slashdot crowd is, what can you think of that we can do to stop a guest from running their own DHCP server? (screwing the network)
I was happy to find an ethernet port in my room at a hotel I was staying at some time ago, I plugged in my laptop and got all setup via DHCP. I checked my mail, checked slashdot, etc.. got bored, decided to play with nmap...
I found some laptop (I assume) with IIS running on it, and some ugly website for a home siding and windowing company on it, I read it, wasn't interested.. But still, it seems that some people don't realize they're entering a fairly high speed and insecure network when plugging into most hotel setups.
Always bring a pair of long nose pliers, the real long ones with the flat ends.
Those can easily get the nut off of the so called "protected" cable ends.
Watch out! If they have something that detects the loss of the 75 ohm connection, meaning it figures out you have disconnected the TV, you are going to get a visit.
In most cases if you do it fast enough they may just think it's a glitch, but the idea is to prevent the theft of the TV, I don't think they care about the programming so you could say the picture sucked or something, as long as they see the TV is still there.
On the wireless net access stuff, the hotel I stayed at just gave out verbally a code when you asked for access then you entered that into a web page, I asked the guy and he told me everyone gets the same code which is changed weekly. The page asks for your name and makes you agree, the front clerk said no one checks the names later on so it wouldn't be a problem to enter a fake name and keep your privacy from "those damn spammers".
In most cases if you do it fast enough they may just think it's a glitch, but the idea is to prevent the theft of the TV, I don't think they care about the programming so you could say the picture sucked or something, as long as they see the TV is still there.
If asked just say "i'm hooking in a camcorder, i'm on vacation and i'm making a home movie". Works perfectly well for me when i'm on vacation and making a home movie.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
Nearly spit my drink all over my monitor at that one...
This is a classic case of "security through obscurity". The hotels (or rather, their vendors) are relying on the fact that nobody knows how their system works to keep it secure. They just broadcast everything and figure, "Hey, you need one of our special remotes to do anything, so we're safe".
I think, generally speaking... no one gives enough of a shit to even bother hacking a hotel broadcast network. And the minority that do... the very small minority are for the most part paying upwards of $50/night just to be there, generally not worth it to hang out and commit an act of theft of service. Investing something resembling a secure system would be a hell of alot more costly than just a slew of comercial TVs that can be remote controled from a central location and tuned to some high VHF frequency if you click the little buy a movie button. The system is good enough for it's application.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
Does lodgenet still do games? I know there have been SNES and N64 units, don't know about anything newer. And didn't they have multiplayer between rooms or something? How did that all work? Of course, the games were insanely expensive, like $4 a hour or something.
I was talking to a hotel electritican about this. He says that some remote controls have buttons built into them so you can get admin access. All you have to do is take off the plastic cover and the buttons are there. Just hidden from view from normal people.
A few other helpful tips: You can use any old generic cable tv converter box to watch. I would recommend the Scientific Atlanta 8511 or similar. Its the size of a small clock radio and works with almost all universal remotes.
Also seach ebay for 'coax removal tool' if you need to get around those pesky security sleeves.
One interesting tidbit about my 8511 converter box. At first it did not work with any remote control. I took it apart and found a small jumper wire running from the input pin of the IR decoder to ground. Effectively disabling the IR remote control of the box. Upon removing the jumper, the remote worked fine. And it looked like a factory job too, so apparently some bastard cable co's ordered their boxes intentionally crippled.
dude, i hacked several hotels in neuromancer already!
insecurity asks the wrong question irritation gives the wrong answer
Sometimes, just sometimes, I wish some would keep there big mouths shut!
IT contractor types have been getting free drink and pr0n this way for years and years.
I've lost count of the number of hotels whose Amiga OS cable TV system has crashed requiring a reboot...
threadeds blog
Always bring a pair of long nose pliers, the real long ones with the flat ends.
Actually, it's easier if you just use a small allen key or two and spin the protective cable guard. Also easier to travel (fly) with.
I'm willing to bet that all of these channels are using standard cable frequencies (most which fall in
the broadcast TV UHF range, albiet with different frequencies), which can be picked up with a cheap $15 B&W portable TV with a slide tuner.
Are they really too cheap to just use a regular network and WEB-TV-like units in the rooms?
Hmmm... those cable channels fall into the high VHF range. There are some channels used between 6 and 7 , but I can't remember off the top of my head. I.e. cable channel 14 is the same distance from TV 13 is from TV 12, but UHF 14 IIRC VHF 13 is 210-216Mhz CATV is 14(sic) 216-222Mhz (also used in marine radio) and UHF 14 is 470-476Mhz... I stand corrected... channel 13 + 6mhz = catv 23 there and about. My memory is fuzzy as those first generation digital dial but manual analog tuners allowed you to access a slew stuff before cable ready TVs were popular. You do have CATV channels 95-99 91.25-119.775mhz smack dab between channels 6 and 7.. which just so happen to be used by FM radio, which would explain why sometimes you could get the playboy channel on your radio.
But that's not the point, or rather the whole frequency spectrium being totally screwy isn't the point. Why I bothered with that whole paragraph when you were talking about those cheep slide tuner TVs that can access all sorts of weird stuff is beyond me.
The point is this... Yes, they really are too cheap. Wouldn't you be? Why go with any sort of encryption on a system which for the most part is protected by physical security... lock and key. Got a key, your spending money. If you spend more money to watch a movie, hotel makes a buck, the provide makes bucks, everyone is happy. Cable feed, monitors broadcast via radio waves from a centralized location in a room without windows deep in employee only zone. If some jack ass steals a TV... well they lost a $800 TV. If some jackass steals a 22 inch network termianl... well they just lost something worth a few grand. Not to speak of support issues, damage, power surges.
While *i'd* prefer the webTv experence, point and click movies without issues of analog signal degrading by the rats in the walls... I respect the fact that traditional TV from a centeralized broadcast location is really the way to go. Hell even for a net terminal i'd still go with a dumb monitor with keyboard relay.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
you can pull the card out of the back of the tv on lodgenet systems...move the jump 1 pin over and auto program the tv and watch whatever anyone else is watching...including internet
Yep, ever since the days of printing ASCII porn on teletypes!
One line blog. I hear that they're called Twitters now.
I can verify this. I was at a hotel a couple years ago with the LodgeNet system and like JoeShmoe explained, all the TVs were programmed to show only a certain range of channels and the remote would not let you go any higher. However, one of the TVs in my room could be reprogrammed from the TV itself by using an auto discover feature which would cycle through channels 0-99 and add all the active ones. It added a bunch of new channels where you could see movies other people had ordered, people playing SNES games, and people using the tv based store.
You can find it here.
....most 'hospitality networks' can be crack in 6 seconds. Anything less, and you suck. Seriously.
-- I care not for your foolish signatures.
I have a *friend* who travels a lot who has been doing this with the TVs for years.
Although most hotels lock the F-connector on the outside of the wall jack, remove the two screws for the wall jack and you can access the F-connector on the inside. I don't know if the systems are checking for missing TVs yet, but as a precaution a decent splitter should be used so the TV doesn't go missing when you connect your laptop. Someday they will wise-up and check. Then an engineer will not on your door to see if there is a problem with your TV.
Everything comes back from the headend via a TV channel. The system just allocates the channels as they are needed. The problem with this is you can only have about 80 people using the premium content at one time (because some channels are used for the regular content). Of course I here there are rarely more than 10-15 using the system simultaneously. If you scan the TV channels at 4am, you probably won't find much activity.
This leads me to the other point which is overlooked in the article. Yes, you can see porn and PPV movies but only if somebody ordered it. If it hasn't been ordered, then it won't be shown. Now for porn, stumbling across the active channel in the middle of the movie isn't too bad. But if it's a PPV movie that you haven't seen, you just have to get lucky. Obviously the larger the hotel and the more guests, the better your chances of finding what you want.
Of course, I only use my equipment and software to make legitimate backups of the DVDs I have purchased. That said, I use the following:
Hardware: NEC 3520A dual-layer burner. It has all kinds of great firmware hacks available that make it region free, enable bit-setting (allows your DVD+R media to self-identify as DVD-ROM so it plays on more DVD players), and disables Rip-Lock so you can copy the data off more quickly (rip-lock limits it to about 2 x speed when copying a DVD-ROM)
Software:
DVDShrink - it allows you to shrink a dual-layer disk (about 9GB) to a single-layer (4.5GB) with compression. It also allows you to replace video pieces with still-images. This can reduce the amount of compression - for example, my Usual Suspsects has a Widescreen and Fullscreen version. I replaced the fullscreen version with a still-image and I didn't have to compress the widescreen at all to fit a single-layer disk. It also removes PUO (prohibted user options - you know, the "you can't do that with this disk"), and removes region coding. That way, you can watch the DVDs you bought on your trip to Europe (though you still have to reconvert PAL to NTSC).
DVD Decrypter - this program is more robust than DVD Shrink, and provides many more options for manipulating your drive and the output. When DVD Shrink can't handle something, I use DVD Decryptor to copy the disk to my harddrive, then use DVDShrink to make it fit on a single layer disk.
Note that even if your drive is region free, windows will keep track of your changes on its own. If it's region free, it will assing a default region and let you change it once. This is in the registry and is independent of the drive's settings itself. I accidentally let my drive get set to region-2. Even after flashing the original firmware back on it, I could not get it off region-2. Only after deleting all references in the registry to the drive (while the drive was removed), was I able to get windows to return to region-1.
Oh! And make sure windows is set to use DMA if your drive and motherboard can handle it.
I was very sad that it took more than 30 minutes to burn a DVD. Once I finally found out that I should be using DMA and that I wasn't, I fixed it. Now it burns in less than 6 minutes. I also found my CD burner burns much faster with DMA enabled.
"R2D2, you should know better than to trust a strange computer." Really. You should know better.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Let me explain how it works.
No!
Only older/poorer/dumber hotels should be using these systems nowadays.
I contract for a company that delivers content on demand via CATV and COAX (ip over coax). We still have an old school system like he mentions, but, even that can detect when he has been playing with the tv and then send someone from the hotel up to bust his balls.
I would like to see him get free pr0n from my companies installations. The content is sent encrypted to the tv and it is decrypted via a RISC chip on the actual TV (unique keys for every movie). Note: This is IP traffic, not an analogue signal.
I guess this guy can't afford to go to the decent hotels. The more he opens his mouth, the more people will go for my companies solutions.
> I've always wondered why warez groups don't pick up on this as a way to get first-run movies. The hospitality window is about two months after a movie hits theaters
I think you answered yourself there, good warez groups tend to release stuff before it even gets to theatres, not two months after.
Your firewire-capture method would create telesync rip, there's risk of going out of sync and possible glitches in video or sound caused by disturbances in other rooms nearby(old electric razors, hairdryers etc).
For early releases, scene groups use high-quality telecine machines to capture the source from cinema reels, creating better quality telecine rips.
They also use the original 5.1 soundtrack, so the sound is what you'd hear in theatres.
There are no atheists when recovering from tape backup.
Comment removed based on user account deletion
"Password? What's that, man? ... You mean, like, a secret word you can use to confuse the snoopers? Like, way cool, dude. I'll have to check that out!"
Yes, Virginia, there really are some dum'ns in the world.
"Is this Winkhorst a nova criminal?" "No just a technical sergeant wanted for interrogation."
...you rugrats can't buy liquor, guns, gamble, rent a car or get into a titty bar.
You've got the life experience and wisdom of a child, because you are one. I know it sucks when people tell you that, but it's true, and you won't realize it's true until you're in your 30s.
when I start reading TFA and run across something like this:
Laurie is known as Major Malfunction in the hacker community. He also revealed how infrared used for garage door openers and car-door locks could be hacked, using simple brute force programming techniques to decipher the code that opens the doors. [emphasis mine]
Now, I'm not a remote entry expert, by any stretch, but I've never even heard of infrared keyless entry or garage door transmitters. Always RF.
When the article commits such a glaring error in the opening paragraphs, I'm sorry, I just can't trust anything I read further on.
The cure for cancer is coming: Reovirus
LodgeNet made a real stupid deal with both Philips and Nintendo (at the time I don't remember somehow the two companies were connected) to offer games using their technology. Philips made the hardware, Nintendo licensed their N64 technology. That deal has locked LodgeNet into N64 for the last decade or so. OnCommand made a similar "me too!" mistake locking them into PS1.
I think the N64 deal finally expires this year, and I fully expect LodgeNet to make the same mistake and sign up for GameCube for the next ten years. Then again, Microsoft might figure out that the hospitality market would be a great place to push it's "media center" technology and maybe one of the two companies will get XBox360 (not XBox, since Microsoft seems historically opposed to letting customers get by with old technology... no doubt the contract will require hotels to upgrade to XBox3 in a few years).
It basically works the same way the terminal sessions do. There's an N64 device on a rack in the back connected to a modulator. The controller signals go through the RF box on the back of the set to the server that sends them to the N64 and the video output comes back on a particular channel the server tells your TV to receive. I've never heard of multiplayer between rooms but in theory the server would just have to send the signal to the controller port 1 for room A and port 2 for room B. But I've never seen that.
- JoeShmoe
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
If you mean TS telesync, that's defined as "camera pointed at a movie screen but with an audio feed". TS typically look distorted unless the guy with the camera is dead center and can have heads and other things visible (or stupidly just hidden behind huge "letterbox" bars...who are they kidding).
IF you mean TC telecine, that's defines as a recording from the film, either using a telecine (some kind of rear-projection thing that you can put a camcorder in front of to get a consistant image) or using the video output on a projector if it has one. Usually excellent quality, I've seen some rivaling DVD quality. But overall one of the rarest forms of release.
A screener is defined as a VHS copy of the film, usually with warnings, that is captured with an analog capture card. This is the closest match to what I'm describing. The advantage to capturing from hotels is no warning messages. A DVDScreener is of course a DVD and therefore ripped for maximum quality, usually with non-removable warnings.
I don't know what year you are from, but given the industry crackdown on screeners, I think it's virtually unheard of for groups to be getting movies BEFORE it gets to theaters. It's like extremely big news to hear someone get a movie even a day before it comes out.
In fact, the supply of screeners (combined with people actually getting busted for supplying them) is so sparse, that people basically limp along with TS release for four or five months until a DVDRip finally (and consistantly) comes out a month before the commercial DVD is released.
Not to mention, screeners are tracked and coded and probably have all sorts of hidden marks that for responsible groups means they need to get access to a second copy so they can make sure their source doesn't get burned because it was missing a key two seconds from someone else's copy. For VOD, every hotel has their own copy, so it would be extremely unlikely that someone could pin down which guest copied it (especially since with someone else actually ordering the movie, you are just grabbing the signal).
- JoeShmoe
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
It sure beats sipping maragaritas and hanging around the pool with all the girls in bikinis.
"I suspect [it is] security in the sense that 'no one can modify this document (even a "single pixel") without it being detected.'"
I assumed right from the get-go that they calculate a hash of the scanned document image to validate integrity and authenticity. The thing that concerns me is, what protects those hashes? Are they just stored on the same disk (or RAID) that the scanned document images themselves are? If so, what keeps the hashes from being modified along with the original cleartext? Is there anything keeping the "bad guys" from modifing the image, generating an updated hash, and storing that to disk? The salesweasel didn't understand my questions, which didn't surprise me. He was at least honest enough to admit that, which was nice. A lot of salesweasels will just keep shoveling bullshit without regards to how far in over their heads they are. But he didn't know of any way he could actually justify the security claims, other then to point me at the DocStar website. I had already been there, and it is extremely shallow in terms of actual product information. So, again, we end up back at, "It's secure because we say so."
There are countermeasures one can put in place against such modification of signatures, but I have seen no evidence (at this point in time) that DocStar actually uses any of them. It could just be more of the same vendor bull, where the only defense is the assumption that nobody will look too closely.
It's rare that one finds actual, technical security details in product information. We just have to take their word for it, when time and time again, vendors demonstrate that their word isn't so good.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
"generally not worth it to hang out and commit an act of theft of service."
If that's all it is, I'd tend to agree with you. But I've seen descriptions of seeing what other people's terminals (TVs) are doing, including billing information and supposedly "private" Internet sessions. The idea of skimming credit card info or private business dealings off of this isn't inconceivable. As a potential guest at a hotel, I'm a lot more worried then I would be about the hotel ownership's potential loss of profit.
"The system is good enough for it's application."
There is nothing wrong with that attitude in and of itself. The problem is that things almost always get extended beyond their initial application. Cleartext TELNET is good enough for it's original application -- carrying terminal sessions between a handful of computers operated by a group of people who all know each other. TELNET becomes insecure when used on the modern Internet, where your packets might go anywhere, to anyone.
The same worry applies here. If the original application was handling payment processing for dirty movies, sure, this is prolly good enough. But when you add on Internet access, room service control, billing and payment, and $DEITY knows what else, suddenly the picture (pardon the pun) isn't so rosy.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
I happen to work remote server support for one of the providers in question here and there are a few points that are being overlooked.
im not sure about the "other" companies, but at least in our setup we use a dedicated linux box complete with snort and a massive iptable ruleset to prevent most stuff.
not to mention that every switch is fully vlanned. as for the internet part, it is very secure.
as for the information available over our system.
that is very limited. our "database" consists of a room number, terminal address, and checkin state. we are interfaced with the property management system which does hold a lot of customer info, but our company does nothing with the billing. The only time a customer name would come across is if the guest was checking out from the tv and whatever the property management system sends to us is displayed on the screen. In all cases, this consists of no more than their room number, name, and list of charges.
of course if you break the security key off the tv or wall tap you can view anything on the system. it is a coaxial analog distribution system so if you have a tuner you're in. the terminals in or outside of the tvs communicate with the server and are responsible for letting the tv tune to certain frequencies. bypassing this is what will allow people to view the "premium" channels. our terminals do quite a bit more communication than one would imagine so it is very easy to tell when a terminal has been bypassed.
i think it is funny that he acts like they he has found some new and innovative way to hack a hotel system when all they are really doing is breaking the security sleeve and plugging in.
This is not about cracking 802.11. It's about using a TV tuner and IR in hotels. It has nothing to do with 802.11!
RTFA (or even the goddamn write up...).