lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: meme-boi at nothotmail.org (meme-boi)
Subject: TiVo , msn TV & Big Brother

<snip>
SAN JOSE, California (AP) -- TiVo, the leading maker of digital television
recorders, is offering advertisers and broadcasters information on the
commercials and shows its users are watching.
TiVo executives said this week they will gather viewing information only
in aggregate, such as by ZIP code, rather than individually. The habits of
individual users will remain anonymous.
http://www.cnn.com/2003/TECH/ptech/06/04/tivo.patterns.ap/index.html

</end snip>



I say shame on them! For one, after selling a product to a consumer the
device should be his and not be used to further fatten the pockets of
immoral pirates such at these.
So , after letting my anger die down a bit , I decided to go do a little
reading to see if I could poke a hole the  preposterous claim that the all
mighty TiVo could protect its users sensitive data.

Let's take a look. After visiting the TiVo developer site , I learned a
few things , the most immediately useful being the fact that it sent IGMP
v2 Multicast Membership reports , which are pretty simple to sort out on
your average cable network segment.
I started with:

tcpdump -i eth0 -e -v | grep igmp > tv.txt

After about an hour I went through the file looking for something besides
the routers from my ISP and , while I didn't find any TiVo subscribers on
my wire , I did find several:
12:48:19.004264 0:30:c1:ad:91:97 1:0:5e:0:1:3c ip 60: *.*.*.*
TVE-ANNOUNCE.MCAST.NET: igmp v2report TVE-ANNOUNCE.MCAST.NET [ttl 1] (id
3884, len 28)
packets from a subscriber on my segment leaving for:

TVE-ANNOUNCE.MCAST.NET


google turns up:

tcp, udp tve-announce TVE Announce corp.webtv.net

which happens to be owned by msnTV

------------------------------------------------
Theoretical attack on packet video subscribers
that are targeted for ILLEGAL marketing studies

-----------------------------------------------

Step 1: Grep network segment for subscribers
        using above method.

Step 2: Set up snort to watch all multicast
        traffic coming from subscribers found
        using step 1.

Step 3: Write a filter to watch all non multicast
        traffic and determine the time intervals
        non "membership report" packets are leaving
        the devices.

Step 4: Set up a cron job based on a snort rule set to
        poison the ARP cache of the subscriber , snag
        a copy of the information and forward to prov-
        ider like nothing has happened ( man in the middle).



Now , we might not be talking about state secrets, and this
may sound like another useless rant , but imagine if you will
TIA's initiative to force isp's to sniff data for them , and
a massive theft of supposed marketing data by a government
agency.


Also , I should mention that it isn't a flaw in the actual
multicast providers I am attacking , but TiVo's ridiculous
claim that they can "protect the information of individuals"
over networks they have NO CONTROL OVER.

sleep well

-meme boi

<snip>
A video-on-demand broadcast will typically connect thousands of users to
the same video source using multicasting techniques. Therefore, packet
networks must accommodate both many-to-many and one-to-many models.
http://www.atmforum.com/aboutatm/video.html#categories

</end snip>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ