| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: cristjc at comcast.net (Crist J. Clark)
Subject: TiVo Network Security
Having received a TiVo Series2 as an Xmas gift, I'm still figuring out
the best way to get this thing set up in the home entertainment
system. To download program schedules, configuration information,
advertisements, and upload your viewing habits, TiVo requires some
sort of network connection. The most common and easiest way to do this
is just a POTS line. However, my TiVo is not convienently placed near
a phone jack. The Series2 has USB jacks for plugging in an Ethernet
adapter. Wired Ethernet presents the same problem, so WiFi seems like
a good choice, but...
I am concerned about the security of wireless. Since WEP is broken, I
use IPsec or PPTP between all wireless clients and the AP. Without
some really heavy cracking and hacking, my TiVo isn't going to be able
to do this. It will be "naked" on the WLAN or at best, under WEP.
I have not found much information about the network security of
factory installations of TiVo (this one is not "customized" in any
way, yet). What sort of risks am I running if this thing is on the
WLAN? Are there any listening services someone could break into? (I'd
just nmap it, but I'd like to know some of these answers before I
bother getting a USB WiFi unit.) What protocols are used for upload
and download? If they are not well known (FTP, HTTP, HTTPS, etc.) or
are proprietary, anyone know how easy passive eavesdropping or active
insertion or modification attacks may be?
Thanks.
--
Crist J. Clark | cjclark@...m.mit.edu
| cjclark@....edu
http://people.freebsd.org/~cjc/ | cjc@...ebsd.org
Powered by blists - more mailing lists