lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040103190443.GA27332@blossom.cjclark.org>
From: cristjc at comcast.net (Crist J. Clark)
Subject: TiVo Network Security

Having received a TiVo Series2 as an Xmas gift, I'm still figuring out
the best way to get this thing set up in the home entertainment
system. To download program schedules, configuration information,
advertisements, and upload your viewing habits, TiVo requires some
sort of network connection. The most common and easiest way to do this
is just a POTS line. However, my TiVo is not convienently placed near
a phone jack. The Series2 has USB jacks for plugging in an Ethernet
adapter. Wired Ethernet presents the same problem, so WiFi seems like
a good choice, but...

I am concerned about the security of wireless. Since WEP is broken, I
use IPsec or PPTP between all wireless clients and the AP. Without
some really heavy cracking and hacking, my TiVo isn't going to be able
to do this. It will be "naked" on the WLAN or at best, under WEP.

I have not found much information about the network security of
factory installations of TiVo (this one is not "customized" in any
way, yet). What sort of risks am I running if this thing is on the
WLAN? Are there any listening services someone could break into? (I'd
just nmap it, but I'd like to know some of these answers before I
bother getting a USB WiFi unit.) What protocols are used for upload
and download? If they are not well known (FTP, HTTP, HTTPS, etc.) or
are proprietary, anyone know how easy passive eavesdropping or active
insertion or modification attacks may be?

Thanks.
-- 
Crist J. Clark                     |     cjclark@...m.mit.edu
                                   |     cjclark@....edu
http://people.freebsd.org/~cjc/    |     cjc@...ebsd.org


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ