JoeTech.com


### Contact | About Joe Tech | Advertise | Get Reviewed | Disclosure | Tools
Search:

I’m in Your DTV, Changin Your Channels

Posted in Computers,video,web by Joe Tech on the August 31st, 2008

Once in a while, you just stumble into somewhere you’re not supposed to be… and there’s no security to keep you out. This is one of those times.

dvm-150EI was trying to ssh to a client’s server and was unable. I decided to try the IP address I was given in a web browser and was surprised to find myself staring at the configuration page for a TV station’s DTV Decoder/Receiver. These days, I try to stay out of computers I’m not supposed to have access to, but I just has to poke around a little.

netvxThe first thing I did was look around the surrounding IP addresses to find out what else was lying around, unguarded. I don’t want anyone getting tempted, so I’m only giving you the tail end of each IP. Below is a list of what I found with just a little snooping:

.3 APC Management console
.4 APC Management console secured by htaccess (“Switched Rack PDU”)
.9 DTV-150E
.10 DTV-150E
.11 DTV-150E
.12 DTV-150E
.13 DTV-150E
.14 DTV-150E
.15 DTV-150E
.20 NetVX Control Interface (htaccess)
.23 Unknown and protected by htaccess

As you can see, we’ve got a number of video decoders, a NetVX (which looks like a lot of fun if I could get into it), a couple APC Management Consoles, and something hidden properly behind htaccess. One of the APC consoles was busy, but when I returned later, I was able to confirm that they were both protected properly by htaccess. It’s just too bad they don’t have everything protected.

dtv_settings

There’s a few ways to protect stuff on the web that is only meant for certain eyes. One of the most popular is with a .htaccess file. Essentially, you just throw this file in the directory you would like to protect, put a few lines in the file, and create a password file. Another, more involved, method is to allow only certain IP addresses to access port 80 (the traditional web port). Sometimes, people even skate by, utilizing “security by obscurity”, or just hiding their information in a directory and hoping nobody finds it. None of these methods were used here. Perhaps these are just test hardware, but if they’re not, they are wide open for anyone with a malicious streak.

If you put anything sensitive online, protect it with some form of secure access method. When you do, make sure you use a secure password. Never access anything sensitive from a public computer or on a public network. Above all, don’t leave an array of servers wide open.

Related posts:

  1. Twitter Locks Everyone Out for Updates
  2. You’re being watched
  3. How To Crack PDF Passwords In Your Sleep
  4. How to Crack the Account Password on Any Operating System
  5. 5 Easy Ways To End MySpace Spam
If you liked this Joe Tech article, subscribe to the RSS feed for daily updates.

Submit this story to:

1 Comment
Post comment as
twitter logo facebook logo
Sort: Newest | Oldest
viciourribect

i am gonna show this to my friend, bro

share
  • spam
  • offensive
  • disagree
  • off topic
 Like

Sponsor

Friends and Sponsors

Top Commenters

Events

Check back soon

Sponsors

Dedicated server hosting by Codero

FREE SSL

  • Advertise Here
 
Popular Posts
 • How to Crack the Account Password on Any Operating System
 • How To Send An Anonymous Text Or MMS Message
 • How To Replace A Dell Inspiron Laptop Heat Sink And Fan Assembly
 
More Popular Posts
 • 5 Geeky Ways to Say “I Love You” on Valentine’s Day
 • My Sony Vaio VGN-SZ430N Hard Drive Crashed and How I Fixed It
 • Swiss Mini Gun is Tiny, Lethal, and Expensive
 
© 2006 - 2012

Joe Colburn