|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] TiVo Network Security
From: S . f . Stover (attica
stackheap.org)
Date: Sat Jan 03 2004 - 16:32:57 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 03 Jan 04 12:32:20PM Randal L. Schwartz[merlynstonehenge.com] wrote:
: If you're using this only for program guide fetching or remote
: programming (no peer-to-peer HMO), you can probably get away with
: simply punching a hole to talk to the tivo central on a specific port
: from your box. You can enable WEP to prevent casual sniffing: the
: TiVo understands WEP with a single fixed 40 or 128 bit key.
Another thing to keep in mind is that if you are good about rotating your WEP
keys, you'll be much more secure against casual sniffers. Maybe run airsnort
(or equivalent) at home and when it cracks the key, drop in another one.
Unless there's a different way of cracking WEP than duplicate/weak IVs, this
should put you in reasonable shape.
--
aka Dolph Longhorn GPG Key ID: 0xF8F859D0
http://pgp.mit.edu:11371/pks/lookup?search=0xF8F859D0&op=index
"There is no such thing as right and wrong, there's just popular opinion."
-Jeffrey Goines
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE/90MYBJRbvfj4WdARAsAHAJsEsJEKBSn5TBsbXVMiGpa5A/3aRACfSU72
k9Lsz1YG/FxtvL/xMLF55Ng=
=yvbv
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]