Feeds

Security hole found in Click TV Web site

Passwords, email addresses -- the lot

  • alert
  • submit to reddit

Internet Security Threat Report 2014

A security hole in Click TV's Web site will allow access to individuals' email addresses and passwords through a simple routine which a five year old could crack. We will not reveal here how the system works but have independently verified that it is possible to obtain email addresses and passwords using a simple sequence of commands that take only a minute or so. The information was supplied by a reader who says that TV Data is one of the largest television listings firms in the US, used by many third party newspapers and magazines. The reader said: "Now, I realize that there is little appeal in harvesting accounts from a television listings site (of all things). Unless, of course, sucking user name + password + e-mail address combinations out of their boxes by the thousands would appeal to certain individuals." He said the hole first appeared four-five months ago, after a redesign of the site. He added: "The problem with this hole is that a simple script could be written, allowing thousands of user name + password + e-mail address combinations to be sucked up; a true gold mine for spammers, and a potential security risk for users. "After all, many folks foolishly use the same password for everything in the world they need one for. If "Jane Doe" used "okeeffee" as his dial-up ISP account password, a "hacker" would need only find one of Fallsearth.com's dial-in numbers for instant internet access. But I'm sure this is wildly obvious." After experimenting for several minutes, we were able to reproduce our reader's experiences. If someone from Click TV cares to email us over the weekend, we will point to the hole and demonstrate how it works so the company can fix it. A statement on Click TV's site says: "Logins and cookies are used to identify return users and maintain preferences and settings such as your channel lineup. TVData does use general demographic information such as ZIP code, age and gender for the purpose of defining our overall clickTV user profile to advertisers." ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
Microsoft EU warns: If you have ties to the US, Feds can get your data
European corps can't afford to get complacent while American Big Biz battles Uncle Sam
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.