Feeds

Security hole found in Click TV Web site

Passwords, email addresses -- the lot

  • alert
  • submit to reddit

The essential guide to IT transformation

A security hole in Click TV's Web site will allow access to individuals' email addresses and passwords through a simple routine which a five year old could crack. We will not reveal here how the system works but have independently verified that it is possible to obtain email addresses and passwords using a simple sequence of commands that take only a minute or so. The information was supplied by a reader who says that TV Data is one of the largest television listings firms in the US, used by many third party newspapers and magazines. The reader said: "Now, I realize that there is little appeal in harvesting accounts from a television listings site (of all things). Unless, of course, sucking user name + password + e-mail address combinations out of their boxes by the thousands would appeal to certain individuals." He said the hole first appeared four-five months ago, after a redesign of the site. He added: "The problem with this hole is that a simple script could be written, allowing thousands of user name + password + e-mail address combinations to be sucked up; a true gold mine for spammers, and a potential security risk for users. "After all, many folks foolishly use the same password for everything in the world they need one for. If "Jane Doe" used "okeeffee" as his dial-up ISP account password, a "hacker" would need only find one of Fallsearth.com's dial-in numbers for instant internet access. But I'm sure this is wildly obvious." After experimenting for several minutes, we were able to reproduce our reader's experiences. If someone from Click TV cares to email us over the weekend, we will point to the hole and demonstrate how it works so the company can fix it. A statement on Click TV's site says: "Logins and cookies are used to identify return users and maintain preferences and settings such as your channel lineup. TVData does use general demographic information such as ZIP code, age and gender for the purpose of defining our overall clickTV user profile to advertisers." ®

5 things you didn’t know about cloud backup

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Banking apps: Handy, can grab all your money... and RIDDLED with coding flaws
Yep, that one place you'd hoped you wouldn't find 'em
TROLL SLAYER Google grabs $1.3 MEEELLION in patent counter-suit
Chocolate Factory hits back at firm for suing customers
Primetime precrime? Minority Report TV series 'being developed'
I have to know. I have to find out what happened to my life
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.