Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Re: TiVo Network Security

Re: TiVo Network Security

From: S . f . Stover <attica_at_stackheap.org>
Date: Sat, 3 Jan 2004 17:32:57 -0500

On 03 Jan 04 12:32:20PM Randal L. Schwartz[merlyn_at_stonehenge.com] wrote:
: If you're using this only for program guide fetching or remote
: programming (no peer-to-peer HMO), you can probably get away with
: simply punching a hole to talk to the tivo central on a specific port
: from your box. You can enable WEP to prevent casual sniffing: the
: TiVo understands WEP with a single fixed 40 or 128 bit key.

Another thing to keep in mind is that if you are good about rotating your WEP
keys, you'll be much more secure against casual sniffers. Maybe run airsnort
(or equivalent) at home and when it cracks the key, drop in another one.

Unless there's a different way of cracking WEP than duplicate/weak IVs, this
should put you in reasonable shape. 

-- 
aka Dolph Longhorn                      GPG Key ID: 0xF8F859D0
http://pgp.mit.edu:11371/pks/lookup?search=0xF8F859D0&op=index
"There is no such thing as right and wrong, there's just popular opinion."
-Jeffrey Goines

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  • application/pgp-signature attachment: stored
Received on Jan 04 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos