WebTV Security Hole 117
Fillup writes "According to this article from Wired News, the ever-so-security-conscious Microsoft has overlooked yet another major privacy and security issue." Basically the bug allows sending of email from unknowing WebTV surfers. Amusing that they're using it to spam the abuse email address, but its a definite concern.
...and?? (Score:1)
Linux loses another battle in a long, hard war.
Re:An interesting quote: (Score:1)
Re: Who needs it. -- My Grandmother (Score:1)
Actually it is a huge security hole. Any method that allows someone else to impersonate another person is a major security risk. In a world where text based messaging (email or chat) are becoming valid forms of evidence, there is no room for methods to exist for easy impersonation.
The state of security in your office is much like it was in mine until a few months back we were "audited" and had to change our ways. Now about 90% of the people lock their workstations on a regular basis.
While this a security risk, at least it is technically confined within your company. The chance of your co-workers or someone just walking into the building and writing malicious email is only a fraction of the chance of it happening to someone with a WebTV address.
Also think about this. The government, media and the general public are really starting to go after people who do these types of things. (Even though they do it to make an example out of them). Let me send a fake email to the principal at Columbine High School using your Grandmothers WebTV address and let's see how fast the FBI is tearing down her front door.
Ugh... (Score:1)
DVD decoding done in most (maybe all reasonably priced) computer hardware decoder cards is better than software, but is still far away from what is availiable in today's home theater (HT) component DVD players. I know, I tried all three, and nothing has yet beat the convenience and quality I get from a HT dvd player.
Don't even get me started on sub $1000 computer TV out... Ewww. I'd rather just use VHS.
And, if by home theater system for computer you mean the "quality" Cambridge Sound System style 5 way cube speaker systems, well, you'll find it hard to get ANYONE into audio at all to say that they sound much better than a ghetto blaster. And again, don't even get me started on the stereo speaker/subwoofer combos on the market that are under $100 (or often even above). Uggggh.
I have all of these things. TV Out [Matrox MGA G200 card
I find I only use the DVD drive on the computer to watch movies when the others are using the real DVD player. It doesn't suck too horrible (it is better than VHS), but doesn't beat the real deal.
And the TV out isn't horrible again, but still sucks. Really...
And the speakers are good, as long as you don't expect > 90 dB from them.
Oh, my reference HT system is a Harman/Kardon AVR 45 Receiver, homebuilt speakers (approx. -3 dB @ 30 Hz, 250 W RMS, 90 or dB SPL [my guess]), Panasonic CinemaView (or is it theater view?) 51" rear proj. TV, and a Panasonic DVD-A120. You'd be hard pressed to find any computer setup under $4000 that beats that.
Oh, if you are thinking of buying one of those "good" computer speaker systems, may I suggest you pop some car speakers into some boxes (you can even get the boxes prefab), stick a tin can over the magnet for sheilding, and connect the speakers to a $20 pawn shop amplifier. Even that acoustically unsound combo will beat "computer speakers". And shouldn't cost any more (if you shop carefully for the speakers).
BTW: I didn't mentin WebTV at all, because you are right on that. The web belongs on computers, not on TVs.
Sorry for the rant, but it seems a lot of people think like this.
I wrote one of these... (Score:1)
Re:Who needs it. (Score:1)
| player, and a home theater system, you will
| find that a comparably equipped computer (with
| TV output) could be purchased for the
| same/nearly the same price, and it would be
| able to the same job and more than it's
| counterparts.
Not quite. The computer in the scenario basically does the job of the WebTV (internet access) and the DVD player. You still need the majority of the cost of the home theater (amps/preamp, speakers, large screen display) in your scenario, unless you're making the laughable suggestion that a PC with the typical "multimedia speakers" can replace even a low to middle end home theater.
Heck, do what I do - make your own living room internet terminal with a DEC Multia and a wireless keyboard/mouse...
Re:Ugh... (Score:1)
| decoder, and the WebTV unit.
Consider, though, that a dedicated DVD player can be had for the neighborhood of $200 these days. Also consider that the $400 internet rebate (should you choose to commit yourself to the asylum, er msn, for three years) is also now available for any purchase. See your local Circuit City - they're advertising it like crazy).
It's unlikely you'll be able to get a computer you'd want to plug into a home theater for less than the cost of a dedicated DVD plus a WebTV unit. There are many reasons to NOT use WebTV, but cost isn't one of them - especially by your comparisons.
Heck, if you want something REALLY cheap, you can pick up a Sega Saturn and a Netlink for next to nothing. Not that these are a particularly elegant way to surf the web, but
Interesting (Score:1)
It also said the code was made in September. That means that MS has known about it for at least 3 or 4 months. Not fixing it by now is unacceptable. MS should have simply released a fix and then announced the bug and the fact that a fix were available at the same time.
*sigh*
Re:Security holes... (Score:1)
Yes, for a couple of reasons:
1) Bugs in "Linux" (which this is not; it's a tool distributed with Linux, not the kernel itself) tend to get fixed more rapidly than bugs in Microsoft's products. I would point out that the security advisory in question [linuxtoday.com] tells you where to get the patched version of the utility; It takes you this long to find someone at Mircosoft to tell you have to wait a couple of weeks (or download a "service pack" or whatever). The article says that the hole was been known about since September. How long do you think the hole in usermode has been known about?
2) As a site that is more-or-less an open source/Linux advocacy site, I like that stories come along that give people who are trying to justify a jump to Linux (or FreeBSD or whatever) more ammunition. If you're looking for "more even-handed treatment" for Microsoft, you need to find another site. At the same time, I would like to see a "Security" section on Slashdot to collate security notifications and the like; it brings Slashdot more towards a one-stop shopping site...
Jay (=
Re:It's a WebTV problem, not an MS problem (Score:1)
Microsoft has owned WebTV for well over a year, so it seems likely that some of this work may have been done under their watch.
I'm not clear on something here, doesn't this amount to a form of user surveillance? I'm sure that the WebTV contract must have some provisions prohibiting hacking the system, but this seems to go much farther than that.
Re:solution (Score:1)
Re:DAMN TROLLS!!!! (Score:1)
very, very simple.
there's a site called segfault.org. these people all used to post to it because they thought they were funny. eventually the site got so overwhelmed by these people (harry@angryanddrunken.com) flooding the site with natalie portman, and basically ruining the site, that segfault simply shut all comments off in disgust. this made segfault.org readable, but also to some degree no longer worth reading, because there were some neat comments if you could ignore the background noise.
meanwhile the natalie portmaners simply switched to slashdot. God knows why these people do it.
you can't blame segfault for this. it isn't their fault at ALL; you can't have expected them to keep their site in comment mode just to have shit thrown all over it every day. but you also have to note that segfault was covered in nothing but natalie portman naked/petrified for a long time, and the time they shut off the comments at segfault was the time the natalie portman posts started appearing at slashdot.
Re:Everybody remain calm. (Score:1)
Modify the code to forward all the messages from a users mail folders to an account.
Stick the code in a web page.
Bam, any WebTV user visits your page, and you get all their e-mail.
Nasty.
---
An interesting quote: (Score:1)
The whole things started as a way to track users. Maybe this will wake people up to the importance of privacy.
Re:WebTV security fix: (Score:1)
Reminds me of a similar occurrence in a math course some years ago:
Professor: so this proves theorem (X). Now you may wonder whether statement (Y), the converse of theorem (X), is true. But statement (Y) is not true, as the following counter-example shows: (counter-example Z). On the other hand, the following modified version of statement (Y) is correct: (theorem T).
Me: excuse me, Sir, but counter-example Z also contradicts your proposed theorem T.
Professor appears confused, thinks for a while, and then changes the counter-example!
Re:Security holes... (Score:1)
Maybe your browser ate part of your message -- I think you mean "Gee, another Microsoft hole that they aren't fixing." The page to which you refer includes the fixes to the bug you mention, thank you very much. I personally don't dislike the bugginess of Microsoft's programs (as you point out, every piece of software has its bugs) so much as their indolent attitude toward getting bugs fixed.
hello? (Score:1)
Re:Who needs it. (Score:1)
There is also another hole.... (Score:1)
I used to work for a company that did some research on data casting over TV signals. I was in the process of writing a Linux multicast router to get away from MS's Broadcast router. In the process, I discovered that all but the last octet of the source machine's address that is doing the data casting is masked in the data casted multicast packets. Considering that the broadcast router didn't appear to have a way to authenticate who was opening tunnels to it, someone could connect to the broadcasting machine and start their own datacast.
Imagine....your grandmother is watching TV with her WebTV unit and up pops a picture of a woman having sex with some animal. Fun.
Re:Surprise? (Score:1)
Actually, this article shouldn't get any more comments than this one. Everybody already knows that open-source security models have the future,
Open souce blah blah blah have the future huh? That sounds more like your fantasy, since you can't predict the future. I mean, a year ago, you could of said that "rioting, looting, massive computer failures, and killer attack robots" have the future for the Y2K disaster. So far, I have not seen any killer attack robots in my neighborhood.
Re:solution (Score:1)
Re:Who needs it. (Score:1)
(i'm sorry, i'm not going to feed that directly with a sound card, it wouldn't feel right)
Re:DAMN TROLLS!!!! (Score:1)
its really not that hard to do
**not posting anonymously cause i'm not a karma wh0re
Re:It's a WebTV problem, not an MS problem (Score:1)
This bug shows the major flaw in the Microsoft way of doing business: If you simply run around buying other companies with other management and wide varieties of products, the benefits to the customer drop like a rock.
So should Microsoft just say, "What? A company that we own has a serious flaw that is endangering the privacy of its users? Not our fault..."
Wow! (Score:1)
Hmm, he's like Midas... Bill Gates can turn all kinds of products insecure just by touching them.
It seems that in future we will have insecure toilets, cars and houses. Oh yeah!
Re:It's a WebTV problem, not an MS problem (Score:1)
I disagree with the following quote "Sorry, but if Microsoft owns a "controlling interest" in WebTV, then it becomes their responsibility to the customers of the previously independent company to ensure quality of product and service. "
If you own say a controlling intrest (51% or more) in a yo-yo factory. And 1,000 yo-yo strings break when 1,000 people used them, would it be your fault. I say no. It is the responsibility of the one that runs, designs and operates the company. MS just owns stock in the company.
Re:WebTV security fix: (Score:1)
It's a WebTV problem, not an MS problem (Score:1)
Re:Open source set top boxes? .... (Score:1)
Also, who says Netscape has to be used?
Furthermore, recompiling the kernel is by no means necissary. It can be done, but that doesn't mean it's required.
I think a web enabled embedded Linux would need 8-16 MB, max.
-----
Re:Not a big surprise, but... (Score:1)
-----
Re:Even Funnier is... (Score:1)
Don't suppose that may have been why WebTv blocked Net4TV as a 'spammer' on Monday? Funny how the spam block got deleted 20 minutes after the lawyers got into it..
"We control the vertical. We control the horizontal....."
WebTV Security Hole? (Score:1)
This is making me crazy (Score:1)
Microsoft has done a very poor job of switching their mindset for the "security is less important" world of stand alone machines to the "security is vital" world of computer networks. A product like WebTV shouldn't be written by guys who clearly aren't ready for the networked world.
What we're seeing with the open source movement is not just an anti-Microsoft trend, it's a desire for quality products. Network ready applications haven't come out of Microsoft for years.
Then Bums took it over! (Score:1)
Oh my God, if Porn and Get Rich Quick spam was bad, what will happen when that dude with MD 20/20 starts up? They must have been running that Wino distro or something, sharp.
Can they fix it? (Score:1)
Surprise? (Score:1)
Actually, this article shouldn't get any more comments than this one. Everybody already knows that open-source security models have the future, so is there really a point in debating all this again?
Hot DAMN this is major! (Score:1)
More than ten eh? They better watch out...pretty soon it'll reach the "more than 15" mark...then they'll REALLY be in trouble!
funniest webtv bug/DoS (Score:1)
Re:Even Funnier is... (Score:1)
I'm under the impression that they weren't terribly afraid of this bug being exploited -- they just didn't want their *users* to find out about it.
Re:Even Funnier is... (Score:1)
So no recall, and they might even have it done sometime this century... a phrase which means a whole different thing now than it did five days ago.
Good... bad... I'm the one with the gun.
Re:Not a big surprise, but... (Score:1)
Gee, ever heard of a little thing called the Great Internet Worm? Ah, how quickly the young ones forget....
Especially considering there were at least two articles here on
But either way, the Internet Worm was definitely a non-PC, very real security issue--much more of an issue than a little spam and some faked e-mail.
Good... bad... I'm the one with the gun.
Re:It's a WebTV problem, not an MS problem (Score:1)
Responsibility for a matter of taste and responsibility for a security hole don't compare well in this context; the responsibilty for why VH1 sucks so much (yes, I agree, but then so does MTV suck, and just about as hard) is a non-issue. Sue WebTV or M$ about this security hole, and you might get somewhere, and have to delve into the question of which of the companies is responsible; sue MTV or VH1 because VH1 sucks and doesn't play good videos, and you'll just get laughed out of court and mocked on
Good... bad... I'm the one with the gun.
Well the thing is... (Score:1)
Re:Ugh... (Score:1)
Oh, my reference HT system is a Harman/Kardon AVR 45 Receiver, homebuilt speakers (approx. -3 dB @ 30 Hz, 250 W RMS, 90 or dB SPL [my guess]), Panasonic CinemaView (or is it theater view?) 51" rear proj. TV, and a Panasonic DVD-A120. You'd be hard pressed to find any computer setup under $4000 that beats that.
The 51" TV shouldn't be a factor. You pay for that with either system. The same goes for the speakers and any amplifiers that you add. The only uncommon parts are the DVD, the Dolby decoder, and the WebTV unit. If you factor in the use of your own DVD and decoder and subtract the cost of a DVD from the PC's price, you will find that you can get an internet ready PC (minus the monitor) for next to nothing (or maybe nothing) by taking advantage of one of those big internet rebates. Trust me. You can get the computer for less than the WebTV unit and that is the important part.
-----
Re:DAMN TROLLS!!!! (Score:1)
Re:Wow! (Score:1)
SMTP is crap anyway (Score:1)
But the impact seems pretty minimal. The "nightmare scenerio" mentioned in the article is that someone might send death threats that look real from someone elses email or whatever. With SMTP, you can already do that, since so mail mailer hosts don't use even the most basic authentication for MAIL FROM: headers. So, it seems like the end result of this bug is pretty tame.... Probably wouldn't even be mentioned here if Microsoft didn't own WebTV.
Re:Open source set top boxes? .... (Score:1)
Better get your heart pills ready.
bug or feature? (Score:1)
Huh. Doesn't this seem, well, *dumber* than usual? Haven't seen the code, but it sounds like this hole is not even a bug, but rather an intentional "feature", one that was designed exceptionally poorly...
Re:This is making me crazy (Score:1)
Oh, I'm sure that Microsoft could do a better job on some of their security models. But in this case it's a bit of a moot point, as MS did not design the WebTV, and also inherited most of its code when they bought the original designers, a company called WebTV.
There's a lot of crap out there (also open source based software: wanna see my Y2K fixlist?), and it's not just from Microsoft. From a Slashdot perspective, we'll be fine pretending otherwise, though. Wanna place a bet on when the first major Open Source security fuckup will happen?
well.... (Score:1)
Re:Ok, what's next? (Score:1)
Security holes... (Score:2)
Where's the report on this hole [linuxtoday.com] which actually affects most of the readers of this site? Are Microsoft bugs more important to Slashdot readers than bugs in Linux?
small world (Score:2)
Everybody remain calm. (Score:2)
This is the part that concerns me. It would be easy to catch someone who was using a malicious web page to spam. (find the source webtv address, ask them to check their history, sooner or later you'll find the offending page.) Finding someone who was using a malicious web page to read WebTV users' sent or saved mail folders might be a different story.
question. (Score:2)
How secure is this??
would it be possible for me to somehow, maybe because i have a router between the webtv user and the webtv server (this is totally hypothetical) (can webtv connect over LAN?) figure out exactly what kind of communication goes on between the user and server, then somehow spoof packets from the WebTV server towards random WebTV users such that the webtv believes it is downloading an update, but is instead downloading some malicious software..?
This is somethign i've always wondered about auto-upate, but i assume some kind of security happens in most auto-update programs because they are things like operating systems, virus update programs, etc., that would be very easy to reverse-engineer and therefore have a great need for that kind of security..
WebTV meanwhile has no such need for security and thus doesn't seem quite as likely to have the security there. Also the way people have talked about this has implied the downloads are initiated by the server, not the client, which if so is very odd, and a lot easier to fake. If the downloads are initiated by the client i don't know how you'd be able to do anything, again unless you had a router between the webtv and the webtv server.. and if you're that close to the webtv you can probably just go over and beat the crap out of it with a baseball bat anyway.
ok now i'm curious.
Re: Who needs it. -- My Grandmother (Score:2)
First of all, this isn't a major security hole. All it does is allow someone to send email as you. While that would cause you or me to totally flip out, that's not a big concern to most people and certainly not to those who use WebTV.
My office has 1,200 users each with Windows NT and Outlook. I can tell you that fewer than 20 of those lock their workstation or logout at lunch. Anyone can use their mail client to send nasty messages. Does anyone care? No.
Which brings me to my grandmother. She's 78 and very open minded. She, however, didn't get a VCR till 1996. She was not and is not a candidate for a computer.
My grandmother got a WebTV for Christmas of 1998. She uses it twice a day (morning and night) to exchange email with her children and grandchildren.
It used to be that she got pictures of the family three or four times a year. Now, if I take digital pictures of a weekend BBQ, I can send them to her and she can see how the great-grandkids are growing.
Some will argue that a PC could have been configured just as simply as the WebTV. Yeah, you may be right. But for under $400, she was on the web in under an hour. And when she needs support, she calls WebTV and not me.
You won't find all of that in a PC-based solution that my grandmother would be happy with.
InitZero
Open versus closed-source fixes (Score:2)
But that's pretty much par for the course. Remember when the Pentium F0 0F bug was discovered? Microsoft's advice: "Don't run executables you don't trust." Well, okay. Given the situation, that's about the only advice that they really could give. But it's worth noting that Linux and all of the BSD derivatives had released a workaround patch within 48 hours. It was the difference between "Don't do this" and "It doesn't matter if you do this."
This is one of the areas where open source wins big. You don't have to wait for a software provider to come up with some sort of a proprietary, black-box, binary "Service Pack" to fix a problem. When you get that pack, you don't have to worry about whether or not installing it is going to clash with something else and cause even worse problems. All you've got to do is download and apply the source patch, rebuild and voila
Anyway, it will be interesting to see what kind of fix they come up with for this.
Re:Even Funnier is... (Score:2)
Is a fix possible without a recall? I mean this is a WebTV we are talking about.. is it a problem in a rom?
Jeff
Not surprising, but... (Score:2)
"the code was originally written by a WebTV employee as a means of tracking people who visited the site"
Open source set top boxes? .... (Score:2)
IP everything - the new cold fusion (Score:2)
I really hope the wet dream of IP fantasy proves itself to not only be unfeasible but stupid. How much more lazy is the poplulace going to get if they need to call their VCR to record something instead of firing 10 neurons and remember before the leave to house to program the thing?
Does you cousing in Hobokon really need to know the temperature of your toaster oven?
If anything, a wired house, if one really wants one, should be connected to its own little computer and never connect to any WAN. Those that don't like this setup setting themselves up for a very nasty fall.
Re:Surprise? (Score:2)
Actually, not everybody knows. The people making the attempt to fix the cheating in quake have a closed source solution. Find it here [cjb.net]
Re:It's a WebTV problem, not an MS problem (Score:2)
My bad on the Viacom thing, I screwed that up, but at least the basic premise still stands.
If you win a lawsuit against WebTV, WebTV pays, not MS. Although MS owns WebTV, WebTV is still a seperate company. WebTV could go bankrupt, and that wouldn't mean MS is bankrupt.
People seem to confuse being owned by a company with merging with a company. If two companies merge, they become on company. There is no more them and us, only us. If a company "buys" another company, all that means is company A owns a controlling interest (usually 51% of the stock) in company B. They are still two seperate companies.
I've said it before and I'll say it again... (Score:2)
I (and Linus, appparently) view this as a dist problem rather than a Linux problem. You can tweak the kernel to make buffer overflows much harder, but Linus doesn't want to do that because there are uses for an executable buffer and it's the applications rather than the kernel that should be fixed.
A bigger issue (Score:2)
-----
No.. Just download a fix from the sat (Score:2)
so there should be no need for a recall.
sendmail (Score:3)
Wanna place a bet on when the first major Open Source security fuckup will happen?
Too late, sendmail's been the poster child for hideously insecure Open Source software for years. Granted, in maybe the past two, it's improved dramatically in that regard.
Re:Security holes... (Score:3)
But the hole you pointed out has major differences to this article.
o This article is about a bug that was originally a 'feature' designed to track users.
o MS has been aware of the exploit since September, and done nothing.
o There are many real exploits actually being used. This is not just a theoretical security risk.
o WebTV is marketed to people who don't understand computers at all, and probably don't even own one. There is no way for them to fix bugs. Since MS/WebTV has asked the customers to put complete faith in them, it is 100% MS/WebTV's responsibility for this fundamental design failure.
The security hole you linked to
o HAS ALREADY BEEN FIXED
o didn't affect all users
o had viable workarounds even if the code hadn't been fixed
o was the result of a bug, not a fundamental design failure. Bugs are unavoidable. Stupid things like intentionally extending certain standards to allow a web page to send e-mail 100% as if it were the user viewing the web page is just stupid and should never have made it past the Detailed Design Document.
This article does have a purpose, however. MS has ignored this serious privacy/security issue for MONTHS!! They've clearly demonstrated that they are sitting on their thumb about this, and therefore the only way to get them to move is some good old-fashioned bad publicity. I doubt we have many WebTV users reading Slashdot, but publicity also warns the WebTV users about the problem.
(I am NOT an advocate of "let's make M$ fix the problem by exploiting some poor SOB who happened to choose Windows for some reason")
Re:Even Funnier is... (Score:3)
WebTV DOS (Score:3)
Guess the Special Interest Group!
WebTV security fix: (Score:3)
Patient: Doctor, Doctor, it hurts when I do like this!
Doctor: Then don't do like that!
Now THAT's what I call an effective security fix. If you find a security hole, just tell your customers not to do anything that might take advantage of it! Piece of cake!
-=-=-=-=-
Who needs it. (Score:3)
-----
More info: (Score:4)
http://net4tv.com/voice/story.cfm?StoryID=1823 [net4tv.com]
A few tidbits:
First, it's a code which is interpreted by the box to send an e-mail to anywhere, automatically. It's intentional. Essentially, it's an e-mail reciept system that has WAY too much power.
Quote:
"The code, which is being embedded in posts in WebTV's alt.discuss newsgroups, emails and web pages, directs any WebTV box that loads the page to send an email message to an address set in the code. The code executes "in the background;" users who have sent the mail do not see any indication of mail being sent, and only find out about it if they receive a reply or look in their Sent Mail folders. "
Since WebTV treats everything as a web page (dumb) it runs this thing every time you look at the page.. Some of these e-mails use another code to keep people from forwarding the e-mail using the webtv box.
In other words, it's not a bug, it's a feature.. The feature from hell.
---
Thoughts on WebTV (Score:4)
This is not terribly surprising to me. WebTV is a very unusual ISP. There are a lot of behind-the-scenes tricks and features that take advantage of the fact that they control the hardware and software of their users. Some of them are very good. (For example, on each connect each box reports data on failed dialing attempts. By aggregating these, they have a really interesting picture of all the pops that their ISP partners are letting WebTV boxes into, including when busy signals occur, when outages occur (since the WebTV box gets in through a different pop on failure and can still report), when there are radius authentication issues, and so on. It's not uncommon for WebTV to know a pop is down before the ISP that owns it is - which is no knock on the ISP, it's kudos for making a powerful feature that normal computers don't have.)
But while some of the features are really useful, and most are innocuous, there's a fair amount of stuff out there, like this, that was never intended for the public at large and can be easily abused. There are certainly WebTV users that are far more clever and malicious than one would expect, and they've exploited a number of bugs throughout the years.
Historically, WebTV has actually been pretty good internally about fixing these things. The operations team really does care, from experience, and beats on engineering until they get a fix. It is easy to distribute patches to the service (the internal machines.) It's a bit more work, but not a big deal, to offer users a patch that automatically installs to their own boxes if something needs to be done on that end, but those kind of bug fixes tend to be put on hold until features are being rolled out unless it's a serious bug, since users complain A LOT if they download an upgrade and don't see anything different.
I don't think this means much to the slashdot crowd, other than some cheap Microsoft bashing. It's a real bug, which is a product of a complicated proprietary system, and will almost assuredly be fixed pretty easily. (Don't ask me why someone thought this feature was a grand idea, mind you.)
I personally don't think the set-top box has much life left in it as a replacement for a personal computer. PC prices have plummeted since 1996, when WebTV looked much more attractive. The ease of use and maintenance of an appliance is nice, but only goes so far. However, don't think that WebTV doesn't know this. They're really strongly pushing interactive television (both in ads, and back on the TV industry to create more of it.) They've already got digital VCR capability in the sattelite models (much like TiVo and replay tv. It was actually almost on the market for WebTV when these showed up.) I speculate wildly that it makes sense to have something WebTV going along with Microsoft's X-Box when it ships - WebTV was part of the Dreamcast in Japan (but not in the US.) WebTV also really wants to be in cable boxes - they've announced a deal with Rogers in Canada.
The bad news is that if they win, we won't have a likelihood of open standards, and the interactive television market will be another Microsoft market. But the game is certainly just beginning. It'll be interesting to watch. It's clear to me that interactive TV will be a Big Thing, and pretty soon, and WebTV will be a player, and has a good chance at being the big player.
Okay, I rambled.
Even Funnier is... (Score:4)
They wrote the code that is creating the problem... This is not the first time that an (soon to be ex if not already)-employee has created a major problem for his company. Still I think most security holes (about 98%) are not created by the company that makes the product.
This also is not new.
According to Laura Buddine of Iacta.com, the parent company of Net4TV, the code was first made known to the hacker community in September, but has become widespread during the last week.
It just has become widespread, I wonder why they didn't do anything about it when it was discovered last september? Hmmm... if this was not Microsoft, the problem would have been fixed right away, but given that it is, it probably will take years for a working fix to be released.
And lastly...
Malicious programmers have been embedding the HTML of Web pages...
That makes it sound far more of a webpage problem than a newsgroup problem, and they say not to visit a SINGLE newsgroup? IQ Test Plz....
Not a big surprise, but... (Score:4)
It is important because it may be the first case of a real security issue arising from a non-PC device.
People tend to approach PCs with a bit of concern because of a long history of viruses, while black-box items like stereos and TV's are "clean" devices.
If the future of electornics means an IP on everything, then security will need to become a much bigger issue.
-cwk.