Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security IT

Hacking Hotels 101 224

Posted by timothy from the room-service-to-room-mumble-mumble dept.
romka1 writes "Wired has an interesting interview with Adam Laurie, chief security officer of the London security and networking firm ALD. Laurie was able, using laptop, tv tuner and an infrared port to access premium content, billing information of all the rooms in the hotel, watch how other guests access their emails and access desktop of a backend computer clicking icons on the desktop and launching applications."
This discussion has been archived. No new comments can be posted.

Hacking Hotels 101 More

Hacking Hotels 101

Comments Filter:

  • ya (Score:4, Interesting)

    by Heem ( 448667 ) on Saturday July 30, 2005 @08:15PM (#13204844) Homepage Journal
    probably because most of the passwords were

    "password"

    "(name of hotel)"

    etc.
    • Or maybe it was 'god','sex' or 'secret'? ;)

      • Re:ya (Score:3, Informative)

        by mikael ( 484 )
        Usually, it's just the room number :)

      • Re:ya (Score:3, Funny)

        by Hogwash McFly ( 678207 )
        Oh yeah, you want a seriously righteous hack, you score one of those Hiltons man. You know, the hotels they use to like, rent rooms and stuff.

        *rubs nipple*

        Wouldn't you just love to get one of those Hiltons baby...

    • Re:ya (Score:2, Informative)

      by zbyte64 ( 720193 )
      read the article. he says most systems don't even use passwords
      • "Password? What's that, man? ... You mean, like, a secret word you can use to confuse the snoopers? Like, way cool, dude. I'll have to check that out!"

        Yes, Virginia, there really are some dum'ns in the world.
    • When I stayed at Hampton Inn, they provided unused, unique, randomly generated passwords for each guest.

      • Re:ya (Score:2, Interesting)

        by Fishead ( 658061 )
        I stayed at a Rainbow Hotel in Oslo last month, and the internet was a nuissance. The largest time card I could buy was 24hours, and cost the same as a whole month of internet at home. The access cards were scratch off name and password with ~ 8 random characters for each.

        Rome was more reasonably priced (and only a one time purchase for my entire stay) but they had a nasty habit of shutting down my connection when I was Idle. That meant that at the end of every long Gmail I typed, I would have to reset m

    • Re:ya (Score:5, Informative)

      by LowbrowDeluxe ( 889277 ) on Saturday July 30, 2005 @08:29PM (#13204912)
      Actually, I just read the article on this on FARK and the process the guy is describing is kind of fascinating. Basically, since the TV is controlled by the IR signal from the remote, almost anything the hotel has accessible, is accessible through IR (and the program this guy wrote). Up to and including, appearantly some hotels mini-bars are controllable by IR remote (locking due to local prohibitions, or so the maid can restock them, etc). It's actually this sort of hacking, not PC hacking that I think has the possibility of causing the largest backlash in coming years. As more and more things become complicated pieces of electronic equipment. (Ferinstance: Hotel mini-bars) and computers become more powerful and portable, it's going to become more and more possible to interface with all sorts of equipment. Stealing some guys tax records off his hard drive is bad, but in most cases people just don't viscerally respond to it. Identity theft, no matter how terrifying credit card companies try to make it, just doesn't strike as much of a cord with people. But being able to walk away with free booze, that's something. Or let's say wireless becomes more prevalent in small scale communications. In some buildings, say a grocery store, or school, there's probably going to come a point where it will be cheaper to rig up some form of wireless PA system, rather than running new wires or whatever. With the proper effort, any standardized communication system can be hijacked. Now, admittedly, if it was me, I'd be in the grocery store whispering, "Snausages!" in varying tones of voice over the PA, but I can see all sorts of ways things could go. Suffice to say, hacking computers to most people is still just so much techno-magic. When it has a physical effect that can be directly observed, that will make it something much different. (another possible example, let's say they go to RFID tagging cars, and priority tag police cruisers or other emergency vehicles for getting through traffic lights and whatnot, well, there's another easily imagined opportunity.) Sorry, I'm babbling. In short, when computers are illegal, on criminals will have computers. Okay, I'm done.

      • Re:ya (Score:3, Interesting)

        by double-oh three ( 688874 )
        If you're typing in the HTML formatted comment box, remember that (take away the _) does the same work as an enter key.

        I'll post my comment from Fark below:

        This isn't that new, as I heard a presentation on it at Schmoo Con in DC earlier this year. The blurb about the presentation reproduced below from this page. [shmoocon.org]


        "Old Skewl Hacking: Infra Red - MMIrDA (Major Malfunction's Infra Red Discovery Application)" Major Malfunction

        Major Malfunction spends a lot of time travelling. Consequently he sp
        • I already mentioned it somewhere else, but MM also did his presentation in December 04 at the chaos communication congress in Berlin. I guess that wasn't the first time, either, it must be his standard show. :P

      • (another possible example, let's say they go to RFID tagging cars, and priority tag police cruisers or other emergency vehicles for getting through traffic lights and whatnot, well, there's another easily imagined opportunity.)

        Actually, they are getting there already... in Virginia we have the Dulles Toll Road, which has two sets of lanes, one on the outside for normal traffic (which has to pay the toll) and another set on the inside for airport traffic (which is free). Well, they have a few spots where

  • Why? (Score:5, Insightful)

    by turtled ( 845180 ) on Saturday July 30, 2005 @08:17PM (#13204856)
    Why is it okay for "agencies" to go and find vulnerabilities in public networks, but as soon as a high school student finds a hole, tells someone, then no onw does anything, he has to exploit it to get noticed, then charged with some stupid "hacker crime"?
    • A hotel's internal network is not public. It is private, owned by the hotel. The hotel then goes and hires these agencies to probe their networks (or invites, or is offered an inspection by), who then report what they find.

      When you have permission, it's okay.

      • Re:Why? (Score:2, Insightful)

        by Kiaser Wilhelm II ( 902309 )
        Who said he had permission? When did he get permission to spy on other people's private information from those people?
        • That's why they should use a VPN, SSL, or some other kind of security. In the case of, say, SQL requests being blown in the clear over a Ethernet hub to every room in the hotel, the liability needs to lie with the hotel. The hotel can then decide to sue the network installer or whatever the hell they want, but the fact of the matter is that someone uses a service and either:

          1. The data is broadcast over the air in the clear.

          2. The data is broadcast into their computer with the assumption (that neither t

      • Re:Why? (Score:4, Insightful)

        by Grey Ninja ( 739021 ) on Saturday July 30, 2005 @08:44PM (#13204979) Homepage Journal
        The man was just looking to get FREE PORN! Didn't you read TFA?
    • Agencies are professionals who can convey a sense of trust with the owner of the network. Some kid with a laptop might not be a credible source. If they don't believe you, I'm sure there are lots of people out there on the internet who would be willing to give it a try...

    • Because, (Score:1, Insightful)

      by Sr. Pato ( 900333 )
      To be brutally honest, High School kids have no credibility and are easier to push-around and use as scape-goats. When an agency tells you your network is insecure, it's the companies fault for not being secure enough. When a kid does it, the network was secure, but this 'genius hacker' happen to break it. It works wonders with the media. Good damage control.

    • Re:Why? (Score:2, Insightful)

      by Anonymous Coward
      Why do ivy leauge schools teach Machiavelli instead of a warmed over highschool civics class?

      It all boils down to getting away with what you can because you inherently have more power. There is no inherent "morality" involved in any given legal system or government. Anyone over the age of 7 should be able to recognise this on a daily basis.

      Besides, it's important to have a fake set of rules for individulas to follow and conform to... otherwise we'd all be living in a perminent state of chaos. Just imagin
      • "Anyone over the age of 7 should be able to recognise this on a daily basis."

        Actually, no, because humans are primates and this is how primates work. Well, actually, yes, maybe they do - they're just trained not to admit it.

        Remember, 55 million people elected Bush - and if they hadn't, they would have elected Kerry.

        As we anarchists say, "No matter who you vote for, the government gets into office."

        I don't know if your last sentence was meant as a joke, but it was funny, since millions of gun owners couldn't
    • ...you rugrats can't buy liquor, guns, gamble, rent a car or get into a titty bar.

      You've got the life experience and wisdom of a child, because you are one. I know it sucks when people tell you that, but it's true, and you won't realize it's true until you're in your 30s.

      • You've got the life experience and wisdom of a child, because you are one. I know it sucks when people tell you that, but it's true, and you won't realize it's true until you're in your 30s.

        Wow, concise, interesting, but stupid. I'm in my 30s now, but I was better equipped to be out on my own (other than the age descrimination of other people, especially someone like you) at age 12 than most people will be their entire lives. I'd give some details, but I'm sure you wouldn't change your mind anyway. But

  • Oh, I see how it is (Score:5, Funny)

    by Anonymous Coward on Saturday July 30, 2005 @08:19PM (#13204861)
    I do that, and I go to jail for 5 years. He does it and he's on Slashdot!
    • And now you know why the CIA has many agents working in hotels.

      Its to their advantage that its INSECURE so they can spy on any one.

      I wouldnt be supprised if every tv had a tiny camera built in too, at least in modern hotels that is.

      Obviously any techy in the know will not talk about this because he is being paid nice 6digits.

  • OFF TOPIC: /. Poll Locked (Score:4, Insightful)

    by h4rm0ny ( 722443 ) on Saturday July 30, 2005 @08:20PM (#13204873) Journal

    Well where else can you put a comment about comments being blocked?

    Anyone explain why the # DVD's ripped poll has been locked?

    Anyway, /. discussion normally stems from the first four or five posts, so this question will sink down to the bottom with time anyway.

    -H.

  • Inspiration... (Score:5, Funny)

    by utopicillusion ( 843168 ) on Saturday July 30, 2005 @08:21PM (#13204875)
    He did it for free porn!!
  • What the hell is premium content? I hear marketroids use it all the time now. According to dictionar.com premium means, among other things " Something offered free or at a reduced price as an inducement to buy something else.". What's the problem if someone gets "premium" content for free then?

    • What the hell is premium content? I hear marketroids use it all the time now. According to dictionar.com premium means, among other things " Something offered free or at a reduced price as an inducement to buy something else.". What's the problem if someone gets "premium" content for free then?

      Read a little further down...

      6. The amount at which something is valued above its par or nominal value, as money or securities.

      Premium channels are generally movie/porn/sports channels.

      When you are at dinner or in a

    • What the hell is premium content?

      As in premium channels... things you pay extra (a premium) for. That stupid soft core porn is a premium, as well as pay per view movies and such. Once thing nice about cell phones is you don't have to worry about the premium phone service in those premium hotels that costs an arm and a leg just to make a local call, chances are the mobile is cheaper.

      The problem with getting the premium service for free is the fact that people feel that they are being robbed blind by freel
      • Once thing nice about cell phones is you don't have to worry about the premium phone service in those premium hotels that costs an arm and a leg just to make a local call, chances are the mobile is cheaper

        Every hotel I've been at (including "premium" ones) have free local calls.

        However, the fact I am staying at this hotel means I am far from home, making all my cell phone calls roaming calls, and calls to anywhere local (relative to the hotel) long-distance (as far as the cell phone company is concerned) on
        • There are still cell plans where roaming and long distance calls are extra cost?

          I get 600 daytime minutes, as well as free nights and weekends. Within that time, I can call anywhere in the US or Canada from anywhere that I can get a signal with no extra charges. Every plan I've had for the past few years has been like this. Roaming is something I haven't dealt with since the analog phone days.
        • Every hotel I've been at (including "premium" ones) have free local calls.

          The last hotel I stayed in that one might consider premium was a two room suite holiday inn... utah when they had the hurricane, or rather the night before. I think it was a holiday in... apparently there was a convention in town and it was the only room. Anyhow the phonecall to the airport, local call I might add was $1.25, which is annoying the fact that the room was pretty upscale on the price yet everything in there including th
    • According to dictionar.com premium means, among other things " Something offered free or at a reduced price as an inducement to buy something else.". What's the problem if someone gets "premium" content for free then?

      Perhaps the problem is the premium content was not being offered for free in this case? But was available at a "reduced price", which the individual did not pay?

  • Security through obscurity (Score:5, Informative)

    by DragonHawk ( 21256 ) on Saturday July 30, 2005 @08:36PM (#13204940) Homepage Journal
    This is a classic case of "security through obscurity". The hotels (or rather, their vendors) are relying on the fact that nobody knows how their system works to keep it secure. They just broadcast everything and figure, "Hey, you need one of our special remotes to do anything, so we're safe".

    I think it is important to blame the vendors as well as the hotels. Two days ago I got a sales presentation of a document management system called "DocStar". The sales weasel kept going on and on about security, repeating himself with how it has security "at the level of individual pixels". But whenever I tried to pin him down about how that system is actually secure, he had nothing. As near as I can tell, their whole pitch is "It's secure because we say it is". Right. I'm supposed to take his word for it, when vendors demonstrate over and over, with cases like this, that their security usually amounts to "We hope nobody will ever try to break in".

    Gag.
    • Maybe it was secure.

      However, a sales guy knowing the technical details of a product is as unlikely as being allowed to *talk* to a developer at their company to explain their security mechanisms in the first place.

      Sad state of affairs, really. Programming is all about abtraction; I wish people understood that when a programmer uses abstraction to centralize logic such as security, we'd all be better off if we could abtract across companies.
    • This is a classic case of "security through obscurity". The hotels (or rather, their vendors) are relying on the fact that nobody knows how their system works to keep it secure. They just broadcast everything and figure, "Hey, you need one of our special remotes to do anything, so we're safe".

      I think, generally speaking... no one gives enough of a shit to even bother hacking a hotel broadcast network. And the minority that do... the very small minority are for the most part paying upwards of $50/night just
      • "generally not worth it to hang out and commit an act of theft of service."

        If that's all it is, I'd tend to agree with you. But I've seen descriptions of seeing what other people's terminals (TVs) are doing, including billing information and supposedly "private" Internet sessions. The idea of skimming credit card info or private business dealings off of this isn't inconceivable. As a potential guest at a hotel, I'm a lot more worried then I would be about the hotel ownership's potential loss of profit.

        "T
        • There is nothing wrong with that attitude in and of itself. The problem is that things almost always get extended beyond their initial application. Cleartext TELNET is good enough for it's original application -- carrying terminal sessions between a handful of computers operated by a group of people who all know each other. TELNET becomes insecure when used on the modern Internet, where your packets might go anywhere, to anyone.

          Yes, I get blasted at times for using telnet on a house network to linux box and

  • My own experience (Score:5, Informative)

    by hixie ( 116369 ) <ian@hixie.ch> on Saturday July 30, 2005 @08:45PM (#13204983) Homepage
    I was in a hotel a few months ago, plugged into the free ethernet (for which I was very thankful), checking my e-mail, editing my documents on a remote server, chatting on IRC and browsing work sites (all over SSH, TLS, and SSL). My work consists amongst other things of testing Web browsers, and at one point I had to determine why one browser was not handling some HTTP headers correctly, so I fired up tcpdump to check exactly what headers were going over the wire.

    What I saw scared the heck out of me. SQL queries from the hotel reservation system, including things like the results of "SELECT * FROM RESERVATIONS" and "INSERT INTO ROOMS ..." and so on, with full credit card numbers, addresses, names, room numbers, lengths of stays, the works.

    Not only was it all unencrypted, but they were broadcasting all that information to every ethernet port in every room. You can just imagine the potential for identity theft and burgalary networks ("he'll be gone til tuesday!"). And I wouldn't be surprised if you could actually just send out your own SQL queries if you wanted to ("I'll be staying for another week, honest!").

  • Most Hotel TV are locked though right? (Score:3, Interesting)

    by bogie ( 31020 ) on Saturday July 30, 2005 @08:55PM (#13205014) Journal
    I've not looked at the TVs in every hotel I've ever stayed at, but when I have the cable going to the TV was locked and you couldn't unscrew it if you wanted to.

    Still, this makes me want to pick up a USB tv tuner for next time I travel. ;)

    "Additionally, he could use hidden codes that transmitted from the remote-control device to the TV through infrared to control functions in the system...Laurie automated the process by using a program he wrote that analyzed and mapped all the possible codes in 35 minutes to see which ones were relevant for the system he was trying to crack. Laurie doesn't plan to release the program."

    Booooo, release the code!
    • "Additionally, he could use hidden codes that transmitted from the remote-control device to the TV through infrared to control functions in the system...Laurie automated the process by using a program he wrote that analyzed and mapped all the possible codes in 35 minutes to see which ones were relevant for the system he was trying to crack. Laurie doesn't plan to release the program."

      What a wimp. Information wants to be FREEEEEE! :)

    • I've not looked at the TVs in every hotel I've ever stayed at, but when I have the cable going to the TV was locked and you couldn't unscrew it if you wanted to.

      The ones I've seen aren't locked, but have a plastic cylinder around the F connector that keeps you from unscrewing it. However, all you need is a security wrench [icmcorp.net]. They're also handy if the hotel TV doesn't have AV inputs, and you want to hook up your VCR or DVD player to it via a RF modulator.

  • Are these the more expensive and higher class hotels or the cheaper ones? I did not see any hotel names mentioned in the article.
  • Plugging the TV into the tuner, which is the size of a laptop power pack, and the tuner into his laptop, Laurie is able to use his laptop to pick up content through hotel TVs that the backend system is broadcasting but not currently displaying on the TV. Wouldn't he plug the cable, not the TV, into the tuner? Or maybe he split the cable. It would surprise me to find out that hotel TVs have some form of signal out. For what reason?
    • The two-way signal is used for the room information screens among other things.

      For example, most hotels will allow you to use the TV remote to review your charges, extend your checkout time, checkout, order food, etc. The TV is communicating with a hotel computer somewhere to facilitate that. The computer generates a video channel specifically for that room.

      There is also sometimes an alarm signal on the wire to detect if someone disconnects the TV to hook up a DVD player or game (they want your to rent TH
    • To order pay per view- and other two-way communications...

  • Some other (more useful) comments. (Score:5, Interesting)

    by Randseed ( 132501 ) on Saturday July 30, 2005 @09:34PM (#13205133)
    For what it's worth, I do the same thing sometimes when I'm stuck in traffic at this particular intersection in front of a hotel that provides free 802.11b to their guests. I haven't sniffed the traffic because I'm never there long enough and I don't care either, but I have no doubt that were I to do so I'd get all sorts of juicy cleartext passwords, usernames, network information, and God only knows what else. Oh, and by the way, it also works at my university, which is a major academic institution.

    This is because in the interests of usability, these systems do not use WEP. In the case of the university, their security consists of not honoring DHCP requests if the system doesn't know your MAC, and hiding the ESSID. Again, no WEP. I have sat in conferences and watched people checking their email. (That's also good for, how shall we say, 'social intelligence.')

    The bottom line is, and always will be, that people need to pay attention to how the technology they use works. If they don't know, then it is to a certain extent their own problem.

    To combat this, all my wireless systems, including the ones I use at home, use a VPN to connect to my home router, and then the traffic goes out from there. The VPN uses a cryptographic key for authentication, not a password, and all traffic except for DHCP requests go over it. The best someone can really accomplish at the network level is to bump me off the network, at which point the VPN falls over too, and no data is compromised. The system at home also uses WEP, and requires that all machines connecting over wireless use a VPN to get routed from the router to, well, anywhere, even the LAN.

    "But what about after the data leaves your cable modem at home?" That's a valid concern. So any data that I'm really concerned about is encrypted going out of there too. The catch is that, of course, I can't do that all the time, and it could still give someone a lot of intelligence by monitoring the traffic. At that point, though, I have a legitimate beef with the cable company, just as users who plug their computer into a hotel ethernet port (not wireless) have a beef with the hotel if someone in the adjacent room sniffs their traffic.

    The sad reality is that most people have absolutely no data security at all. Often times, they give themselves the illusion of security by doing something like using some snake-oil crypto product on their Windows machine, which is still clearly open to a number of software-based attacks. And, of course, if you compromise the hardware, nothing is going to save your ass.

    Sitting at home, I see six wireless networks. One of them is mine. Four of them don't have any indication of whose they are, so they get a bit of security through obscurity in terms of someone trying to attack them directly. Nevertheless, three of the four are insecure, and the fourth uses only WEP. Of those three unsecured networks, they're broadcasting all sorts of crap in the clear, and two of the three are ridden with spyware and viruses to the point that I can tell remotely using only passive means.

    The last guy got interesting. He removed the confusion about whose network was whose, at least with regard to his, by putting his last name in the SSID. The network is wide open.

  • This is very easy to do. Cracking 802.11 broadcasting networks is really easy. There are websites that explain step by step how to do it. There is a coffee shop in Seattle on 15th Ave where I live that is always hoping. Mostly laptops, it looks like a friggin office. BUT friends found a flaw in the security and sniff out everything. We actually had a party in which they read emails (very private) they had transfered right off people's hard drives. Some even scoured webmail accounts after getting usernames.

  • This is old news within the hospitality industry (Score:5, Informative)

    by JoeShmoe ( 90109 ) <askjoeshmoe@hotmail.com> on Saturday July 30, 2005 @10:42PM (#13205367)
    My first day of work in a hotel, I see a guest come in with a VCR tucked in under his arm. I ask him if he's planning on watching some movies. He says no, he's planning on recording some. He tells me all he has to do is plug in his VCR, tune around until he finds someone watching a movie, then hit record.

    Over the years, I've learned a lot more. Basically, the world of hotel entertainment is run by two companies, LodgeNet and OnCommand. Both use almost identical technology. The way it basically works if hotels buy commercial television sets that have a port on the back to control the tuner. An RF interface plugs into this port and allows signals to be sent over the coaxial cable to a server and receive signals from the server.

    Let me explain how it works. The hotel puts all the regular television (called free-to-guest in the lingo) on a certain range of channels. The commercial set is then programmed to only allow tuning from the remote in that range. If the guest tried to go higher than say 30, it wraps back to say 2. Entering number from the remote higher than the range won't work either.

    Now the remote has some special buttons. Let's say a guest hits the main menu button. The IR receiver on the commercial TV passes the signal to the RF unit, which sends it over the coax to the server. The server starts up up a video stream and outputs it through a video card to a modulator. The server tells the commercial TV "tune to channel 43". Since the guest can't normally tune to this channel, they only way he sees it is when the server tells his TV to tune there. The guest can now interact with the server and only he sees what he is doing because he's the only one the server lets turn to channel 43.

    For hotel info, movies, this is how the guest gets the content. If it's a web browser session, it's the same thing only using essentially a terminal server session.

    Now, the problem is there's only about a handful of commercial TV sets made. It's not terribly difficult to obtain or borrow a master remote from someone. You can copy the button commands into your PDA or universal remote, then next time you are at a hotel with that brand of television, just tune around until you find something interesting to watch. Or, bring your own tuner like the guy with the VCR or the article talks about.

    Some ways hotels are dealing with this is locking off the connection so you can't just plug in a tuner. You can cut the cable, but I wouldn't recommend it if you don't want to be charged for the repair. But the master remotes are still out there and still universally known.

    Smaller or older hotels that have regular televisions use a little IR dongle to control the television instead of card that plugs in the back, but it's the same principle.

    I've always wondered why warez groups don't pick up on this as a way to get first-run movies. The hospitality window is about two months after a movie hits theaters (just after home pay-per-view but before DVD). The source is either DVD or digitial files downloaded directly to the server, so the quality should be excellent. Just bring an firewire capture card with your laptop and you can release "screener" quality with virtually no risk.

    Not that I would ever do something like that of course...just saying...

    - JoeShmoe

    • Re:This is old news within the hospitality industr (Score:2, Informative)

      by Anonymous Coward
      A few other helpful tips: You can use any old generic cable tv converter box to watch. I would recommend the Scientific Atlanta 8511 or similar. Its the size of a small clock radio and works with almost all universal remotes.

      Also seach ebay for 'coax removal tool' if you need to get around those pesky security sleeves.

      One interesting tidbit about my 8511 converter box. At first it did not work with any remote control. I took it apart and found a small jumper wire running from the input pin of the IR decoder

    • Re:This is old news within the hospitality industr (Score:2, Informative)

      by Anonymous Coward
      you can pull the card out of the back of the tv on lodgenet systems...move the jump 1 pin over and auto program the tv and watch whatever anyone else is watching...including internet
    • > I've always wondered why warez groups don't pick up on this as a way to get first-run movies. The hospitality window is about two months after a movie hits theaters

      I think you answered yourself there, good warez groups tend to release stuff before it even gets to theatres, not two months after.

      Your firewire-capture method would create telesync rip, there's risk of going out of sync and possible glitches in video or sound caused by disturbances in other rooms nearby(old electric razors, hairdryers
      • If you mean TS telesync, that's defined as "camera pointed at a movie screen but with an audio feed". TS typically look distorted unless the guy with the camera is dead center and can have heads and other things visible (or stupidly just hidden behind huge "letterbox" bars...who are they kidding).

        IF you mean TC telecine, that's defines as a recording from the film, either using a telecine (some kind of rear-projection thing that you can put a camcorder in front of to get a consistant image) or using the vi
  • This isn't anything new. About three years ago I was staying at a hotel on business and started playing around with the TV. It had been poorly locked down so I was able to view the movies, web browsers and other on-screen information for everybody on the floor.

    I really had no interest in watching people read their email or check out, but it was entertaining to see which pay-per-view porn movies were the most popular among my fellow travellers.

  • I've setup a 120 room hotel, we wired the joint and installed switches on every floor.

    At the moment, we have a pretty crumby system - a d-link router - yes I know why this is bad, but we're changing that (we knew about this to begin with)

    My question to the slashdot crowd is, what can you think of that we can do to stop a guest from running their own DHCP server? (screwing the network)

    • there is a way to do it, back at school if you ran a DHCP server your port shut itself off automatically for two hours, same if oyu tried to bridge anything
    • Cisco switches let you set ports to only be able to communicate with what you designate to be the uplink port.. it's okay if everything fits neatly into one switch, but if you have two or more switches then you need to have them blocked from seeing each other's traffic at a layer 3 level (ie, put them all on different subnets).
    • Are you serious? This is precisely why this article exists. Admins that don't know what they are doing setup a blatently insecure network (why would you even consider d-link for the magnitude of your project). Then you have the admin asking on slashdot for solutions (hint: usenet has been around since 1987 and provides many more technically adept contributers than slashdot). What hotel do you work for? I would like to know so I make sure I never stay there in the future

  • Hotels with free internet rule (Score:3, Informative)

    by Klowner ( 145731 ) on Saturday July 30, 2005 @11:47PM (#13205645) Homepage
    I was happy to find an ethernet port in my room at a hotel I was staying at some time ago, I plugged in my laptop and got all setup via DHCP. I checked my mail, checked slashdot, etc.. got bored, decided to play with nmap...

    I found some laptop (I assume) with IIS running on it, and some ugly website for a home siding and windowing company on it, I read it, wasn't interested.. But still, it seems that some people don't realize they're entering a fairly high speed and insecure network when plugging into most hotel setups.
  • dude, i hacked several hotels in neuromancer already!
  • You can find it here. [alcrypto.co.uk]
  • ....most 'hospitality networks' can be crack in 6 seconds. Anything less, and you suck. Seriously.
  • I have a *friend* who travels a lot who has been doing this with the TVs for years.

    Although most hotels lock the F-connector on the outside of the wall jack, remove the two screws for the wall jack and you can access the F-connector on the inside. I don't know if the systems are checking for missing TVs yet, but as a precaution a decent splitter should be used so the TV doesn't go missing when you connect your laptop. Someday they will wise-up and check. Then an engineer will not on your door to see if ther
  • when I start reading TFA and run across something like this:

    Laurie is known as Major Malfunction in the hacker community. He also revealed how infrared used for garage door openers and car-door locks could be hacked, using simple brute force programming techniques to decipher the code that opens the doors.     [emphasis mine]

    Now, I'm not a remote entry expert, by any stretch, but I've never even heard of infrared keyless entry or garage door transmitters. Always RF.

    When the article commits such a glaring erro

Slashdot Top Deals

Real Programs don't use shared text. Otherwise, how can they use functions for scratch space after they are finished calling them?

Close