Posts Tagged NTL Ireland

UPC Broadband WiFi Router susceptible to a simple brute force attack

Many Internet users in Ireland are well aware of the Eircom wireless┬árouter hack that showed just how easy it would be for someone to compromise the poor security design of some Wifi routers. In Eircom’s case, they were providing all their Broadband customers with routers that could be compromised and accessed by hackers, simply by using the digits of the routers default SSID. Hackers figured out that by using the digits set up by default when you turned on your Eircom wifi router, you could generate the routers password within seconds by compromising the poorly thought out security algorithm.

Now it seems, UPC broadband is the latest Irish broadband provider that could fall foul to potential hackers. It seems our ISPs, in an attempt I can only assume, to make the set up and install of their routers a simple task for their less tech savvy customers – does nothing but create holes for hackers to exploit.

Recently an Irish IT company, discovered that UPC’s broadband routers are susceptible to a brute force attack based on the algorithmn used to generate the passwords that they stick to the back of all their routers.

The hack is definitely not as easy to exploit as the one Eircom introduced, but it’s still very attainable to any serious hacker or even a hobbyist who just wants to leech their neighbours broadband connection.

Check out the article from PlanIT Computing on how UPC’s routers can be exploited and what you can do to prevent an attack on you.

http://www.planitcomputing.ie/blog/?p=325

Tags: , , , , , , , , , , , ,

No Comments

UPC eBilling Registration & Sign Up Process

NTL Communications (Ireland) Limited
Image via Wikipedia

I got a letter in the post today with my standard UPC / NTL bill suggesting that I go online and register for their new eBilling system. This would mean that I would no longer receive paper bills to my home address, but instead I would receive a text message when my new bill was available online.

All I had to do was simply go online and register my details to start using this system straight away. Since I use the Internet everyday, this solution sounded great to me.

Upon visiting the UPC website, I thought that since they had sent out these letters with their monthly bills, that it would be quite obvious when you visited there website where to register your details. Unfortunately, they hadn’t got any large graphic to entice me to register, so I had to look a little harder to find what I was looking for.

After clicking the button for the eBilling registration, it brought me to a page where it informed me that I needed to register for an an account on the UPC website, which is fair enough. When you entered the registration page – it asked you to enter your customer number and surname. The problem was that your customer number, isn’t to be entered as it appears on your bill. They do mention this fact above the form, but they could have made this a lot more intuitive by including beside the field in which the number had to be entered.

That’s not what annoyed me most anyway… I continue…..

After filling out this form, I was presented with a new form where it asked me to enter my personal information. It looked pretty straight forward so I started to fill it in. Then I came to the security question, I have never seen such a ridiculous choice of questions.

drop-down

1. I don’t have a favourite band… I like a lot of bands…
2. I don’t have a favourite book, I have many
3. Teacher?? I don’t remember liking any teacher when I was at school!
4. Food/Drink….. Still don’t have a favourite
5. TV Show??? I hardly ever watch TV unless it’s football
6. I find it hard to remember my own mobile number at this stage, god forbid trying to remember a number from my childhood!!

Ok that’s fine, if I must – I’ll just enter one of my favourite bands, sure it’s not as if I’m ever going to forget my password is it?

I started typing my selected band into the answer field and this is where we see another ridiculous example of bad usability. Yes, the form field was in fact a password field. So even if I did have an answer, God knows what I actually put in that field, because all I could see were a serious of hashed out characters.

I continue on, as I’m not too concerned about this aspect anyway. Next stop “Work Phone Number”… I thought to myself, “I don’t ever want them contacting me in work, they can shag off, they’re not getting that number”. I proceeded to fill in the rest of the form and hit the register button.

ERROR!!! “You must fill in your work number” –

Huh??? Why??? What do you need that for???
So I decided to put in NA…

ERROR!!! “You must enter a number between 7 and 11 characters long”.

I obviously resorted to putting in a dodgy number, possibly some other poor soul who will get phone-calls from UPC for God knows what.

UPC, you need to take a serious look and your registeration process!!

Tags: , , , , ,

No Comments

Kryptview, IT Gate, Dbox / Dbox2, Dreambox & Starview 4 – All cracked

NTL Communications (Ireland) Limited
Image via Wikipedia

Since March, forums that discuss information related to the so called “dodgy boxes” have been a hive of activity as desperate “dodgy box” users search anxiously for a fix for their defunct boxes. In March, NTL released a new encryption on it’s network in Ireland that effectively rendered all of these boxes useless. That new encryption is now known to be Nagravision 2.

However, it wasn’t long before the elite hackers for the Kryptview box were able to release a patch to bypass this new encryption and get their boxes back up and running. Other boxes, such as the IT Gate, Eurovox and Starview weren’t as fortunate. So far, three months on, there has only been fixes released for the IT Gate and the Starview 4 (The Box Super USB). For the owners of other, older versions of these boxes, the chance of getting a fix looks slim.

The hackers don’t seem that interested in helping the “old” customers in Ireland, but will gladly help you if you purchase one of their latest and greatest machines. That makes total sense from a business perspective. This is the best opportunity they have to get people to upgrade their boxes.

This has definitely been a huge success for NTL who were determined to remove these boxes from circulation – or were they? Think of it like this, apparently they’ve only scrambled the premium channels with the new encryption. Channels such as Sky Sports, Setanta and the Adult channels were the first to go. Yet, they seem to have left other channels only available to their digital subscribers. There’s clear evidence that NTL’s subscriptions greatly improved when the dodgy boxes were in full flow. Nearly everyone you spoke to had heard of these boxes and had jumped ship or cancelled their Sky subscription. Obviously Sky and Setanta weren’t too happy about this and let NTL know.

Now though, where are they going? Are they going to roll out Nagravision 3 that will most likely kill all of these boxes for a very long time (there has yet to be a crack for Nagra 3) or will they just continue with Nagravision 2? No-one seems to know the answer to this and only time will tell.

UPDATE: Dbox, Dbox2 & Dreambox now all have fixes. A few other linux boxes have been fixed too (just not sure what they are called!)

Reblog this post [with Zemanta]

Tags: , , , , , ,

10 Comments

Starview 2 aka “TheBox” Review

A few months ago, I wrote about these new Starview boxes that allow you to get access to all NTL digitals channels, with a basic NTL analogue connection (illegally of course). I did my own research at that stage and found that they worked a dream.

Since then, I’ve been keeping my eye on developments on this front, hoping that I am proven right that NTL will actually find a way to prevent this. So far, everything NTL do to counteract this has been simply a waste of time. The speed at which the developers of the software for these boxes can find a way around the changes is phenomenal, which causes a minimal distruption to service. I’m sure it would be a nightmare for most users of the box to find out ways to get round these changes, but for the technical savvy, it’s a simple task.

Anyway, a friend of mine purchased one of the new Starview box’s, now called TheBox or Starview 2. This guy is as technical as an apple and instead of trying to figure it out himself, took the easy option of calling on me. So, I went and had a look at TheBox for him.

Although it’s more expensive than the original Starview, it’s not much different at all. Specifications are exactly the same, even though it’s advertised as being an upgrade. Looking closely at the system, the only change really is the EPG (Electronic Programming Guide). In the past, when you scrolled thorough the channels to see what was on next, it would also change the channel. Very frustrating and quite useless! Now though, you can scroll through the channels to see what’s on, without changing channel. Another new addition is the time beside the info for each channel and it also shows what’s on next.

LEGAL NOTE:
It is illegal to receive subscription-based television airtime without paying for it. It is also illegal to connect this item to equipment that you do not own, without prior consent.

Tags: , , , , ,

858 Comments