 I
know, for many of you this isn't new anymore since most of the::unwired readers
are also great contributors to HowardForums but for the rest it might be new
anyway. HowardForums,
a great Canadian mobile phone resource, operated Howard Chui is facing some
trouble from mobile TV provider
MobiTV. Howard recently informed me that
some forum members discovered that MobiTV stores links to their video feeds
in an ASCII text file that anyone with Internet access, but without any
hacking-skills, can view. With the right mobile device or PC software, it even
gives users free access to MobiTV's video offers. Wouldn't be a problem if
MobiTV wouldn't be a commercial service which requires a subscription (US$ 9.95
per month).
However, if you just type the appropriate URL (which was
available before from numerous resources already, not just Howard Forums)
into your web browser, you can watch MobiTV's TV offer for free!
 
Well, looks like MobiTV is in deep trouble now for several reasons:
- They offer commercial TV services in an completely unprotected way which I'm
sure, the broadcasting networks, which owns the intellectual property, are not
happy about.
- I'm also sure Sprint isn't happy about this because it's questionable why
someone should subscribe to
Sprint's mobile TV service (which is provided by MobiTV) if you can get it
for free anyway.
And because MobiTV found out that they are, sooner or later, in deep trouble
with its partners, they went wild now and Howard has since received a number of
cease, desist and take down notices from lawyers representing MobiTV.
Furthermore the ISP that hosts HowardForums has received a notice from MobiTV
that requests that HowardForums be shut down. And all this happened because
MobiTV, a company - not a one man show - seems to work like a 1995 web developer
which put plain ASCII love letters on his server and wonders later that the
whole world is reading it!
Come on, it's neither Howard's fault nor the forum user's fault that MobiTV
seems to be incompetent and I wonder what's next - my Credit Card details in
another ASCII file on the same server? Fact is, that everybody can access this
file. Sure, it might not be linked from the homepage, maybe even Google robots
aren't allowed to read the file (even if a robots text file
doesn't exists on the
questionable subdomain) but the file, which contains all the direct links to
MobiTV's TV/Sprint's Mobile TV channels (including FOX News, Discovery Channel,
NBC Comedy, ESPN Mobile TV and NBC Sports Mobile) sits completely unprotected on
a web server without any access restrictions!
We are talking about the Internet, about servers and about educated users. I
don't known how the initial users got notice of this URL but somehow he got the
knowledge about its existence. And if you put anything on a web server, without
protecting it from unauthorized access, you have to pay for the consequences,
not the one who reported about the existence: "Don't shoot the messenger"!
Once I put a script on the::unwired server which allowed to upload photos from a
HTML page to a directory. I used it on an unused test-domain and the file name
was something like upload.php (for sure not index) and you know what - 2 weeks
later I found dozens of uploaded photos there, which I never uploaded. The
domain is even not findable through Google but it happened. Who was the fool? Me
who put the script on the server or the users which had fun uploading some
harmless pictures to my server?
MobiTV better checks their security mechanism instead of bothering websites,
which unveiled critical security issues with a service, with legal actions. At
least, MobiTV should be happy that this issue was unveiled. But also potential
customers should better know which company they give their Credit Card details.
If a company isn't taking care of its core assets, why should it takes care of
others personal data?
And please, and I urge you to
Digg this story and help support HowardForums. So far we have 412 diggs and
counting.
UPDATE: Looks like the dispute between MobiTV and HowardForums is
settled. According to Howard Chui,
he had a conversation with Paul Scanlan, the president of MobiTV, and he
said: "Howard, great catching up today. Again, we're big fans of the sight (site?) and our intention was never to bring your entire sight (site?) down or to "censor the Internet" like we're being accused. [...] Please know that our first priority is always to fix any security issues with our system and we're
doing that. Additionally, we also have a responsibility to our content and
carrier partners to reduce the impact of any breaches to the system once they
occur and that was really the basis for the correspondence you had with our
legal team."
Cheers ~ Arne
|
