digg

Facebook Connect Join Digg About

MobiTV to Hofo: Take down

howardforums.com — It seems that MobiTV forgot to add any security to their SprintTV application. Now that the cat is out of the bag, it seems they are starting to send out cease and desist orders. Its amazing that a commercial app can be this unsecured.

Who dugg this?

Add a friend

submitted by

yakky Mar 6, 2008

772 diggs
digg

101 Comments

realstudio, on 03/06/2008, -0/+27Now MobiTV has to threaten DIGG...

qtv.mobitv.com/sprintTVlive.mcd

1. Copy and paste that link into the address bar.
2. Don't run it but save it to your computer.
3. Find it on your computer and OPEN it up. Select to open it with Internet Explorer or the browser of your choice.
4. There will be a whole bunch of links. Choose the channel you want to watch...
5. Get your LG Voyager and start up the browser.
6. Type one of the links into your Voyager and press OK!
SpecialK7225, on 03/07/2008, -2/+25This is absurd. If you can't secure your own damn links, you shouldn't get all nuts when you find out they're leaked.

It would be a shame if this guys email and phone got out...

*cough*
Josh Andrews
Corporate Counsel
6425 Christie Avenue, 5th Floor, Emeryville, CA 94608
phone 510.450.5279 mobile 415.971.1886
fax 510.868.6412 email jandrews@mobitv.com
*cough*

oops, silly me...
j37hr0, on 03/06/2008, -0/+19Can you copyright a publicly accessable URL? Is that really copyright infringement under the DMCA?
rtsp://live.mobitv.com:554/1-CDMA.sdp
rtsp://live.mobitv.com:554/48-CDMA.sdp
Is that copyrightable? I don't know.
What about http://qtv.mobitv.com/sprintTVlive.mcd
mick4394, on 03/06/2008, -1/+11The cat's out of the bag. Everyone now knows how crappy MobiTV is.
WiWavelength, on 03/07/2008, -1/+11I composed the following e-mail to Josh Andrews & Ellen McDonald, internal legal counsel to MobiTV. I encourage you to do likewise. Feel free to copy & paste. I do not quibble over my copyright.

jandrews@mobitv.com
emcdonald@mobitv.com

--

To whom it may concern:

I openly requested the sprintTVlive.mcd document from a server attached to your Internet domain, MobiTV.com. I did so via a standard, ubiquitous Internet protocol, Hypertext Transfer Protocol (HTTP). The server, as an agent of MobiTV, readily complied with my open request. As such, MobiTV is legally complaisant to my possession of this document.

The sprintTVlive.mcd document contains explicit instructions for accessing MobiTV content. I followed said instructions. For example, I openly requested the live.mobitv.com:554/4103-CDMA.sdp audio visual content from a server attached to your Internet domain, MobiTV.com. I did so via a standard, ubiquitous Internet protocol, Real Time Streaming Protocol (RTSP). The server, as an agent of MobiTV, readily complied with my open request. As such, MobiTV is legally complaisant to my viewing of this content.

Court precedent has held that a Uniform Resource Locator (URL) (i.e. Internet address) is not subject to copyright protection, only the content linked to the URL may receive such protection. Thus, MobiTV has no grounds for protesting dissemination of affected URLs, all of which are openly, publicly accessible. And, if the aforementioned document or content is copyrighted material not intended for my free, personal use, then MobiTV, as the copyright holder or an agent of said holder, has a legal responsibility to secure and protect that copyright, should not have readily granted my open request for access to said copyrighted material. That grant implicitly bestowed upon me a license for my free, personal use of said material.

Technical incompetence is no excuse for misplaced legal threats.

(For good measure, I tacked on the full text of the sprintTVlive.mcd document. But that is at your discretion.)
theewizard, on 03/07/2008, -0/+9this is out outrageous.... this has been floating around the net since Oct 2007
and now they want to come after howardforums, why because we are the largest phone community on the Internet, they want to try and make a lesson out of Howard & hofo, instead of fixing their problems

this guy JOSH must have took his legal training at the RI AA, that's the trouble with lawyers, they make money NO matter which side wins or loses the case.

this case will create his JOB security for him..and of course all of us are turning this into HIS personal Vendetta.

a nice little letter saying, we at mobiTV are trying to fix the security flaws your users uncovered, would likely have gone a lot further than these threats
inactive, on 03/07/2008, -0/+9WTF is mobiTV?
evanhindra, on 03/07/2008, -0/+8MobiTV, if you're reading this, good.

It's never a wise idea to attack a consumer based site. Because in the end, we'll always win (or somewhat). Unless you're the type of company that likes to screw over your customers (and content providers). Right? Capiche? Make sense?

So, stop pointing fingers on other sites, and fire your Corporate Counsel (I'm sure John has f'ed MobiTV over to a degree), and your IT/tech/security advisor crew.

I'm wondering if I should bring this to the Content Providers' attentions as well.
anonymoz, on 03/07/2008, -1/+9http://qtv.mobitv.com/sprintTVlive.mcd
http://qtv.mobitv.com/sprintTVlive.mcd
http://qtv.mobitv.com/sprintTVlive.mcd
legaxis, on 03/07/2008, -0/+8http://207.210.82.134/hf1.pdf original letter sent to Howard...via fedex...
mlerner, on 03/07/2008, -0/+8Come on fellow diggers, let's crash MobiTV. If you have an unlimited data plan, leave MobiTV on for a few hours.

qtv.mobitv.com/sprintTVlive.mcd

p.s. ***** MobiTV
nodefault, on 03/07/2008, -0/+7Go Howard! Screw MobiTV.

I see you MobiTV fools are out in full force digging down pro-HoFo comments.
tvmitch, on 03/07/2008, -0/+6It's a shame that all you have to do on your Palm Centro is go to the mobitv links through your web browser, then that links to the Sprint TV app, where you can watch TV and pick any channel...you'd think they'd lock that up!
kapil, on 03/07/2008, -0/+6Dear Josh,

I'm an avid HowardForums vistor. I noticed the little tussle between your employer and HoFo. Being a business owner myself, I completely sympathize with you and your company's dilemma...but here's the problem: The Internet Gods just aren't on your side.

Before you know it, the issue will become the meme of the day and travel the interwebs at warp speed....you won't be able to stop the overwhelming PR backlash and negative press....and in the process, you will give away the secret that was, until now, known to a handful of HoFo readers to millions of Internet users worldwide.

Of course, this will result in you having to secure your site...something you should have done to begin with, and moved on with life. Instead, you've publicized a little known secret and let the Trojans inside the City.

Another corporation made a similar mistake recently and is now busy backtracking... http://www.dslreports.com/shownews/Swiss-Bank-Drop ...

Anyway...just wanted to pass along my two cents. I wish you well. Trust me...you will need all the well wishes you can get your hands on in the days to come.

Cheers!

-Kapil
guy96, on 03/07/2008, -0/+5Ahh yes typical corporate philosophy....blame others for your own stupidity. We all support Hofo.
deanjondavid, on 03/07/2008, -1/+6More importantly how secure is our personal imforation with mobiTV???!!!!
Yester18, on 03/07/2008, -0/+5We stand behind you Howard!

Mobtv get your story straight and fire you people that are allowing this to happen.. insecure link, well seem to be a insecure company as well.
rennyn, on 03/07/2008, -0/+5I like how they say viewing a file is 'hacking'. Too funny!
angrymic, on 03/07/2008, -0/+5I will never use or even consider using this service because of this
matt314159, on 03/07/2008, -0/+4I salute howard for standing up to these corporate bullies. They should be ashamed that they came up with such a PATHETIC excuse for a content protection system. Trying to Quell free speech by shutting down every site that dares to discuss this GAPING and EMBARRASSING security hole only serves to make MobiTV look like a bunch of fools.
NullQuery, on 03/07/2008, -0/+4Long Live HOFO!!!!!! F*&^ You MobiTV!!!!!!!
Rory1, on 03/07/2008, -0/+4What does it take for this to get to the front page? Almost 600 digg's and 75 comments in less than 24 hours and still it's not popular?
Kelita, on 03/07/2008, -0/+4Go Howard! We support you all the way!
computergy2001, on 03/07/2008, -0/+4Howard, I am proud that you are standing up to these fools at mobitv. They can't secure their own video signal so they have to try to take down every website on the internet that dares to talk about this security hole. SHAME ON YOU MOBITV!
FuturePilot, on 03/07/2008, -0/+4Not only that but debugging. WTH? This has nothing to do with debugging.
0rnery, on 03/07/2008, -0/+3Josh Andrews sounds like a mobiTOOL at this point. Can't wait to see how this shakes out.
mattsk790a, on 03/07/2008, -0/+3If any mod on hofo ever thought this was any violation the user would have ben banned and the post deleted...
It is there fault for not protecting there service. They had NO kind of authentication or security that was "hacked"... Im surprised that a search engine didn't have that cashed...
iseth, on 03/07/2008, -0/+3Look out Google, you might get a letter too! If you do a quick Google search for sprintTVlive.mcd, you get all kinds of helpful links.
dtjay7, on 03/07/2008, -0/+3Go Howard, I will be wishing you the best. They have a responsibility to secure themselves. The info on howardforums is hardly secret.
strid3r, on 03/07/2008, -0/+3What's hilarious is that the big networks are going to find out what MobiTV is doing with *their* content. (Because it's not MobiTV's content, is it?)

And MobiTV is going to end up on the pointy end of about 50 C&D's -- they're going to get a taste of their own medicine! (The difference being that MobiTV is actually in the wrong, whereas HoFo is not.)

How long does everyone think that MobiTV will stay in business? Days? Weeks? Months even?
evanhindra, on 03/07/2008, -0/+3Oooo, there's that address bit that needs a bit of blurring ;).
ISurfTooMuch, on 03/07/2008, -1/+4I just submitted to Slashdot. Let's see if they pick it up. And I wouldn't be at all surprised if BoingBoing also runs something in the near future.

Will these companies ever learn that the way to deal with these things is to fix their own problems instead of trying to shoot the messenger? I doubt it. But, Mr. Andrews, if you happen to see this, I've been surfing the Net for about sixteen years, and I can't think of one single incident where a company or organization managed to get information taken offline. Yes, I've seen it attempted, but all it does is give the organization a big black eye.

Face the facts. This information is out there, and it won't go away, ever. Even if you could find every site that has it posted and get them all to remove it, it will still be stored on countless users' computers, waiting to be reposted. And they will repost it, if only to spite you. So, I'm telling you right now that you will have to address the underlying security issue here. If you want to go on making threats, then feel free, but you can't win by doing that. All you're going to do is make your company look like a bunch of bumbling idiots who can't fix their own Web server and must rely on bullying instead. Believe me, that bad reputation will be much harder and more expensive to fix than hiring a competent programmer to add some security to your site.
realstudio, on 03/07/2008, -0/+3All comments are for educational purposes only. They are to demonstrate related issues and are not to be used by anyone in any situation.
justgabe, on 03/07/2008, -0/+3There are almost 200 websites that have been posted about this issue and they have also posted the same information that is on HoFo. I wonder if the will send all of them emails about this?
d0nkz, on 03/07/2008, -0/+3I Salute you Howard. Im Behind You Im sick of the man sticking it to us!
FREEDOM OF EXPRESSION
tyrael, on 03/07/2008, -0/+3Oh man that guy is going to get so much hate from the community. I wouldn't be surprised if he won't be able to use his email address anymore or fax number due to spamming. Hilarious!!!! Show em what the tech community has!
jdsatmark, on 03/07/2008, -0/+3LamoTV you probably paid the greedy US wireless carriers who force their customers to purchase live TV over a data connection instead of getting it over the air for free like in the rest of the world.
tntsniper, on 03/07/2008, -0/+2Go hofo.. Its pretty wild that a company would try to attack a site that is filled with consumers. I could understand if the site was hosting ways of hacking and attacking the company in such a way that is illegal, but no this is 100% mobitv's fault and they really are taking it out on the consumers. FIX THE PROBLEM and STOP blaming it on OTHER PEOPLE! Simple as that. Its not illegal at all.

Wow mobitv is literally shooting themselves in the foot. Hell maybe even in the head at the end.
anonymoz, on 03/07/2008, -1/+3Or what about http://digg.com/mods/Watch_free_MobiTV_streams ? :)
Redtugboat, on 03/07/2008, -0/+2MobiTv is lame, dont blame howardforums for your own security Flaw!
matt314159, on 03/07/2008, -0/+2thelobber, the facet you're forgetting is that the content that was posted does not intrinsically break any copyright law. A URL cannot be copyrighted. Nor are the instructions anything you have control over. See, there's this little thing called "free speech".
Only once users implement the instructions and pirate your content has a law been broken. And it is your job not to try to persecute anybody who exposes this information, but to shore up your protection to secure your video signal. If you want to blame somebody, look in the mirror.
hiimcliff, on 03/07/2008, -0/+2***** MOBI TV. i dont even know what it is, but i know its *****.
boosti95, on 03/07/2008, -0/+2MobiTV can suck a big fat one.
matt314159, on 03/07/2008, -0/+2Splendid email! Congrats! I sent one myself, though it was not as well-worded as yours. I'm glad people are standing up to this company. I hope they recognize the folly of their ways and issue a formal apology to Howard.
noisuf0, on 03/07/2008, -0/+2This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

contact@mobitv.com
Dumbledorito, on 03/07/2008, -0/+2By the by, if you don't have a Sprint Voyager, just paste the "rstp" URL from the channel of your choice into Quicktime's "open URL" function.

But only do so for educational purposes... or something. Winners don't use drugs.
Dumbledorito, on 03/07/2008, -0/+2I think I've found a bigger problem with their service: What the hell is Marilyn Manson's "Beautiful People" doing on their "Totally 80's" channel?
CaptainHarlock, on 03/07/2008, -0/+2I'd tell the MobiTV legal department to talk to their tech department and give them the word they're morons. They could solve all their problems internally and not piss off the rest of the Internet.
desk, on 03/07/2008, -0/+2how is this not frontpage? i don't get it
liquidxy, on 03/07/2008, -0/+2It's on Slashdot now: http://yro.slashdot.org/article.pl?sid=08/03/07/16
Show 51 - 100 of 101 discussions
Add a Comment

Login or register to comment!
Or, sign-in super fast with your Facebook account ...

Site Links: Home; Take a Tour; Search Digg; Digg Mobile; RSS Feeds; Popular Archive

Help: Frequent Questions; How Digg Works; Report a Website Bug

All About Digg: About Us; Contact Us; Community Guidelines; The Digg Blog; Digg Townhalls & Meetups; Jobs at Digg; Advertise on Digg; Diggnation Podcast

Digg Store: Get hats, shirts, hoodies, stickers, and more at the Digg Store.

Digg Tools & API: All Digg Tools; DiggBar Tools; Firefox Toolbar; Twitter Feeds; Add Digg to Google; Netvibes Widget; Integrate Digg Buttons; Digg Badges; Make a Digg Widget; API for Developers

Digg Dialogg!: Digg Dialogg lets you choose the questions.

Digg Labs: Get a real-time view beneath the surface of Digg.; Digg Labs Home; Arc, Swarm, Stack, Bigspy, Pics

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.