Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
April 12, 2015
Chris
Security
0

Hacked french TV channel exposed passwords in TV interview (video, screenshots, links)

PreviousNext

This week a major french TV networks was hacked (Article on CNN #1, #2), resulting in 11 channels being completely black for hours, several disfaced social media accounts and the usual stuff that didn’t make it to public, like compromised mail accounts etc. All defaced sites have shown massive pro-ISIS propaganda stuff, so it’s possible it’s an ISIS “attack”.

It was the biggest media takedown in the history of european television (unconfirmed information).

What makes this interesting: There’s a possibility that this was started with the TV channel itself showing internal (and very weak) passwords in a live TV interview, done directly in front of the “printed out passwords wall”. Well…, yes. When using the HD version of the raw TV stream, plus a little bit of Photoshop filtering, and knowledge of common french passwords: Voila, you don’t even have to guess. The screenshot below is just a multiple-times-compressed stream image.

You can watch an archived version (in low quality) here directly on the TV station’s archive. Jump to 3:45. Note that this show is not the original show (like said by several very big tech blogs), it’s a coverage of the events happened.

Personally I think it takes much more to take down a professional TV station than a few login credentials for social media. There’s absolutly no reason why server keys and access to the highest level of program control should be connected to social media accounts in any way, plus the fact that deep control of the station’s content streaming shouldn’t be accessable from outside the office. There’s so much more that’s wrong here, but .. well, we don’t know.

CCKR9jmW0AAr8QS

 

This article was written quite a while ago (7 years), please keep this in mind when using the information written here. Links, code and commands might be outdated or broken.

Random articles

  • DEF CON 18 – When your computer got stolen and you can still SSH into it: “Pwned by the 0wner” (22min conference talk)DEF CON 18 – When your computer got stolen and you can still SSH into it: “Pwned by the 0wner” (22min conference talk)
  • Google I/O 2014 – HTTPS Everywhere (video)Google I/O 2014 – HTTPS Everywhere (video)
  • Hacking ATMs – A conference talk about the current security state of Windows XP driven cash machinesHacking ATMs – A conference talk about the current security state of Windows XP driven cash machines
  • How major web companies (and banks) handle passwords quite wrongHow major web companies (and banks) handle passwords quite wrong
  • Interesting stats on SONY’s hacked passwordsInteresting stats on SONY’s hacked passwords
  • PHP.net hacked, but most things are fine againPHP.net hacked, but most things are fine again
  • Vote for “Hack” for HipHop/HHMV support (future style PHP) in PHPStorm 8Vote for “Hack” for HipHop/HHMV support (future style PHP) in PHPStorm 8
  • 12 tools for better PHP quality12 tools for better PHP quality
  • PHP’s HipHop outperforms PHP 5.5 with Zend OPCache and Nginx by 15-20 timesPHP’s HipHop outperforms PHP 5.5 with Zend OPCache and Nginx by 15-20 times
hackedinfosecsecurity
Share this

Leave A Comment Cancel reply

vagrant

A super-simple Vagrant LAMP stack bootstrap (installable with one command)

As I have to setup servers inside Vagrant quite often, sometimes 10 times per day, I started to use provisioning:

PHPMyAdmin not found after installation ? Here’s a fix (Ubuntu 12.04) !

You just installed PHPMyAdmin but http://www.yourdomain.com/phpmyadmin just says “phpmyadmin not found” ? Try to create a link in /var/www like

shadow dom

A quick video introduction into Shadow-DOM, the game-changing DOM-subtree-technology

Awesome talk by Eric Bidelman (of the Chrome team): Shadow-DOM was often heard in 2013 and seem to exist for

unreal-4-engine

Tim Sweeney talks about the future of game graphics (and which hardware we need to “clone” reality)

If you are interested in 3D/CAD and game graphics and get sweaty hands at each new high-end game engine trailer

node.js

PayPal drops Java, goes node.js / JavaScript

First: this is not a Java-vs.-AnyOtherLanguage diss, just an article about a very interesting development: Using “frontend-languages” for serious server-side

Experimenting with HHVM at Etsy (Link)

Extremely interesting blog post of Etsy on how they try out HHVM / HipHop: https://codeascraft.com/2015/04/06/experimenting-with-hhvm-at-etsy/ This article was written quite

How to show memory usage (Ubuntu)

Always very useful: A simple command to show memory usage (Ubuntu / linux distros). cat /proc/meminfo   This article was

Disappointed by Watch Dogs’s graphics ? See how it looks with unlocked, hidden settings. Awesome!

When you are interested in 3D and game graphics in general, you probably stumbled upon these excellent and extremely good-looking

php uk conference

PHP Opcache Explained by Julien Pauli (video from PHP UK Conference 2014)

The title says it all. A VERY deep explanation on how OpCache works. If you never heard of this excellent

js javascript

Push database changes to all clients in real-time (!) with AngularJS and Firebase

The coolest talk I’ve seen this week: Anant Narayanan of Firebase shows how to build a simple but really impressive

1/4

Categories

Search

ubuntu-14.04-lts
First view: Ubuntu 14.04 LTS brings PHP 5.5 and Apache 2.4
css4
Angelina Fabbro talks about “CSS4” in this excellent conference video
node.js
PayPal drops Java, goes node.js / JavaScript
js javascript
JavaScript Testing Tactics (21min video by Justin Searls)
frontend-workflow
[german] Modernes Frontend-Development mit Bower, Grunt, Yeoman (45min Video, Thorsten Rinne auf der IPC2013)
js javascript
[video] Netflix JavaScript Talks about ECMAScript 7: The Evolution of JavaScript
Experimenting with HHVM at Etsy (Link)
php
How to use the PHP 5.5 password hashing functions
Google I/O 2014 – HTTPS Everywhere (video)
Soundcloud’s “VP of Engineering” about using SSDs
php
PHP 5.6 announced, statically typed (!) “new” PHP announced by Facebook devs
shadow dom
Crossbrowser-safe HTML5 video (IE6+) with a few lines of code and just one .mp4 video file
php
Test out PHP 5.6alpha1 on Windows 7 / 8 with two clicks
logo-internet-explorer
How to professionally test on old Internet Explorer versions
MINI2, an extremely simple barebone PHP application on top of Slim

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy
 
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT