Jul. 4th, 2009
Virgin media on demand pin
Jul. 4th, 2009 11:28 pmIf you were in charge of a times-shifting cable TV providing service such as Virgin On Demand, you might initially realize there is at least one non-obvious drawback of On Demand: it does away with watershed times for age-rated programs. A reasonable fix is to have an option whereby you have to enter a pin to watch a post-watershed age-rated program at a pre-watershed time. This is then strictly no worse than the previous arrangement, and strictly better if you add a few extra options, such as being able to require a PIN for any 18+ rated program, etc.
Whenever you require a PIN you have a trade-off between inconvenience and insecurity. To minimize inconvenience you might choose: (A) The feature is initially off, and is enabled if the user chooses it. To minimize insecurity, you might choose: (B) When the decoder box starts up, it asks you to choose a PIN or disable the feature.
If you were happy to be a bit less convenient, you might choose: (C) This feature CANNOT be turned off.. If you were happy to be a little less secure, you might choose: (D) The box demands a choice the first time you view a post-watershed program pre-watershed.
However, these are rather unsatisfactory, as it's not guaranteed to deliver either goal. Can we do better, with no need to trade-off? Most certainly! We can achieve BOTH insecurity AND inconvenience. Strictly worse than all of the above is: E Have a default, insecure, pin programmed in. The feature cannot be disabled. This provides no additional security over having nothing at all, but increases the number of arbitrary hoops a legitimate user has to jump through, and increases the chances they'll never change the pin from the default.
If you provide no useful information on the "Enter PIN" screen, you may reduce their chance of even knowing what the feature is. Bonus points are given for: (F) Have a default, insecure, pin programmed in. Require the PIN to enter the secure settings menu, in order to see what options the PIN controls. The feature cannot be disabled.
Can we do even better? Certainly. The inconvenience can be as high as we like, so long as there's a reasonably high chance of guessing the password. We could choose (G) Have SEVERAL insecure passwords, and choose a random one of them to be programmed in, and a different random one to write in the instruction manual. Require the PIN to enter the secure settings menu, in order to see what options the PIN controls. The feature cannot be disabled..
Judging from context, can you judge whether Virgin Media actually used (A), (B) or (G)?
If I ever have children living in my house, especially if I have a virgin media on demand account, I expect we will be living in a reasonably prosperous western democracy, sometime in the first half of the third millennium, presumably with a broadband virgin media internet connection! And I should hope they're just as capable of typing "virgin media default PIN" into google as I am!
Whenever you require a PIN you have a trade-off between inconvenience and insecurity. To minimize inconvenience you might choose: (A) The feature is initially off, and is enabled if the user chooses it. To minimize insecurity, you might choose: (B) When the decoder box starts up, it asks you to choose a PIN or disable the feature.
If you were happy to be a bit less convenient, you might choose: (C) This feature CANNOT be turned off.. If you were happy to be a little less secure, you might choose: (D) The box demands a choice the first time you view a post-watershed program pre-watershed.
However, these are rather unsatisfactory, as it's not guaranteed to deliver either goal. Can we do better, with no need to trade-off? Most certainly! We can achieve BOTH insecurity AND inconvenience. Strictly worse than all of the above is: E Have a default, insecure, pin programmed in. The feature cannot be disabled. This provides no additional security over having nothing at all, but increases the number of arbitrary hoops a legitimate user has to jump through, and increases the chances they'll never change the pin from the default.
If you provide no useful information on the "Enter PIN" screen, you may reduce their chance of even knowing what the feature is. Bonus points are given for: (F) Have a default, insecure, pin programmed in. Require the PIN to enter the secure settings menu, in order to see what options the PIN controls. The feature cannot be disabled.
Can we do even better? Certainly. The inconvenience can be as high as we like, so long as there's a reasonably high chance of guessing the password. We could choose (G) Have SEVERAL insecure passwords, and choose a random one of them to be programmed in, and a different random one to write in the instruction manual. Require the PIN to enter the secure settings menu, in order to see what options the PIN controls. The feature cannot be disabled..
Judging from context, can you judge whether Virgin Media actually used (A), (B) or (G)?
If I ever have children living in my house, especially if I have a virgin media on demand account, I expect we will be living in a reasonably prosperous western democracy, sometime in the first half of the third millennium, presumably with a broadband virgin media internet connection! And I should hope they're just as capable of typing "virgin media default PIN" into google as I am!