Anyone who has looked for rumors, news or support around cellphones knows about HowardForums: the Canadian forum started and operated by Howard Chui is a mine of information, hints and more.  It’s an excellent resource, and it’s currently coming under threat from MobiTV, the mobile TV provider; apparently some members of the forum discovered that MobiTV records the links to the company’s video feeds in an ASCII text file.  Open the file up – and you need no special skills to do that – and, when the links are plugged into a mobile browser, you can view the content without needing to pay MobiTV their $9.95 a month subscription.  Unsurprisingly, MobiTV aren’t happy; surprisingly, they’re not kicking themselves and prodding their tech guys to update the security, they’re trying to kick HowardForums by issuing cease, desist and take-down notices to the site. 

“Basically this is what happening. It turns out Mobitv stores links to their feeds in a plain text file that anyone with internet access can view. Apparently viewing this text file is considered ‘hacking’. Remember, next time you google and find something someone doesn’t want you to see mobitv consider that hacking. These feeds do not appear to be protected in an anyway and it appears anyone with a compatible phone can view them” Howard Chui 

In fact, MobiTV’s lawyers have also attempted to get HowardForum’s ISP to pull the plug on the site.  All this because MobiTV are undoubtedly getting some serious criticism from their corporate customers – such as Sprint – who likely thought their investment in mobile entertainment would take a bit more than Notepad to crack open.

MobiTV need to wise up: not only is this really not the best way to secure their product (what, they’re going to leave security as it is, even if HowardForums bites the dust?) they should know that attacking a valued resource doesn’t tend to leave users feeling positively about what you’re trying to sell them.  Many people who subscribe to the service are now looking to cancel their subscription out of protest; as Arne Hess has said, “if a company isn’t taking care of its core assets, why should it takes care of others personal data?”

[via the::unwired]