Serviio

Mugwump wrote:Upnp and wlan are problematic enough as it is without the possibility of having to worrying about stream side attacks!
Now some security people are concerned about it http://www.h-online.com/security/news/i ... 29727.html

I always make darn sure that my router htm interface cannot be accessed remotely...but cripers if an Upnp stream can mess around with the routers clients through upnp then there is very little that can be done to stop it on Windows if you must run something with any elevated privilege ...I think i will stick to Serviio on Linux for all my net streaming dlna upnp adventures!

Being able to run without elevated privilege and from a user directory is really nice....too bad that doing things that way did not catch on with Windows. Though if the nonsense of being hosed by internet streams starts to happen then just maybe more people will start to wake up to how ridiculous the internet security scene has become!

After what Sony did by putting root kit spyware along with their useless drm on their cds http://en.wikipedia.org/wiki/Sony_BMG_c ... it_scandal I would not put it past the MPAA and the RIAA to start to do similar crap with streaming content. Sorry I just do not trust the American entertainment industry mughals!

Hope this never does come to pass but we do have to be vigilant.

patters wrote:He is raising a genuine security concern (that many uPnP routers can be interfered without authentication from the WAN interface), not talking about hacking WPA2. Read the article. And Sony really did once ship a rootkit on some of their Audio CDs.

Cerberus wrote:

upnp cant be interfered with via wan that was my point and nope it was not an actual root kit it was just an over the top DRM system, that they now use a much simpler version of.

Mugwump wrote:It was over the top piece of software that in Windows did more than just registry tricks. It actually installed a sniffer to /system! And ran first from auto-run before the disk played. Then ran as a hidden windows service that did not show up in task manager ...I know I removed it from a friends computer.
If that is not a Windows targeted root kit then I do not know what one is.

Interfering with wifi client(s) is the issue not hacking the router...but i am certain that some bright character will eventually figure out a way to run a insecure router configuration client remotely and open up ports to skirt around dhcp and NAT routers. Considering the fact that most people do not even bother to change the router's password or lock up the configuration interface from remote administration!

...just watch out for future rss sites like this hypothetical one http://www. cuties_online_naked/wmv_or_mp4/.ru....same as all the online gambling crap sites coming from the Russian mob. We are living in the new age of the wild wild web. Who knows where the next major sploit is going to come from, all we can do is keep our minds open as to how it could happen. I am not talking your average black hat here I am talking about the worst of the worst.

My point was that knowing, discussing and reporting possible future security issues with Upnp is not a bad thing ..ignoring them might just be a really bad thing.

patters wrote:Look, it really was a root kit - he's not making it up.
http://www.theregister.co.uk/2005/11/01 ... otkit_drm/