mavit wrote: > My understanding is that traffic can also be injected onto the network. > An attacker could connect to Logitech Media Server and do any of the bad > things described at > http://forums.slimdevices.com/showthread.php?107165-IMPORTANT-Stop-forwarding-your-LMS-ports-to-the-internet!&p=879191&viewfull=1#post879191, > including extracting sensitive data that happens to be on the same > machine that runs the server.
That's what I said, isn't it? I said "without additional vulnerabilities". The question is: will someone go all the way to do such a complicated attack just to attack your music server? Unlikely IMHO, not impossible. If there are more vulnerabilities and you an e.g. gain more rights on the server, that's when it gets more critical. A good remedy here would be to run LMS from a VM that only has read access to your music but that can get complicated quickly, at least if you still want to be able to store playlists, set ratings etc. --- learn more about iPeng, the iPhone and iPad remote for the Squeezebox and Logitech UE Smart Radio as well as iPeng Party, the free Party-App, at penguinlovesmusic.com *New: iPeng 9, the Universal App for iPhone, iPad and Apple Watch* ------------------------------------------------------------------------ pippin's Profile: http://forums.slimdevices.com/member.php?userid=13777 View this thread: http://forums.slimdevices.com/showthread.php?t=108140 _______________________________________________ discuss mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/discuss
