nickb wrote: > > I agree - patches are important, and yes for OpenSSL, as a key piece of > internet infrastructure it's scary and definitely in the firing line & > press often. To an extent that's why I'm advocating using -any- TLS TCP > proxy most suited to your server (if you can get one working - I've only > really tried stunnel) so you can choose. >
But that was exactly my point: if you do that, you have to understand pretty well what you are doing and I for one wouldn't. Don't know how the experience level of other users here is WRT platform security. People tend to think "oh, it's encrypted, now it must be safe" but that's a fallacy. Encryption helps against a few obvious attacks, most notably reading username/password (bad since so many people re-use these) and against easy access to LMS (bad because it could wake you up in the night or destroy your configuration as you can see in the reports here on the site). But on the other hand you run an encryption software that is usually a well-challenged high-value target in internet attacks. Any unfixed vulnerability in there potentially opens up access to your server machine and we are not talking about access to LMS at this point, we are talking about access to the OS. If things are really bad you are running your SSL/SSH client with root privileges. With a little bad luck these are things that can be exploited using port scans. This is not totally uncommon and can never be completely prevented (look at the critical issue from Sep. '16 here, for an example: https://www.openssl.org/news/vulnerabilities.html). What you need to do to be safe against these things is to stay informed what's going on and patch your system to get new updates whenever bad things happen or even take it temporarily offline. There is no such thing a "secure system", security is a process and a pretty complex one as well. --- learn more about iPeng, the iPhone and iPad remote for the Squeezebox and Logitech UE Smart Radio as well as iPeng Party, the free Party-App, at penguinlovesmusic.com *New: iPeng 9, the Universal App for iPhone, iPad and Apple Watch* ------------------------------------------------------------------------ pippin's Profile: http://forums.slimdevices.com/member.php?userid=13777 View this thread: http://forums.slimdevices.com/showthread.php?t=107009 _______________________________________________ plugins mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/plugins
