Though I understand now that LMS is a really vulnerable system to be
I wouldn't even say this is a vulnerability. If you leave the door open, then anyone can enter your home. Is this a vulnerability in your door's design? No. It's wrong use :-).
That said: there's no doubt LMS wasn't designed to be secure.
opened up to the internet, why is that for the Hues?
It's not the Hues. It's anything. Nowadays I'd recommend not to expose anything to the internet unless you know exactly what you're doing. Unless you know your systems are all up to date, latest patches of everything installed etc. And you can almost bet this is never the case for consumer electronics.
Worst case they can only switch lights on and of, or is it possible to corrupt the bridge that way?
Worst case they know about a vulnerability you (and Philips) don't know about, which allows them to do anything they want on your device. Imagine another bug in the web server used which allows installing executables on that bridge.
Even simpler with LMS: one of its "vulnerabilities" is the ability to install plugins through the web UI. Such a plugin can do _anything_ in the context of the user LMS is running under. On Windows this often is a service user which has access to all/most files of the system without anyone being logged in. A hacker could easily install a stupid, simple bot as part of your LMS installation.
-- Michael _______________________________________________ Squeezecenter mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/squeezecenter
