1. What plugin is affected? (This should really have been included in the mail, if it's legit.)
The Picture Gallery plugin is known to have been abused. I'm not aware of others. But as I said: an attacker could install any kind of plugin. His own, formatting your disk, installing malware, whatever.
2. Why and how did I receive this mail shortly after my players had been remotely controlled? (I find this strange to be honest, especially as this issue seems to have arisen for the first time in September 2016.)
You can find open systems using google, or, more efficiently, one of the search engines specialized in finding vulnerable systems. That's what my script does. And probably the attacker's too. As soon as you're on that index, you'll be attacked.
And no, I don't start the music on your system to give some weight to the mail. Though installing a plugin shutting LMS with a clear message would be a great thing to do. Except for legal reasons :-).
-- Michael _______________________________________________ Squeezecenter mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/squeezecenter
