Re: [slim] Security risks of old Squeezeboxes(?)
A few years ago, I wrote a shell script that I installed on my SB-Radio to read out its internal light sensor and post that data to Domoticz in a 5-second CRON. I could do that by SSHing into the Radio and by knowing its a Linux-based device, I could find my way around on its file system pretty quickly. When my script is running, it in no way changes the behavior of the SBR from a users perspective. That did make me very aware of what happens when a device on your local LAN is compromised to become part of a botnet. My code wasnt malicious and I wrote it myself, but what if? To get in to the SBR, you have to navigate the menu structure in the players GUI and enable SSH. In theory you need physical access to the player to do that. But of course if theres a zero-day in the BusyBox then who knows The chances are very, very, very small. But never, ever, say never. philchillbill's Profile: http://forums.slimdevices.com/member.php?userid=68920 View this thread: http://forums.slimdevices.com/showthread.php?t=115017 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] Security risks of old Squeezeboxes(?)
jablonski wrote: > Hi All, > > After searching the internet and this forum for a bit, I decided to > start this subject because I could not really find anything about it. > Apologies in advance if I overlooked something obvious. > I wanted to post it on the new logitech forum that was announced > recently, but it seems to be down at the moment. So here it goes... > > I have a bunch of Squeezeboxes (some Classics, a Duet and then an > additional controller), and since very recently, they are connected to a > recent version of LMS on Picoreplayer. > > I really still love my Squeezeboxes and would prefer to keep using them > for as long as possible, however, I have become increasingly concerned > about any potential security risks. > The firmware (obviously) isn't updated anymore, at least not that I'm > aware. > > So does anyone know if there is any clear and present danger, to use > these devices on the same network as my phone, laptop, company laptop, > and so on? > > And is there any difference in that risk between being connected > directly to mysqueezebox.com vs being connected to the latest available > LMS? > (Would connecting to a recent LMS mitigate any of the security risks of > directly connecting with an old SB to the internet?) > > I am considering to setup a separate network, but if it turns out that > there's not much reason to worry, then I'd prefer to avoid the hassle. I dont think there are any security risks applying to SB Devices as they themselves dont hold data and are built purely to stream music. You are far more likely to introduce a malware into your network by clicking on a link in an email or on a website than you are of introducing it via LMS. VB2.4[/B] STORAGE *QNAP TS419P (NFS) [B]Living Room* Joggler & Pi4/Khadas -> Onkyo TXNR686 -> Celestion F20s *Office* Joggler & Pi3 -> Denon RCD N8 -> Celestion F10s *Dining Room* SB Boom *Kitchen* UE Radio (upgraded to SB Radio) *Bedroom (Bedside)* Pi Zero+DAC ->ToppingTP21 ->AKG Headphones *Bedroom (TV) & Bathroom* SB Touch ->Denon AVR ->Mordaunt Short M10s + Kef ceiling speakers *Guest Room* Joggler > Topping Amp -> Wharfedale Modus Cubes Everything controlled by iPeng & Material on iOS d6jg's Profile: http://forums.slimdevices.com/member.php?userid=44051 View this thread: http://forums.slimdevices.com/showthread.php?t=115017 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
[slim] Security risks of old Squeezeboxes(?)
Hi All, After searching the internet and this forum for a bit, I decided to start this subject because I could not really find anything about it. Apologies in advance if I overlooked something obvious. I wanted to post it on the new logitech forum that was announced recently, but it seems to be down at the moment. So here it goes... I have a bunch of Squeezeboxes (some Classics, a Duet and then an additional controller), and since very recently, they are connected to a recent version of LMS on Picoreplayer. I really still love my Squeezeboxes and would prefer to keep using them for as long as possible, however, I have become increasingly concerned about any potential security risks. The firmware (obviously) isn't updated anymore, at least not that I'm aware. So does anyone know if there is any clear and present danger, to use these devices on the same network as my phone, laptop, company laptop, and so on? And is there any difference in that risk between being connected directly to mysqueezebox.com vs being connected to the latest available LMS? (Would connecting to a recent LMS mitigate any of the security risks of directly connecting with an old SB to the internet?) I am considering to setup a separate network, but if it turns out that there's not much reason to worry, then I'd prefer to avoid the hassle. jablonski's Profile: http://forums.slimdevices.com/member.php?userid=23317 View this thread: http://forums.slimdevices.com/showthread.php?t=115017 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] Forum issue on my Android
vinnielo wrote: > I can't seem to get the forums to load on my Android (7) phone. > Using ANY browser, I get a message saying Forbidden. > > Occasionally, it'll say: > "The site can't be reached > forums.slimdevices.com refused to connect > Try: > Checking the connection > ERR_CONNECTION_REFUSED." > > I've tried switching from Wi-Fi to 4G. > I've tried disabling all ad blockers > I've tried using alternative web browsers such as Chrome, Samsung > Internet (stock) and Dolphin. > > I get the same results regardless. > Tapatalk also no longer connects. > > On my desktop or on my iPhone, both on the same wi-fi network, I have no > issues. What's changed? No problem on my Moto G8 Power. 35567 +---+ |Filename: power.jpg| |Download: http://forums.slimdevices.com/attachment.php?attachmentid=35567| +---+ *Server - LMS 8.3.0 *Pi4B 4GB/Argon one case/pCP 8.0.0 - 75K library, playlists & LMS cache on SSD (ntfs) *Study -* Pi4/pCP 8.0.0/Topping E30 DAC/Ruark MR1 Mk2 *Lounge* - Pi2/pCP 8.0.0 > HiFiBerry DIGI+ > AudioEngine DAC1 > AVI DM5 *Dining Room* - Pi3B/pCP/Bluetooth/Echo Show 8 *Garage* - DAC32 > Edifier speakers *Spares* - 2xTouch, 1xSB Radio. 1xSB3, 6xRPi kidstypike's Profile: http://forums.slimdevices.com/member.php?userid=10436 View this thread: http://forums.slimdevices.com/showthread.php?t=115016 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
[slim] Forum issue on my Android
I can't seem to get the forums to load on my Android (7) phone. Using ANY browser, I get a message saying Forbidden. Occasionally, it'll say: "The site can't be reached forums.slimdevices.com refused to connect Try: Checking the connection ERR_CONNECTION_REFUSED." I've tried switching from Wi-Fi to 4G. I've tried disabling all ad blockers I've tried using alternative web browsers such as Chrome, Samsung Internet (stock) and Dolphin. I get the same results regardless. Tapatalk also no longer connects. On my desktop or on my iPhone, both on the same wi-fi network, I have no issues. What's changed? *RadioFeeds UK & Ireland..* an up-to-date radio directory for your Squeezebox/Transporter/UE Smart Radio.. available from the mysqueezebox.com App Gallery. Bonus: our RadioFeeds LMS plugin also lists AAC *and the BBC's high-quality HLS streams* on top of what's available in our MSB app. -Now with over 1000 registered users-, it's available for Logitech Media Server (and Squeezebox Server, SqueezeCenter and SlimServer). Click for more info: *http://www.radiofeeds.co.uk/squeeze* vinnielo's Profile: http://forums.slimdevices.com/member.php?userid=14510 View this thread: http://forums.slimdevices.com/showthread.php?t=115016 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] Should LMS read metadata from ID3v2.4?
mherger wrote: > > > Don't forget to submit a pull request for Andy to merge: > > https://github.com/andygrundman/Audio-Scan Away for a few days. Will pick up on my return. mrw's Profile: http://forums.slimdevices.com/member.php?userid=38299 View this thread: http://forums.slimdevices.com/showthread.php?t=115010 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
Re: [slim] Should LMS read metadata from ID3v2.4?
mherger wrote: > > Posting here so that I can find it again in due course. > > Don't forget to submit a pull request for Andy to merge: > > https://github.com/andygrundman/Audio-Scan Should we continue to use the 'Audio-Scan repo in the lms-community github' (https://github.com/LMS-Community/Audio-Scan) then? Ralphy *1*-Touch, *5*-Classics, *3*-Booms, *2*-UE Radio 'Squeezebox client builds' (https://sourceforge.net/projects/lmsclients/files/) 'donations' (https://www.paypal.com/cgi-bin/webscr?cmd=_donations=LL5P6365KQEXN=CA_name=Squeezebox%20client%20builds_code=USD=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted) always appreciated. ralphy's Profile: http://forums.slimdevices.com/member.php?userid=3484 View this thread: http://forums.slimdevices.com/showthread.php?t=115010 ___ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/discuss
