Search the Community

Showing results for tags 'security'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General
    • Forum Rules
    • Announcements
    • Introductions and Farewells.
    • General Support
    • Apple TEC
    • Windows TEC
    • Streamhelp.org
  • Wizards
    • The Beast
    • Other Wizards and Builds
  • Kodi
    • KODI 17 AREA
    • Kodi Discussion
    • Kodi Support
    • Kodi Add-ons
    • Kodi Tutorials
    • EPG
    • Builds
    • Kodi News
    • Español
  • IPTV
    • IPTV Discussion
    • IPTV Support
    • Dark IPTV, VOD and PLX Service
  • Android
    • Fire Stick / Tv
    • Nvidia Shield Tv
  • Miscellaneous
    • Lounge
    • Movies
    • TV Shows
    • Sports

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Found 5 results

  1. Large numbers of people are running Kodi with a poorly-protected remote access interface, which enables third-parties to view their addons and other sensitive information. In some cases, people’s private videos are also vulnerable to being viewed remotely by anyone with a browser. Worst still, attackers can change Kodi users’ settings, which can cause chaos to the unexpecting. As quite possibly the most people media player on earth, Kodi is installed on millions of machines – around 38 million according to the MPAA. The software has a seriously impressive range of features but one, if not configured properly, raises security issues for Kodi users. For many years, Kodi has had a remote control feature, whereby the software can be remotely managed via a web interface. This means that you’re able to control your Kodi setup installed on a computer or set-top box using a convenient browser-based interface on another device, from the same room or indeed anywhere in the world. Earlier versions of the web interface look like the one in the image below. The old Kodi web-interface – functional but basic But while this is a great feature, people don’t always password-protect the web-interface, meaning that outsiders can access their Kodi setups, if they have that person’s IP address and a web-browser. In fact, the image shown above is from a UK Kodi user’s setup that was found in seconds using a specialist search engine. While the old web-interface for Kodi was basically a remote control, things got more interesting in late 2016 when the much more functional Chorus2 interface was included in Kodi by default. It’s shown in the image below. Chorus 2 Kodi Web-Interface Again, the screenshot above was taken from the setup of a Kodi user whose setup was directly open to the Internet. In every way the web-interface of Kodi acts as a web page, allowing anyone with the user’s IP address (with :8080 appended to the end) to access the user’s setup. It’s no different than accessing Google with an IP address (216.58.216.142), instead of Google.com. However, Chorus 2 is much more comprehensive that its predecessors which means that it’s possible for outsiders to browse potentially sensitive items, including their addons if a password hasn’t been enabled in the appropriate section in Kodi. Kodi users probably don’t want this seen in public While browsing someone’s addons isn’t the most engaging thing in the world, things get decidedly spicier when one learns that the Chorus 2 interface allows both authorized and unauthorized users to go much further. For example, it’s possible to change Kodi’s system settings from the interface, including mischievous things such as disabling keyboards and mice. As seen (or not seen) in the redacted section in the image below, it can also give away system usernames, for example. Access to Kodi settings – and more But aside from screwing with people’s settings (which is both pointless and malicious), the Chorus 2 interface has a trick up its sleeve. If people’s Kodi setups contain video or music files (which is what Kodi was originally designed for), in many cases it’s possible to play these over the web interface. In basic terms, someone with your IP address can view the contents of your video library on the other side of the world, with just a couple of clicks. The image below shows that a Kodi setup has been granted access to some kind of storage (network or local disk, for example) and it can be browsed, revealing movies. (To protect the user, redactions have been made to remove home video titles, network, and drive names) Network storage accessed via Chorus 2 The big question is, however, whether someone accessing a Kodi setup remotely can view these videos via a web browser. Answer: Absolutely. Clicking through on each piece of media reveals a button to the right of its title. Clicking that reveals two options – ‘Queue in Kodi’ (to play on the installation itself) or ‘Download’, which plays/stores the content via a remote browser located anywhere in the world. Chrome works like a charm. Queue to Kodi or watch remotely in a browser While this is ‘fun’ and potentially useful for outsiders looking for content, it’s not great if it’s your system that’s open to the world. The good news is that something can be done about it. In their description for Chorus 2, the Kodi team explain all of its benefits of the interface but it appears many people don’t take their advice to introduce a new password. The default password and username are both ‘kodi’ which is terrible for security if people leave things the way they are. If you run Kodi, now is probably the time to fix the settings, disable the web interface if you don’t use it, or enable stronger password protection if you do. Change that password – now Just recently, Kodi addon repository TVAddons issued a warning to people using jailbroken Apple TV 2 devices. That too was a default password issue and one that can be solved relatively easily. “People need to realize that their Kodi boxes are actually mini computers and need to be treated as such,” a TVAddons spokesperson told TF. “When you install a build, or follow a guide from an unreputable source, you’re opening yourself up to potential risk. Since Kodi boxes aren’t normally used to handle sensitive data, people seem to disregard the potential risks that are posed to their network.” INTERNET SECURITY KODI REMOTE ACCESS SECURITY Official site: http://streamhelp.org Help/Support Forum: http://koditalk.org Follow Techtimeruuu on twitter: https://twitter.com/techtimeruuu Techtimeruuu Facebook: https://www.facebook.com/techtimeruuu Follow Mixdoctor on twitter: https://twitter.com/Kodi_Mixdoctor Mixdoctor Facebook: https://www.facebook.com/profile.php?id=100015663541691 Thank You, And Have A Great Day.
  2. If we talk about securing data and stream worldwide then the first word comes in our mind is a VPN. I was doing research on it and found Best Kodi VPNs on Amazing Black Friday VPN Deals and save up to 87% off. Secure your Kodi and stream worldwide.
  3. We’re very sorry to have to bring you this news, but upgrading Kodi to the latest version (released today) is fairly urgent if you wish to keep your network secure. Earlier today, a security flaw within Kodi (and other media players including VLC) was reported by researchers from Check Point Software Technologies. They demonstrated that an attacker could gain control of any Kodi device through the use of malicious code placed within subtitles. Hypothetically, if an infected subtitle file were to be downloaded by Kodi, it could give a hacker full control over your device. This is particularly concerning when it comes to automatically downloaded subtitles. It is very important that you upgrade Kodi as soon as possible, otherwise you could be leaving your entire computer, device, or even home network at risk. Security flaws in software happens all the time, it’s normal. This security flaw also affected many other media players that are far more popular than Kodi. The important thing is that the issue was fixed quickly, and so far no damage has been reported. However, now that the security flaw has reached mainstream news, hackers will now likely be looking to exploit it far more aggressively. The official developers of Kodi have been working tirelessly to release an updated version of Kodi that would fix security flaw, as well as some other minor bugs. Team-Kodi “highly encourages” all users to install this latest version, as do we. If you’re still running Kodi 16.1 Jarvis or below, you might as well upgrade now, that way you’ll also gain access to all the streams that use newer HTTPS technology not supported in older versions of Kodi anyway. If you follow the instructions below carefully, upgrading should be super easy. Please note that these instructions describe the unofficial use of the Kodi media center. Before Proceeding Android Users: Those of you who are running older devices or cheap Android boxes might run into some trouble. Kodi 17.3 Krypton requires Android 5.0 or higher to run. If your device doesn’t support Android 5.0, you’ll need to buy a new Android TV box in order to continue to enjoy Kodi. Apple TV 2 Users: Even though the last two versions of Kodi didn’t support the Apple TV 2, the device still seemed to work alright. This will no longer be the case moving forward, without HTTPS or HD support it’ll be next to useless, it’s time to purchase a new Android TV box. United Kingdom Users: It will be necessary to disable certain router security settingsbefore continuing, we’d also highly recommend using a VPN Provider to circumvent site blocking. Thank You ? And Have A Great Day. The Mixdoctor Team Member of koditalk.org
  4. Popular apps with 18 million combined downloads in the App Store found vulnerable to silent data interception Just click on the picture below CHECK OUT OUR NEW YOUTUBE CHANNEL BY CLICKING HERE ?The Mixdoctor ? Team Member of forum.place & Extreme Kodi Testing ( Check us out too ) You Can Now Follow Me On Twitter https://twitter.com/Kodi_Mixdoctor CHECK OUT OUR LATEST SITE Stream Help http://streamhelp.org If We Or This Forum Has Helped You Please Consider Donating To Keep All Videos And Forums Up To Date And Active As The Server Costs Are Great Remember Click Around The Adverts As This Also Helps Pay For Server Costs Thank You And Have A Great Day ? KODI DISCLAIMER We are not connected to or in any other way affiliated with Kodi, Team Kodi, or the XBMC Foundation. The 3rd Party addons are not the property of Kodi.tv and not supported by them. Third party addons will not receive any support in official Kodi channels, including the Kodi forums and various social networks
  5. Popular apps with 18 million combined downloads in the App Store found vulnerable to silent data interception After scanning through the binary codes of applications in the iOS App Store, Will Strafach’s verify.lyservice has detected that 76 popular apps in the store are currently vulnerable to data interception. The interception is possible regardless if App Store developers are using App Transport Security or not. A few months ago, similar vulnerabilities were discovered with Experian and myFICO Mobile’s iOS apps. Strafach’s verify.ly service is dedicated to scanning apps in the iOS App Store searching for vulnerabilities to help developers understand how to harden and secure their code. The scans look for patterns in vulnerabilities and in more terrifying examples they’ll find them repeated throughout multiple applications. Today’s announcement is not only scary because the applications are so commonly used, but also because more than 18,000,000 downloads of the vulnerable app builds have been downloaded. In the report, Strafach has sorted the 76 apps into low, medium, and high risk categories. “The App Transport Security feature of iOS does not and cannot help block this vulnerability from working”, states Strafach. ATS, introduced in iOS 9 was set to help improve user security and privacy by pushing apps to use HTTPS. Apple originally set a date of January 1st, 2017 for all apps to have the feature configured but has since pushed it back to an undetermined date. The issue relies in misconfigured networking code that causes Apple’s App Transport Security to see the connections as valid TLS connections, even if they’re not. Some of the apps with low risk distinctions include: ooVoo, ViaVideo, Snap Upload for Snapchat, Uploader Free for Snapchat, and Cheetah Browser. Unsurprisingly a handful of the apps are Snapchat-centric applications, something Strafach discussed as being insecure last March. As far as the medium and high risk applications go, Strafach is holding off on sharing that list until he’s properly communicated the issues with the appropriate developers and companies of the applications. In the meantime, users can do a few things to help protect against these issues. A properly configured VPN could help mitigate against this issue, something we mentioned that Apple should implement on iOS natively. If user’s decide against using a VPN on their devices, Strafach recommends users turning off their Wi-Fi instead. Head over to Strafach’s post for the full and more technical breakdown. CHECK OUT OUR NEW YOUTUBE CHANNEL BY CLICKING HERE ?The Mixdoctor ? Team Member of forum.place & Extreme Kodi Testing ( Check us out too ) You Can Now Follow Me On Twitter https://twitter.com/Kodi_Mixdoctor CHECK OUT OUR LATEST SITE Stream Help http://streamhelp.org If We Or This Forum Has Helped You Please Consider Donating To Keep All Videos And Forums Up To Date And Active As The Server Costs Are Great Remember Click Around The Adverts As This Also Helps Pay For Server Costs Thank You And Have A Great Day ? KODI DISCLAIMER We are not connected to or in any other way affiliated with Kodi, Team Kodi, or the XBMC Foundation. The 3rd Party addons are not the property of Kodi.tv and not supported by them. Third party addons will not receive any support in official Kodi channels, including the Kodi forums and various social networks