I know it sounds stupid, but is it possible for someone to have remote access to my Dreambox via Dreambox WebControl feature of Newnigma2, if he knows my home internet IP address and (router) IP address of my receiver? If yes, how to prevent this? Thank you!
Dreambox browser WebControl and hacker attacks
-
-
close all forwarded ports, and set user/pass to your dreamboxProbleme kann man niemals mit derselben Denkweise lösen.
¯\_(ツ)_/¯
"Die Deutsche Rechtschreibung ist Freeware, sprich, du kannst sie kostenlos nutzen.
Allerdings ist sie nicht Open Source, d.h. du darfst sie nicht verändern oder in veränderter Form veröffentlichen." -
OK, Thanks! I have no forwarded ports opened on my router and Dreambox password is set. Is this all? I am still worried! I am just thinking: If I can access my Dreambox connected to my home network via browser only by using box IP (without entering any password), anyone from the outside world, with appropriate computer skills, can? I hope, I am wrong.
-
if you set a secure password, then u´re one the safe-sideProbleme kann man niemals mit derselben Denkweise lösen.
¯\_(ツ)_/¯
"Die Deutsche Rechtschreibung ist Freeware, sprich, du kannst sie kostenlos nutzen.
Allerdings ist sie nicht Open Source, d.h. du darfst sie nicht verändern oder in veränderter Form veröffentlichen." -
Browser Dreambox WebControl does not require any password to be entered in order for this App to be launched, like DreamControlCenter, for example, does. If I am using DreamboxControlCenter, I am asked to enter password every time, when I launch it, but never, when using Dreambox WebControl. So, now anyone knowing my home network Dreambox IP address can log to the receiver and take snapshots of the channels I am watching or make certain changes to the firmware. There should be an option in the receiver software to disable/enable Dreambox WebControl or to be able to protect this App by user password. Now this App is not protected by any password.
securityfocus.com/bid/63006/exploit
securityfocus.com/bid/63006/discussDieser Beitrag wurde bereits 1 mal editiert, zuletzt von Cefizelj ()
-
I have found, what is the problem. WebInterface HTTP authentication in newnigma2 is by default set to "OFF". My advise to everybody: Urgently create your personal Dreambox password and set WebInterface HTTP authentication to "ON"! In case you are paranoiac, like me, you can disable WebInterface completely!
[Blockierte Grafik: http://shrani.si/f/37/Rz/3RQ90q09/db-web-interface-1.png]
[Blockierte Grafik: http://shrani.si/f/3O/Mr/2EaXVMAm/db-web-interface-2.png]
[Blockierte Grafik: http://shrani.si/f/t/i7/1YuIPOFA/db-web-interface-3.png]
[Blockierte Grafik: http://shrani.si/f/1r/Hc/4aWsNEsL/db-web-interface-4.png]
[Blockierte Grafik: http://shrani.si/f/1e/jr/2Z78v21B/db-web-interface-5.png] -
Cefizelj schrieb:
I know it sounds stupid, but is it possible for someone to have remote access to my Dreambox via Dreambox WebControl feature of Newnigma2, if he knows my home internet IP address and (router) IP address of my receiver? If yes, how to prevent this? Thank you!
No it's is not possible to access the dreambox webinterface from outside of your lan, if you doesn't forward the webinterface ports on your router -
I don't know much about WAN/LAN routing, so maybe you are right, maybe you are not. Let's say, you are right, I wish you are!
But who can explain, about what kind of Dreambox WebControl Unauthorized Access Vulnerability is Symantec talking about?
symantec.com/index.jsp
securityfocus.com/bid/63006/discuss -
This only affect lan situations.
If you are not forwarding the webports to the internet(wan) they are not reachable outside from your lan.
This has nothing todo with securtiy issues from the webinterface. This is only a still lan/wan routing thing. -
OK, I understand this. You say It's safe, I trust you. One more thing: Is it true, that some optional "Apps" installed on Dreambox, like CCcam.cfg, can open router ports by default for their operation and that in time, when this happen, through these ports security of Dreambox can be compromised from the outside world by hackers?
Dieser Beitrag wurde bereits 1 mal editiert, zuletzt von Cefizelj ()
-
The camembert binaries can do what they want as most of them are closed source with dubios origin
-
Teilen
- Facebook 0
- Twitter 0
- Google Plus 0
- Reddit 0