darkscout Wrote:Simmer there turbo.
"Microsoft Windows SMB Shares Unprivileged Access".
http://nessus.org/plugins/index.php?view...e&id=42411
It means that it's Guest Readable, this is the "fix"
"To restrict access under Windows, open Explorer, do a right click on
each share, go to the 'sharing' tab, and click on 'permissions'."
Ok. Who cares about who signed the SSL stuff? It still means your bits aren't plain text over the network. Which is the point. I run self generated SSL on almost everything I can. Stuff is encrypted between here and there.
SMB Guest Account Local User Access
http://www.nessus.org/plugins/index.php?...e&id=26919
So.... you can access it as a guest as any user. Again. If this is a network server, you should be able to do this on shared shares.
OpenSSL Detection - Yeah. It detected OpenSSL. Literally, that's the "Bug".
http://www.nessus.org/plugins/index.php?...e&id=50845
mDNS Detection - It is running mDNS. You can find out about the machine. (Meaning XBMC, which advertises stuff over mDNS is "equally" as vulnerable).
"The remote service understands the Bonjour (also known as ZeroConf or
mDNS) protocol, which allows anyone to uncover information from the
remote host such as its operating system type and exact version, its
hostname, and the list of services it is running."
Synopsis : The manufacturer can be deduced from the Ethernet OUI.
Description : Each ethernet MAC address starts with a 24-bit 'Organizationally
Unique Identifier'.
These OUI are registered by IEEE.
How would you propose the web admin work without... web. browsable. directories.. OMG. GOOGLE HAS WEB BROWSABLE DIRECTORIES TOO. THEY"VE BEEN ROOTED.
http://www.nessus.org/plugins/index.php?...e&id=40984 (It means you can use a web browser).
The remote host listens on UDP port 137 or TCP port 445 and replies to
NetBIOS nbtscan or SMB requests.
Note that this plugin gathers information to be used in other plugins
but does not itself generate a report.
Sounds pretty much like a NAS box.
Have you tried scanning your XBMC box? I'd be interested in how many it comes back with. Like those really horrible day 0-exploits that Russian crackers use like "Ping" and "Can figure out Ethernet Card OEM"
outleradam Wrote:Information is a vulnerability. Those are some of the lower priority things. They're not necessarily issues, however, when a server responds to a query with information about version or type of service without authentication it should be considered insecure as that can be exploited. This thing automatically hooks up to the internet by sliding a button and typing a new password.
I'm not calling these 0-day exploits. I'm calling it what it is. You call a shovel a shovel. I call these security vulnerabilities. I mentioned the higher level ones and my take on them. I didn't even mention that it has a guest account which is enabled by default....
As for self-signing... Why even bother? Just so they can say it's got security? They own the keys and I can't find any sort of privacy statement. Who knows where my data goes when I'm asleep.
outleradam Wrote:I want to know what this thing is doing... Its not open source like XBMC. I feel secure in knowing that my XBMC behind a firewall will not allow external connections. This is going to be hooked to every computer in the house. This thing is Swiss cheese compared to XBMC which I have already scanned and made appropriate changes. For christ sake, its beyond me what the 4 http ports are doing. I think this device deserves a hardware firewall.
As for the execution of code, do a search for java in that pastebin from earlier.
darkscout Wrote:Just. Wow.You act like you think I'm stupid or something. I'm really not.
If you're that paranoid. Put it on a separate NIC and pass everything through wireshark. That'll sure make it stream fast Media.
And I did a full search for "Java". Closest Thing I could find was referencing Javascript.
"The remote host is running a web server that fails to adequately
sanitize request strings of malicious JavaScript. By leveraging this
issue, an attacker may be able to cause arbitrary HTML and script code
to be executed in a user's browser within the security context of the
affected site."
Not Sanitizing Javascript is absolutely nowhere even remotely close to "remote execution of code". I suggest you read up on Cross Site Scripting and what it does and does not do. If it's behind a firewall. Like everything should be, you'll have absolutely no problem with it.
And I can't imagine how you even got XBMC to run. It must have taken you hundreds of hours to audit all of the code by yourself and then compile it by hand using your own compiler. I mean. You wouldn't trust pre-compiled binaries. Never know what's in them. Same goes for a precompiled compiler.
Open Source does not magically make things secure. Especially if you're running binaries compiled by someone else.
