[mythtv-users] the heartbleed openssl bug and mythtv
Mike Perkins
mikep at randomtraveller.org.uk
Thu Apr 10 09:34:08 UTC 2014
On 10/04/14 03:39, Gary Buhrmaster wrote:
>
> As far as impact, if one is using a throw-away password
> like "password", and is using it only on their mythweb server,
> the impact is low (the worst someone could do is probably
> delete your recordings, and it is only just TV :-). On the
> other hand, if it is using the same password as you use
> at your bank, or your secret password to access your
> evil lair, the impact could be higher. You can mitigate
> against that impact by changing your bank password
> (note: Unless your bank says they have fixed it already,
> you get to do it now, and then again after they have
> applied the patch), and change your password to access
> your secret lair from which you plan to launch the plan of
> world domination.
>
Er, no. If they can gain access to your /server/ it makes it at least possible
for them to upload more malware, turning your server into a relay bot, etc.
Fortunately I don't permit any internet-facing access to my machines, which is
probably just as well. The number of devices I will have to update in the near
future is mind-boggling.
Apart from the usual servers, clients and workstations, one mustn't forget
wireless access points, smart phones (when Apple/Samsung gets around to
providing a fix), tablets, ereaders and set-top boxes, all of which likely run
some OS which uses SSL!
--
Mike Perkins
More information about the mythtv-users
mailing list