|
||||||||
Date for Updates announced - details |
![]() |
|
|
Thread Tools | Search this Thread |
|
|
#151 |
|
Forum Member
Join Date: Oct 2009
Location: Surrey
Posts: 71
|
Quote:
I see no reason at all why it would not be easy to write a worm to seek out HDR's connected to the internet and then trick them into thinking more space was needed for a recording thus turning the auto delete function against the box itself either by tricking the box into thinking a huge amount of space was needed for an imminent recording or by sending repeated smaller recording space requests thus tricking it into deleting files one by one.
This isn't a Sky box connected to a normal telephone line. In the case of the iplayer you're connected to the internet and thus potentially vulnerable to anything it can throw at you. ![]() It'll have to get through your firewall first! Anyway, for a hacker, most of whom reside outside the UK, where's the fun in attacking a couple of thousand UK based machines. I doubt if many out a, know that the UK exists or, more's the point, b, are unaware of the HDR. It's not quite the same as, say, the iPhone you know. |
|
|
|
|
Please sign in or register to remove this advertisement.
|
|
|
#152 |
|
Forum Member
Join Date: Jun 2005
Location: My House
Posts: 844
|
Quote:
I see no reason at all why it would not be easy to write a worm to seek out HDR's connected to the internet and then trick them into thinking more space was needed for a recording thus turning the auto delete function against the box itself either by tricking the box into thinking a huge amount of space was needed for an imminent recording or by sending repeated smaller recording space requests thus tricking it into deleting files one by one.
This isn't a Sky box connected to a normal telephone line. In the case of the iplayer you're connected to the internet and thus potentially vulnerable to anything it can throw at you. 1. As Pizza John pointed out it would have to get through your firewall first as most people have routers connected to their broadband connection which will provide that function. 2. In the highly unlikely case that you have connected it directly to the internet then the box would have to have an vulnerability in a service that was active in order to be "hacked". Is anybody aware of any vulnerabilities this box has or even if it will have any accessible services running on it? 3. So lets say you've got through the above and managed to exploit a vulnerability. Now you need some idea of the OS and function of the HDR in order to either inject a shell script or binary that you have cross compiled to run on this device. All of which is unlikely to be easy. Also by your reasoning all IPTV boxes are vulnerable in this way not just the humax. As I said originally you clearly have no grasp of computer technology by your statement. Rob |
|
|
|
|
|
#153 |
|
Forum Member
Join Date: Mar 2009
Posts: 253
|
Quote:
Black Knight I'd have thought. Your so gloomy
![]() It'll have to get through your firewall first! Anyway, for a hacker, most of whom reside outside the UK, where's the fun in attacking a couple of thousand UK based machines. I doubt if many out a, know that the UK exists or, more's the point, b, are unaware of the HDR. It's not quite the same as, say, the iPhone you know. Patrick |
|
|
|
|
|
#154 |
|
Forum Member
Join Date: Dec 2008
Posts: 2,494
|
Quote:
I see lots of reasons why this won't happen
1. As Pizza John pointed out it would have to get through your firewall first as most people have routers connected to their broadband connection which will provide that function. 2. In the highly unlikely case that you have connected it directly to the internet then the box would have to have an vulnerability in a service that was active in order to be "hacked". Is anybody aware of any vulnerabilities this box has or even if it will have any accessible services running on it? 3. So lets say you've got through the above and managed to exploit a vulnerability. Now you need some idea of the OS and function of the HDR in order to either inject a shell script or binary that you have cross compiled to run on this device. All of which is unlikely to be easy. Also by your reasoning all IPTV boxes are vulnerable in this way not just the humax. As I said originally you clearly have no grasp of computer technology by your statement. Rob Firewalls are very good at stopping hackers. They're not so good with viruses and worms. ...and there's a very good way to get around any security, - get you invite it in. Put up a video or programme with the malicious code incorporated and when you stream the icontent you also stream the code. I doubt the BBC will be the only content provider for long and therein lies an additional danger - 3rd party content. On points 2 and 3, you're missing my point, you don't need to write anything complex or malicious, the auto delete function seems to me to now hand that on a plate. All you need to do is trick the box into thinking a recording is scheduled and that more space is needed. If auto delete is on, the box already has the instructions to delete to create space it potentially does it for you. The hardest part would be telling the box remotely a recording was due, after that it would potentially do everything required itself. Why write a payload when one is built in? Quote:
.. and after that another factor might be that it's a Linux box - not a favourite plaything for hackers.
Patrick http://uk.news.yahoo.com/16/20091110...d-6315470.html Maybe I am just doom and gloom but I don't trust connecting anything to the internet unprotected (ie not anti-virused) that's going to be streaming content. Nor do i believe the auto delete function is a good idea. Even if the box is totally secure, you're assuming auto delete won't make mistakes and delete your favourite film just because you haven't watched it for 8 months and its the oldest thing on there. For anyone who keeps an archive of films / programmes that they may not have watched for a long time, this could be a nightmare unless you go through and individually protect everything, which could also be a nightmare. I currently have 87 films and I don't know how many programmes on my box at the moment. That's quite some protecting task. Seems to me it would have been far better to offer people who are short of space a hard drive upgrade option whereby they could return the box to Humax and for a reasonable fee have a 1TB hard drive fitted. My 1TB drive is only 42% full despite all those recordings and the best thing is, there's no danger of an auto delete! |
|
|
|
|
|
#155 |
|
Forum Member
Join Date: Apr 2004
Posts: 115
|
Quote:
Try taking your antivirus off your pc and see how long you last with just your firewall!!
Firewalls are very good at stopping hackers. They're not so good with viruses and worms. ...and there's a very good way to get around any security, - get you invite it in. Put up a video or programme with the malicious code incorporated and when you stream the icontent you also stream the code. I doubt the BBC will be the only content provider for long and therein lies an additional danger - 3rd party content. As the box will be receiving only video data from the internet, and that data is decoded in hardware, not software, it would be unlikely that hacking the boxes would be possible through a compromised video feed. If the BBC were compromised at that level, then inserting malicious code into the MHEG stream would be a far more attractive method, and would affect all freesat boxes regardless of whether they have an ethernet port active or not. |
|
|
|
|
|
#156 |
|
Forum Member
Join Date: May 2008
Location: Hatfield, Herts
Posts: 72
|
At the risk of breaking a rule of etiquette and quoting someone who has already been quoted. Quote:
.. and after that another factor might be that it's a Linux box - not a favourite plaything for hackers.
One last thing; I'm sure Humax are not stupid and don't use Redmond's crappy code to base their boxes on. Come on! |
|
|
|
|
|
#157 |
|
Forum Member
Join Date: Nov 2008
Location: Hawkwell, Essex
Posts: 2,186
|
I'm not going to even attempt to answer some of this nonsense, but......... Quote:
Maybe I am just doom and gloom but I don't trust connecting anything to the internet unprotected (ie not anti-virused) that's going to be streaming content. Nor do i believe the auto delete function is a good idea.
Quote:
For anyone who keeps an archive of films / programmes that they may not have watched for a long time, this could be a nightmare unless you go through and individually protect everything, which could also be a nightmare. I currently have 87 films and I don't know how many programmes on my box at the moment. That's quite some protecting task.
Put your films in a "Films" folder and protect the folder not the files - easy, and not time-consuming.Rgds. Les. |
|
|
|
|
|
#158 |
|
Forum Member
Join Date: Aug 2007
Location: Somerset
Posts: 1,739
|
Mine downloaded OK OTA overnight, on first inspection all seems good. Now after plenty of moaning about when the download was going to arrive I can't believe some of you lot are now whinging about some of the new features (Auto delete and the need to connect to the internet for the Iplayer etc) if you don't want to use these features you don't have to!
|
|
|
|
|
|
#159 |
|
Forum Member
Join Date: Nov 2006
Location: Wirral, UK
Posts: 195
|
I only got mine a month ago so I haven't had to endure the long wait for the bug fixes.
For the way I use the box, I can't say that the bugs were particularly an issue for me anyway but I admit to a little disappointment that there weren't any new features - except the "New" flag which, arguably should have been present in the first place and the iPlayer which is only going to serve to slow down the entire neighbourhood's internet connection as far as I'm concerned. Considering this is possibly (probably) the last update this box will see (barring iPlayer bug-fixes), I would have liked to have seen simpler access to non-freesat mode and the ability to make a customizable mix 'n' match favourites list (and EPG where possible) from freesat and non-freesat channels - if only to get Sky News! John. |
|
|
|
|
|
#160 |
|
Forum Member
Join Date: Mar 2000
Location: Snowdonia
Posts: 2,725
|
Quote:
Not according to the Humax manual. If you set the Display Format to 4:3 then 16: 9 is letterboxed. If it isn't then something is stretching it.
"When choosing 4:3 – Traditional TV as screen ratio, select among 16:9 Letterbox, 14:9 Letterbox, Centre Cut Out, Auto and press the OK button." Screen Ratio (what shape your TV is, 16:9 or 4:3) Display format (what do you want to do when the picture does not match your TV shape) I'm not exactly sure but I think if you set Screen Ratio to 16:9 and Display Format to Anamorphic, it will stretch 4:3 to 16:9 as it assumes the 4:3 picture is anamorphic. Setting it to Auto will do the same thing. However, set it to 4:3 Pillarbox and it will add black bars left and right, therefore preserving the aspect ratio. The instructions you have reproduced above are if you have a Screen Ratio of 4:3 - the display Format options are what you want it to do with a 16:9 picture. I think Carvell was referring to Screen Ratio 16:9 and the Display Format refers to how you want it to handle a 4:3 picture. |
|
|
|
|
|
#161 |
|
Forum Member
Join Date: Feb 2004
Posts: 722
|
Quote:
I think Carvell was referring to Screen Ratio 16:9 and the Display Format refers to how you want it to handle a 4:3 picture.
|
|
|
|
![]() |
|
All times are GMT. The time now is 09:21.



