Black Knight I'd have thought. Your so gloomy

It'll have to get through your firewall first! Anyway, for a hacker, most of whom reside outside the UK, where's the fun in attacking a couple of thousand UK based machines. I doubt if many out

a, know that the UK exists or, more's the point,
b, are unaware of the HDR.

It's not quite the same as, say, the iPhone you know.

I see lots of reasons why this won't happen

1. As Pizza John pointed out it would have to get through your firewall first as most people have routers connected to their broadband connection which will provide that function.

2. In the highly unlikely case that you have connected it directly to the internet then the box would have to have an vulnerability in a service that was active in order to be "hacked". Is anybody aware of any vulnerabilities this box has or even if it will have any accessible services running on it?

3. So lets say you've got through the above and managed to exploit a vulnerability. Now you need some idea of the OS and function of the HDR in order to either inject a shell script or binary that you have cross compiled to run on this device. All of which is unlikely to be easy.

Also by your reasoning all IPTV boxes are vulnerable in this way not just the humax. As I said originally you clearly have no grasp of computer technology by your statement.

Rob

.. and after that another factor might be that it's a Linux box - not a favourite plaything for hackers.

Patrick

Try taking your antivirus off your pc and see how long you last with just your firewall!!

Firewalls are very good at stopping hackers. They're not so good with viruses and worms.

...and there's a very good way to get around any security, - get you invite it in. Put up a video or programme with the malicious code incorporated and when you stream the icontent you also stream the code. I doubt the BBC will be the only content provider for long and therein lies an additional danger - 3rd party content.

On points 2 and 3, you're missing my point, you don't need to write anything complex or malicious, the auto delete function seems to me to now hand that on a plate. All you need to do is trick the box into thinking a recording is scheduled and that more space is needed. If auto delete is on, the box already has the instructions to delete to create space it potentially does it for you. The hardest part would be telling the box remotely a recording was due, after that it would potentially do everything required itself. Why write a payload when one is built in?



Accepted but there's always some script kiddie wanting to have a go. As of this week, there's a worm out now that attacks the iphone:

http://uk.news.yahoo.com/16/20091110...d-6315470.html

Maybe I am just doom and gloom but I don't trust connecting anything to the internet unprotected (ie not anti-virused) that's going to be streaming content. Nor do i believe the auto delete function is a good idea.

Even if the box is totally secure, you're assuming auto delete won't make mistakes and delete your favourite film just because you haven't watched it for 8 months and its the oldest thing on there.

For anyone who keeps an archive of films / programmes that they may not have watched for a long time, this could be a nightmare unless you go through and individually protect everything, which could also be a nightmare. I currently have 87 films and I don't know how many programmes on my box at the moment. That's quite some protecting task.

Seems to me it would have been far better to offer people who are short of space a hard drive upgrade option whereby they could return the box to Humax and for a reasonable fee have a 1TB hard drive fitted. My 1TB drive is only 42% full despite all those recordings and the best thing is, there's no danger of an auto delete!

I think firewalls are irrelevant in this case. These kind of boxes do not have open ports that accept incoming connections - they make outgoing connections to specific servers on the internet only to get their data as instructed by the MHEG front end broadcast over the satellite. I believe someone on this board has already port scanned one and found nothing open (and I'm impressed that it didn't fall over when they did this). If a file server was introduced at a later time to serve recorded media over the network (yes please), then that might be vulnerable.

As the box will be receiving only video data from the internet, and that data is decoded in hardware, not software, it would be unlikely that hacking the boxes would be possible through a compromised video feed. If the BBC were compromised at that level, then inserting malicious code into the MHEG stream would be a far more attractive method, and would affect all freesat boxes regardless of whether they have an ethernet port active or not.

At the risk of breaking a rule of etiquette and quoting someone who has already been quoted.


Also, I speak from experience as I use GNU/LINUX there is only a theoretical virus in a lab , there are no virus' 'in the wild' therefore making the argument about viruses mute.

One last thing; I'm sure Humax are not stupid and don't use Redmond's crappy code to base their boxes on. Come on!

I'm not going to even attempt to answer some of this nonsense, but.........


Don't connect it to the Internet, or switch on Auto-Delete, then; no-one's forcing you.


Put your films in a "Films" folder and protect the folder not the files - easy, and not time-consuming.

Rgds.


Les.

Mine downloaded OK OTA overnight, on first inspection all seems good. Now after plenty of moaning about when the download was going to arrive I can't believe some of you lot are now whinging about some of the new features (Auto delete and the need to connect to the internet for the Iplayer etc) if you don't want to use these features you don't have to!

I only got mine a month ago so I haven't had to endure the long wait for the bug fixes.

For the way I use the box, I can't say that the bugs were particularly an issue for me anyway but I admit to a little disappointment that there weren't any new features - except the "New" flag which, arguably should have been present in the first place and the iPlayer which is only going to serve to slow down the entire neighbourhood's internet connection as far as I'm concerned.

Considering this is possibly (probably) the last update this box will see (barring iPlayer bug-fixes), I would have liked to have seen simpler access to non-freesat mode and the ability to make a customizable mix 'n' match favourites list (and EPG where possible) from freesat and non-freesat channels - if only to get Sky News!

John.

There are 2 menu items:

Screen Ratio (what shape your TV is, 16:9 or 4:3)
Display format (what do you want to do when the picture does not match your TV shape)

I'm not exactly sure but I think if you set Screen Ratio to 16:9 and Display Format to Anamorphic, it will stretch 4:3 to 16:9 as it assumes the 4:3 picture is anamorphic. Setting it to Auto will do the same thing. However, set it to 4:3 Pillarbox and it will add black bars left and right, therefore preserving the aspect ratio.

The instructions you have reproduced above are if you have a Screen Ratio of 4:3 - the display Format options are what you want it to do with a 16:9 picture. I think Carvell was referring to Screen Ratio 16:9 and the Display Format refers to how you want it to handle a 4:3 picture.

Yup - exactly.