Thank you for your donation!


Cloudsmith graciously provides open-source package management and distribution for our project.


Thread Closed 
Upcoming moOde 6.6.0 feature release
#61
OK, I decided to run the vulnerability past Jean-Francois, this is what he had to say:

“I don't think that CallStranger is a major concern if your music-playing machine is not accessible from the Internet. You would have to have a rogue control point on your network which would be somehow less privileged than the renderer in Moode (how?) and uses CallStranger to overcome its own restrictions This seems very dubious to me, esp. since, to exfiltrate data, you'd need to also control the events, and for DDOS, why not do it from the control point ?

One very far-fetched DDOS scenario would be that the renderer has a fast internet link and the CP is on slow wireless, and is able to get the renderer to send a lot of data out, but frankly, I would not be worried about this: because it would be a very rare situation, nobody is going to try and exploit it.
Now if your renderer is a supercomputer on the national science backbone or whatever, maybe we need to rethink Smile

OTOH, I see little reason not to use 4.0.7. Maybe that's just because Moode did the testing with 4.0.2 ?”

Maybe therefore my suggestion was a bit crazy, but there again I'm a Windows user so have to take note of such things!! 
Big Grin


Messages In This Thread
RE: Upcoming moOde 6.6.0 feature release - by Zigzag - 07-02-2020, 05:06 PM

Forum Jump: