

Abusing the MPC-HC WebUI to steal private pictures - kmfrk
http://3vildata.tumblr.com/post/125666311707/abusing-the-mpc-hc-webui-to-steal-private-pictures

======
the8472
> The issue can be mitigated by disabling the WebUI when not on a trusted
> network (like at home) or behind a NAT device (i.e. not directly reachable
> over the Internet).

I wonder, does it listen on ipv6 too? If so people may not even be aware that
their computer is reachable.

~~~
growse
Which ISPs enable native IPv6 but ship a router with a permissive IPv6
firewall?

~~~
anonbanker
Shaw Communication.

------
trumpete
Doesn't this require the target's 13579 to be open? It's not really a port I
have open so often

------
chx
> The issue can be mitigated by disabling the WebUI when not on a trusted
> network (like at home) or behind a NAT device (i.e. not directly reachable
> over the Internet)... but is not really a solution that will scale well
> across the user base.

Why? I was under the impression most home users will have a (shitty) wifi
router separating the home network from the world. If you can breach this
and/or run code on a machine inside the home LAN you are already done. I don't
get what's the new threat here.

~~~
ptx
People increasingly use laptops as their primary computer. If they enable this
feature to use on their home network, they could easily forget to disable it
then they bring the computer with them to a more hostile environment. (But, on
the other hand, isn't the Windows Firewall in Vista and newer designed to
handle this, by having separate rules for "home", "work" and "public"
networks?)

