There is no indication or warning that the DLNA media server accesses files in other folders, let alone that this happens regardless of the files' assigned permissions, Trustwave says. The default folder structure on an EX2 includes a top-level folder called “Public” which contains “Shared Music”, “Shared Pictures” and “Shared Videos”. This would help users understand that those files are not protected by the permissions or user accounts, while still providing protection for other files on the device.” “This may be conjecture as I don’t know the specific code or engineering of the M圜loud device, but I believe that limiting DLNA server access to a specific folder or section of the device (perhaps a folder titled “Public Media”) should be possible. “DLNA/UPnP doesn’t offer support for authentication or access control as a feature of the protocol itself,” SpiderLabs threat intelligence manager Karl Sigler told Business IT. We will not share your details with third parties.Īccording to Trustwave, WD was notified of the problem but does not intend to make any changes, instead recommending that customers disable the DLNA media server feature. I have read and accept the privacy policy and terms and conditions and by submitting my email address I agree to receive the Business IT newsletter and receive special offers on behalf of Business IT, nextmedia and its valued partners. This bypasses the access controls completely, so any user with the right knowledge (or armed with a fairly simple program) could download files from the NAS appliance. Furthermore, that list can be used to craft an HTTP request for any of the files, which is processed by the media server without reference to the file's permissions. When asked for a list of all the files on the device, that's what it delivers – regardless of access controls, Trustwave warns. The problem with the My Cloud EX2 lies in its UPnP/DLNA media server capability, which is enabled by default, according to Trustwave's SpiderLabs team. However, the WD My Cloud EX2’s media server can provide access to those files even when a user shouldn’t have permission to access them, according to Trustwave. Many network attached device (NAS) appliances offer a media server, so audio, video and image files can be accessed over the network by computers, smart TVs, smartphones and other devices. It is a different thing entirely, so for all intents and purposes the music servers are irrelevant in what you want to do - assuming you want to convert your music files to some other format? You would need to create a network drive from your computer to your NAS music directory, then you can access the files from music converter (not Twonky).WD’s My Cloud EX2 can provide access to media files even without permissions, a security vendor warns. They don t touch the files themselves, only read them.ĭbPoweramp music converter works on the files themselves, stored on your NAS. Music servers (or media servers) scan your files to create a sorted and coherent database to present to your control point (kazoo) for you to browse/search/select and play. Twonky is a music server, like Asset UPnP or Kazoo Server. Whether it is or is not, can and should files available there be processed by dBPoweramp and if so how? (Ultimately, the files are played using Linn Kazoo and Linn server.) Thanks for any insight.hopefully very simply stated!Hoipe I can explain: I suppose question one is whether twonky is the equivalent of dBPoweramp. I can access them via the lap top under media devices. That said, my problem is how to use dBPoweramp processing on the music files stored on a WD My Cloud Mirror NAS and also stored, or perhaps just accessible, on my laptop in Twonky. thus even asking coherent questions is a challenge. Unfortunately, my computer understanding is limited.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |