Beep boop - this is a robot. A new show has been posted to TWiT…
What are your thoughts about today’s show? We’d love to hear from you!
When Steve talked about the LastPass developer who was using the unpatched/out-of-date vulnerable version of the Plex Media server, it got me to wondering if Shields Up would have revealed an open port. Not that Shields Up would have also screamed that the version of Plex in use was vulnerable, but at least this “security” dev person might have given his home environment a closer look.
If he had 32400 open to the WAN then I don’t see why it wouldn’t have. Mine does:
However, it’s possible the port was opened by UPnP since they said the server was running on a laptop, so the port could have been closing and opening.
2 Likes
It quite probably would have, but that is a feature of Plex, to allow you to view your content when you’re outside your network, as well as to invite friends outside your home to have access to your content. So, unless you removed Plex from the system (or at least didn’t run it) you’re going to have the Plex server port exposed.
It would have, but, thereagain, that is expected behaviour, if you are sharing your library or want access to it on the move.
This is what most people forget, when they install such services, you are no longer a user, you are also a fully fledged system administrator and need to know what that means, including regular patching, securing your network etc. But most people don’t realise that, or, even if they do, they haven’t a clue about security and networking anyway, so it still flies under the radar, until they get bitten.
It is exactly the same with any IoT device, it is easy to add to your network & set up its app, but actually ensuring it is set-up securely and the rest of their network is secure, that it is getting regular updates etc. That is a big job, which 99.9% of users probably never even think about, let alone would have a clue about going about these things.
2 Likes