Not every compromise is reported, or even detected.
Comment on What's the security situation when opening a jellyfin server up for casting?
illusionist@lemmy.zip 5 days ago
How often do you read that a jellyfin server was compromised?
frongt@lemmy.zip 5 days ago
illusionist@lemmy.zip 5 days ago
If it’s nor detected, reported and noone gets hurt, what’s the problem?
FreedomAdvocate@lemmy.net.au 5 days ago
How do you know no one is being “hurt”?
illusionist@lemmy.zip 4 days ago
How are you hurt if your jellyfin server is compromised and you don’t know about it?
FreedomAdvocate@lemmy.net.au 5 days ago
Hackers don’t report every time they hack someone, nor how they did it.
droolio@feddit.uk 5 days ago
I mean, anything with a web server can have vulnerabilities. Just look at the LastPass breach where hackers got in through an employee’s exposed Plex library.
illusionist@lemmy.zip 5 days ago
Sure, software can always be vulnerable.
Plex was running on his private computer, not a dedicated server, right? Windows? His version was 75 versions behind the current version at the time. How could the malware escape the server’s/plex’ sandbox? With a keylogger? Why wasn’t he using a password software? This isn’t the best example for your point
droolio@feddit.uk 4 days ago
They opened it to the internet - that’s the big difference (and the topic at hand). Security is a multi-layered thing, but if your weakest point is a gaping hole, the rest doesn’t mean much. To my point - assuming Jellyfin ain’t gonna have vulnerabilities even when you’re fully up-to-date, is foolhardy.