Comment on What's the security situation when opening a jellyfin server up for casting?
droolio@feddit.uk 3 weeks agoI mean, anything with a web server can have vulnerabilities. Just look at the LastPass breach where hackers got in through an employee’s exposed Plex library.
illusionist@lemmy.zip 3 weeks ago
Sure, software can always be vulnerable.
Plex was running on his private computer, not a dedicated server, right? Windows? His version was 75 versions behind the current version at the time. How could the malware escape the server’s/plex’ sandbox? With a keylogger? Why wasn’t he using a password software? This isn’t the best example for your point
droolio@feddit.uk 3 weeks ago
They opened it to the internet - that’s the big difference (and the topic at hand). Security is a multi-layered thing, but if your weakest point is a gaping hole, the rest doesn’t mean much. To my point - assuming Jellyfin ain’t gonna have vulnerabilities even when you’re fully up-to-date, is foolhardy.