[openscreenprotocol] [Security] Mitigations for remote network attackers (#131) from Google on 2019-01-03 (public-webscreens@w3.org from January 2019)

From: Google <sysbot+gh@w3.org>
Date: Thu, 03 Jan 2019 17:56:28 +0000
To: public-webscreens@w3.org
Message-ID: <issues.opened-395668558-1546538187-sysbot+gh@w3.org>

mfoltzgoogle has just created a new issue for https://github.com/webscreens/openscreenprotocol:

== [Security] Mitigations for remote network attackers ==
One increasingly common vector of attack is to take control of local network services from the public Internet via misconfigured routers [1].  We landed PR #96 with mitigations for SSDP, but these won't directly apply to an mDNS+QUIC world.  This issue tracks adding mitigations to the 1.0 spec to defend against remote attacks.

[1] https://www.theverge.com/2019/1/2/18165386/pewdiepie-chromecast-hack-tseries-google-chromecast-smart-tv

Please view or discuss this issue at https://github.com/webscreens/openscreenprotocol/issues/131 using your GitHub account

Received on Thursday, 3 January 2019 17:56:29 UTC