All posts by admin

kodi 17.1 security flaw update NOW

Perpetrators use various methods, also referred to as ‘attack vectors’, to deliver cyberattacks. These attack vectors can be divided into two major categories: Either the attacker persuades the user to visit a malicious website, or he tricks him into running a malicious file on his computer.
Our research reveals a new possible attack vector, using a completely overlooked technique in which the cyberattack is delivered when movie subtitles are loaded by the user’s media player. These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker’s malicious subtitles a high score, which results in those specific subtitles being served to the user. This method requires little or no deliberate action on the part of the user, making it all the more dangerous.
Unlike traditional attack vectors, which security firms and users are widely aware of, movie subtitles are perceived as nothing more than benign text files. This means users, Anti-Virus software, and other security solutions vet them without trying to assess their real nature, leaving millions of users exposed to this risk. Read more

Kodi Team Response
You may have read in the news that malicious subtitle zip files could potentially infect and harm your media player including Kodi. When Check Point researchers uncovered this flaw they contacted us up front to let us know about this flaw. Our developers fixed this secuity gap and have added the fix to this v17.2 release. As such we highly encourage all users to install this latest version! Any previous Kodi version will not get any security patch. We have began the roll out of this version and Android Play Store as well as Windows Store have this update pending and will roll out as soon as possible. Please be patient if you are using these store versions. Our official download page of course has the regular install files available for the supported platforms. Read more

How to force update kodi on the Fire stick

obsolete cipher (AES_128_CBC with HMAC-SHA1)

With Internet privacy on everyone’s mind. I decided it was time to do some house keeping myself. I ran my main domain through the test at SSL Labs . I ended up with a SSL grade of B- :( wow .




I ran a test via Google chrome and Chrome returned the message “obsolete cipher (AES_128_CBC with HMAC-SHA1) ” . Additionally I ran a quick test via Python and it returned ” raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)”

A few things I had issues with
1) The root chain bundle was missing from the server
2) I was using old ciphers
3) Enabling Perfect Forward Secrecy was disabled
Enabling perfect forward secrecy
After correcting the above , My SSL grade changed to A . Hopefully this information will help those out there. Internet privacy is a big deal these days. Engineers need to do what they can to protect every day users.

Python Test :


import requests
s = requests.get('https://domain.com')
print(s)


Ciphers used
SSLCipherSuite “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4”