INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: Security Questions and Answers  (Read 4801 times)

mwillems

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 5234
  • "Linux Merit Badge" Recipient
Security Questions and Answers
« on: August 20, 2018, 07:13:13 pm »

Should folks with internet facing JRiver servers change their access keys, or are those safe?

[Edit by JimH -- this thread was split from Servers Compromised ]
Logged

yogibee

  • Recent member
  • *
  • Posts: 24
Re: Security Questions and Answers
« Reply #1 on: August 20, 2018, 07:14:47 pm »

+1
What's working and what's not? (Dlna  isn't working for me)
Logged

ErikN

  • Junior Woodchuck
  • **
  • Posts: 68
Re: Security Questions and Answers
« Reply #2 on: August 20, 2018, 08:02:30 pm »


Is our interact password stored in the clear (i.e. not hashed) on your servers?

Logged

greynolds

  • Citizen of the Universe
  • *****
  • Posts: 558
Re: Security Questions and Answers
« Reply #3 on: August 20, 2018, 08:09:49 pm »

I changed my Interact password, but where do we need to go to change our "merchant server" passwords?  It might make sense to include helpful links for that to make it easier for people.  Even better would be to force password resets, if possible, and send emails out to everyone to let them know they need to reset their passwords.
Logged

RoderickGI

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 8186
Re: Security Questions and Answers
« Reply #4 on: August 20, 2018, 08:11:07 pm »

More information would certainly be appreciated when available.

I have three different passwords associated with JRiver; Forum, Wiki, and Rover (created for each purchase/upgrade from memory). Are all compromised?

All passwords were encrypted, right?

I can change the Forum and Wiki passwords, but from memory, I can't change a password associated with a purchase or upgrade. i.e. The Rover password. I see it is still down anyway. Some instructions regarding Rover and licences would be appreciated.

It looks like the Access Key functionality is still working, but is it a threat at all? I wouldn't think so, other than identifying the IP Address of a MC installation that was internet facing. That MC installation should still require a User and Password to gain access, so as long as it isn't the same, no-one will get in.


No doubt you are busy at the moment. But the extent of the issue would be good to know.
Logged
What specific version of MC you are running:MC27.0.27 @ Oct 27, 2020 and updating regularly Jim!                        MC Release Notes: https://wiki.jriver.com/index.php/Release_Notes
What OS(s) and Version you are running:     Windows 10 Pro 64bit Version 2004 (OS Build 19041.572).
The JRMark score of the PC with an issue:    JRMark (version 26.0.52 64 bit): 3419
Important relevant info about your environment:     
  Using the HTPC as a MC Server & a Workstation as a MC Client plus some DLNA clients.
  Running JRiver for Android, JRemote2, Gizmo, & MO 4Media on a Sony Xperia XZ Premium Android 9.
  Playing video out to a Sony 65" TV connected via HDMI, playing digital audio out via motherboard sound card, PCIe TV tuner

Alex M

  • Junior Woodchuck
  • **
  • Posts: 53
Re: Security Questions and Answers
« Reply #5 on: August 20, 2018, 08:21:50 pm »


No Credit card information was lost because we made the decision many years ago not to store credit cards.


It was a wise decision. Let this be the occupation of PayPal.
Logged

yogibee

  • Recent member
  • *
  • Posts: 24
Re: Security Questions and Answers
« Reply #6 on: August 20, 2018, 09:48:41 pm »

I'll be the first to contribute... But I want the "offline" day to day runnin' to not get in the way of these exceptions! This is from one that has upgraded from mc18! Checks for plugins has to stop as they are right now...there  has to be a better was of checking new updates of plugins that takes downtime in regards.
Logged

TheShoe

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 826
Re: Security Questions and Answers
« Reply #7 on: August 20, 2018, 09:58:34 pm »

Access Key does not seem to be working.

I revoked my old key and tried to assign a new one.  JRiver says it can't connect.

Media Center 24.exe is allowed through my firewall; nothing else changed on my end and this worked fine before so I don't think this has anything to do with firewall or router.  I have also verified from the outside in port 52199 and 52200 are open

Aside from the forum (which I changed my password), what else do I need to change?  And please confirm you are storing hashed passwords - and something better than SHA1
Logged

yogibee

  • Recent member
  • *
  • Posts: 24
Re: Security Questions and Answers
« Reply #8 on: August 20, 2018, 10:32:02 pm »

We'll just have to wait... But they'll get it sorted (in the same boat).
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72444
  • Where did I put my teeth?
Re: Security Questions and Answers
« Reply #9 on: August 21, 2018, 12:45:28 am »

I changed my Interact password, but where do we need to go to change our "merchant server" passwords?  It might make sense to include helpful links for that to make it easier for people.  Even better would be to force password resets, if possible, and send emails out to everyone to let them know they need to reset their passwords.
It's the buy-button server, where you retrieve your licenses.

Some of this won't work for another day or two.

I agree on resetting passwords.
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72444
  • Where did I put my teeth?
Re: Security Questions and Answers
« Reply #10 on: August 21, 2018, 02:51:43 am »

Logged

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7813
  • Autumn shade...
Re: Security Questions and Answers
« Reply #11 on: August 21, 2018, 03:40:56 am »

I changed my Interact password too. I'd highly suggest everyone should!
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones

jmone

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 14465
  • I won! I won!
Re: Security Questions and Answers
« Reply #12 on: August 21, 2018, 04:00:34 am »

Thanks for the quick and open disclosure of this.  A much better response than those organisations that try to hide such break ins.
Logged
JRiver CEO Elect

Hilton

  • Regular Member
  • Citizen of the Universe
  • *****
  • Posts: 1291
Re: Security Questions and Answers
« Reply #13 on: August 21, 2018, 05:51:26 am »

Thanks Jim - Sorry about your issues. I've changed my passwords including MC server passwords just in case.
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72444
  • Where did I put my teeth?
Re: Security Questions and Answers
« Reply #14 on: August 21, 2018, 07:48:36 am »

Logged

danrien

  • Galactic Citizen
  • ****
  • Posts: 371
  • Chillin
Re: Security Questions and Answers
« Reply #15 on: August 21, 2018, 08:27:37 am »

You could send the hacked accounts to https://haveibeenpwned.com/, and direct folks to go there to check whether a username or e-mail of there's has been compromised.

Never mind, I see you already did that over on the password discussion thread - https://yabb.jriver.com/interact/index.php/topic,117127.0.html

Thanks!
Logged
http://davidvedvick.info

"Always be yourself. Unless you can be Batman. Always be Batman." - Anonymous

bob

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 13874
Re: Security Questions and Answers
« Reply #16 on: August 21, 2018, 04:12:25 pm »

The access key server is back online
Logged

jokertest

  • Recent member
  • *
  • Posts: 22
Re: Security Questions and Answers
« Reply #17 on: August 21, 2018, 11:34:31 pm »

Hi there,
i just install a few days a go media center on my qnap new.
i can not enter my key as its showing an error. "can not access server" so i extend the trial what works for me fine.
When i can use my master lic or when is the server up again to use my final key?

thx
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72444
  • Where did I put my teeth?
Re: Security Questions and Answers
« Reply #18 on: August 22, 2018, 12:09:23 am »

We expect it to be back in a day or two, but we won't put it online until we find the cause of the problem.  I'm sorry.

I'll try to keep you posted.
Logged

jokertest

  • Recent member
  • *
  • Posts: 22
Re: Security Questions and Answers
« Reply #19 on: August 22, 2018, 12:22:29 am »

Thx, jim
Am sorry for your server problems
Logged

proximuss

  • Recent member
  • *
  • Posts: 23
Re: Security Questions and Answers
« Reply #20 on: August 22, 2018, 03:54:34 am »

Hello, MC crashed, and now upon start it asks for license, how can i get it working? I am unable to play anything, MC simply wont start.
Logged

bob

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 13874
Re: Security Questions and Answers
« Reply #21 on: August 22, 2018, 09:54:51 am »

Hello, MC crashed, and now upon start it asks for license, how can i get it working? I am unable to play anything, MC simply wont start.
Send an email to deanna (at) jriver (dot) com with your license code and she will have it send email you the .mjr file to register it.
Logged

pain

  • Recent member
  • *
  • Posts: 10
Re: Security Questions and Answers
« Reply #22 on: August 22, 2018, 09:41:49 pm »

Hi; I formated my pc but i can't activate my jriver license. How can i restore my license
Logged

bob

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 13874
Re: Security Questions and Answers
« Reply #23 on: August 22, 2018, 11:57:57 pm »

Hi; I formated my pc but i can't activate my jriver license. How can i restore my license
Read the reply just above your question.
Logged

marko

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 9143
Re: Security Questions and Answers
« Reply #24 on: September 21, 2018, 10:24:15 am »

Password Reset?

I received an email from the forum early this morning....
Quote
Dear marko,
This mail was sent because the 'forgot password' function has been applied to your account. To set a new password, click the following link:
hxxps://yabb.jriver.com/interact/index.php?action=reminder;sa=xxxxxxxx;u=xxxxx;code=xxxxxxxxx

IP: 93.142.49.209
Username: marko

Regards,
The INTERACT FORUM Team.
This appears to be a Croatian IP address. Anything to be concerned about here?

-marko

bob

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 13874
Re: Security Questions and Answers
« Reply #25 on: September 21, 2018, 11:27:07 am »

Password Reset?

I received an email from the forum early this morning....This appears to be a Croatian IP address. Anything to be concerned about here?

-marko
Either it's an mistake typing in the email address on the request reset form from that address or an attempt to change it which won't work without access to the email.
Logged

marko

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 9143
Re: Security Questions and Answers
« Reply #26 on: September 21, 2018, 11:48:19 am »

OK, cheers Bob. I can't see them typing my email address accidentally... I might be wrong, but in my head, that's not a common email address.

Maybe one of the 15 others that use marko in their names hit reset thinking it was theirs. I'll ignore it for now.

-marko
Pages: [1]   Go Up