<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

</head>

<body style="font-size: 10pt; font-family: Verdana,Geneva,sans-serif">

<div style="padding-bottom: 10px; padding-top: 5px;">

<div style="padding:12px; border:1px solid #8D3970; background-color:#F7F9FA; color:#8D3970; font-size:14px; line-height:22px; font-family: Calibri, Arial, Helvetica, sans-serif;">

<strong>CAUTION:</strong> This e-mail originated outside the University of Southampton.

</div>

</div>

<div>

<p>Hi All,</p>

<p>Martin upgraded the KiWi at the Farnham SDR to v1.461 yesterday which has removed this feature.</p>

<p>It's worth mentioning that we were fully aware of the developer remote access, it's one of the reasons for all the WebSDRs being on their own VLAN (the FR24 ADS-B receiver has similar manufacturer remote access I believe, although they're a lot quieter about

 it).</p>

<p>(NB: I'm not defending it's concept or implementation)</p>

<p>Phil</p>

<p>On 2021-07-16 15:12, Cori Haws wrote:</p>

<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0">

<!-- html ignored --><!-- head ignored --><!-- meta ignored --><!-- meta ignored -->

<div class="WordSection1">

<p class="MsoNormal">So we have a KiwiSDR software for the HF range on the Farnham SDR.<!-- o ignored --></p>

<p class="MsoNormal">This is something Phil Crump will need to look into I believe.<!-- o ignored --></p>

<p class="MsoNormal"><!-- o ignored -->&nbsp;</p>

<div>

<div style="border: none; border-top: solid #E1E1E1 1.0pt; padding: 3.0pt 0cm 0cm 0cm;">

<p class="MsoNormal"><strong><span>From:</span></strong><span> suws-members-bounces@ecs.soton.ac.uk &lt;suws-members-bounces@ecs.soton.ac.uk&gt;

<strong>On Behalf Of </strong>Denis Nicole<br>

<strong>Sent:</strong> Friday, July 16, 2021 3:47 AM<br>

<strong>To:</strong> suws-members@ecs.soton.ac.uk<br>

<strong>Subject:</strong> [suws-members] KiwiSDR security issue<!-- o ignored --></span></p>

</div>

</div>

<p class="MsoNormal"><!-- o ignored -->&nbsp;</p>

<div>

<p class="MsoNormal" style="margin-bottom: 12.0pt;">Hi all,<br>

<br>

Just a quick, but urgent, note. If any of you are running KiwiSDR, a serious security problem has just emerged:<br>

<br>

<a href="https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Farstechnica.com%2Fgadgets%2F2021%2F07%2Ffor-years-a-backdoor-in-popular-kiwisdr-product-gave-root-to-project-developer%2F%2520%253Chttps%3A%2F%2Farstechnica.com%2Fgadgets%2F2021%2F07%2Ffor-years-a-backdoor-in-popular-kiwisdr-product-gave-root-to-project-developer%2F%253E&amp;data=04%7C01%7Csuws-members%40ecs.soton.ac.uk%7C638afcf912224dfb8f9608d948681a8e%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C637620434367974152%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&amp;sdata=NAPgdCa5MlQOnmdpAVBJqVk9k3D2v4JuPH0%2BuxrHxI4%3D&amp;reserved=0" originalSrc="https://arstechnica.com/gadgets/2021/07/for-years-a-backdoor-in-popular-kiwisdr-product-gave-root-to-project-developer/%20%3Chttps://arstechnica.com/gadgets/2021/07/for-years-a-backdoor-in-popular-kiwisdr-product-gave-root-to-project-developer/%3E" shash="v56ZUUlScYMcWC4PJV2pbNqSGlaOksw5TZUN2QHSqTct9qNysbTA9gR8mROofKoHIAvB6Wxi3Ehppgc+o+BX17RE4fOT8low3WO+8thi2PHezjJllnFO5iJ79ddYzowaFVpVEryMAi/+uif9KkHiQUvSC9Wnu8DdiOwPBnZirk8=" target="_blank" rel="noopener noreferrer">https://arstechnica.com/gadgets/2021/07/for-years-a-backdoor-in-popular-kiwisdr-product-gave-root-to-project-developer/

 &lt;https://arstechnica.com/gadgets/2021/07/for-years-a-backdoor-in-popular-kiwisdr-product-gave-root-to-project-developer/&gt;</a><br>

<br>

73<br>

Denis M0CYJ<!-- o ignored --></p>

</div>

</div>

</blockquote>

<p><br>

</p>

</div>

</body>

</html>