starting this topic to see whose security hole is bigger.
i bet i win.
upnp
considered a boon to sharing, first data, and now hardware management.
its goal is to connect everything to everything even (especially) across the internet.
upnp site -
http://upnp.org/
hundreds of major companies love it -
http://upnp.org/membership/list/
upnp on windows
on xp, it is correctly listed in add/remove windows components, network devices, upnp user interface -
http://support.microsoft.com/kb/941206
in vista/7/8 microsoft has cleverly hidden the word "upnp" and replaced it with "network discovery"
this link shows that, and how to en/dis able it -
http://windows.micro...twork-discovery
so... what's wrong with a little discovery?
this guy,
http://www.upnp-hacks.org/contact.html - wrote this -
http://www.upnp-hacks.org/upnp.html about upnp.
plenty to read on his site.
open wrt (some of us use that on routers, yes?) has this coment on upnp
http://wiki.openwrt.org/doc/howto/upnp
(near bottom) "As UPnP provides no authentication mechanisms, it is commonly regarded as one giant security hole."
steve gibson on upnp (old article, utility still works!)
http://www.grc.com/unpnp/unpnp.htm
ok, your turn, is your hole bigger?
