I have no idea if anyone else has blogged about this, I have not found anything out on the web with an admittedly brief search. But there appears to be a huge – and I mean huge - security hole in the Windows Home Server (WHS) software.
My wife bought my youngest boy a Playstation 3 80G. As one would expect, he happily plugged it in, updated it with its built-in web connectivity and sat down to show me how cool it is.
He promptly noted that he could see the WHS home server and then navigated to it and opened the entire shared file directory.
No password, no waiting, not a single challenge from the WHS software. He was in and he was accessing files instantly. He could play music from the server.
He could not directly access the server itself, just all of the shared folders that are available there.
I cannot open the WHS shared folders from any of my computers without a valid user name and password. But my son, with a PS3-80G can.
This is an enormous security flaw. Send a link to this post to Microsoft if you use WHS.
