https://www.xwn2.com/malicious-subtitles-th...searchers-warn/

https://fossbytes.com/subtitle-hack-affects...i-fix-released/

Will Jarvis be affected as well?

I believed if the infected sub-title are injected with the code you will be a target. NO matter what version you used. Unless there's a patch to block the code.

Better to used VPN at the moment.

Most important now is to Clear the sub-title downloaded cache.

This post has been edited by OCMAX: May 24 2017, 07:11 PM

You have to assume that official versions before Krypton V17.2 are compromised.. So yes, it's affected.

Using a VPN will not protect you from an infected file or compromised machine.. What can is to update to versions with fixes included. Such as the latest Kodi Krypton V17.2 and VLC, etc.

a quick check...

opensubtitles website OK.

subscene is down!

Safest way are to download the subtitle manually.

I used to download it manually last time because sometime the audio and title sync is way out.

https://subtitle.udownloadrooz.xyz/

This post has been edited by OCMAX: May 24 2017, 11:01 PM

Wrong again bro... Safest way is to UPDATE to the latest versions of the media players that have the fixes included.. Why? Cuz the malicious folks can manipulate the ranking algorithms on the various subs downloading sites, faking their way to the top and into trusted status, which once downloaded (automatically or manually) and ran using an "unfixed" media player, playing the video WILL trigger the exploit and compromise the system.

For sure it the apps will be updated lor. LOL

That's my personal precaution. LOL

So what about the old device. they abandoning them at the moment. I also created my own Kodi 17.2.ipa for my ipad.

Personal protection is good.. Check out my reply in Kodi thread..

As for older devices and or versions.. There will be no official support provided. They simply do not have the manpower to carry on developing for older/legacy systems. As with Kodi V17 and android versions running OS versions lower than Lollipop.. Nothing.. Left at the mercy of the likes of Koying's SPMC.. which IMO is better than the official V16.1, at least on Android.

I think you have never try open a srt files before. have a look with notepad.

This is a serious matter.

Updated my VLC player to the latest version because I always download subs manually.

Why yes I have.. Have you stopped to manually scroll through each and every line?....i used to, back then when I ran such on my PC.. Now, there's a dedicated media box and nothing personal is on it.. So they can have a go at it.. Network is frequently monitored for unusual traffic.. Work related..

Oh poor innocent fella.. There are txt, pdfs or docx or jpg files which when opened, do open as "intended"... and yet, a bunch of things are happening ever so silently in the background... Bruh, I would know.. I wear a white hat.

That's good to know you monitor everything. at least you know the subtitle script is not so complicated, if there are any suspicious code just delete the files. LOL

This post has been edited by OCMAX: May 24 2017, 11:53 PM

I don't use VLC but I'm curious why they didn't mention MX-player?

Is good that you have so much confident with android. So do you buy anything in playstore using your credit card? Did you used that account for all your android devices for google login and not using a fake account for normal usage?

As for my concerned on android platform we don't need to talk about history. We just have to patched a loophole.

I wonder you read the case whereby the FBI wanted to read the iPhone data from a terrorist? They go into court for that purposes but apple rejected and they ended up paying hundreds of thousand for a security firm to break into the phone. As for JB. it is the end user who select the risk. It is well known the risk it can causes or else you don't JB.

This post has been edited by OCMAX: May 25 2017, 12:24 AM

I use VLC & Kodi on the PC... I do have MX Player installed on the Media box but very rarely use it.. In fact, it's Kodi about 98% of the time. Not sure why MX Player wasn't mentioned.. Can't be because it's not popular enough.. Perhaps they too are working on the fix or have already patched it and none the wiser?

There are two parts to the 2nd question...
1. My phone and tablet are more for official than leisure purposes.. This get the official gmail account and card for purchases.. Now, it's even better as I use mobile networks allow charging to one's account and pay later. So card option has been taken off. .Apps are purchased from the Play Store or downloaded from the likes of F-Droid, which is a completely free and open source Android app repository... If I have to install Third-party apps outside these sources, I get it directly from the source and at most, those are 2 or 3.. Proprietary apps come to mind..

2. The fiery pit: Exclusively for media consumption on the big screen-box thingy in the living room.. This guy gets nothing personal on it. Not even a personal Dropbox account .. Has all sorts of hackery & patches & questionable apps installed and uninstalled.. Nothing ever gets purchased on it. I don't even expose my Netflix account to it, that is run exclusively via the isolated Smart TV app. I wouldn't consider the gmail account as a fake account... Just another for TV only account email... You know like how people have work and personal email accounts..

The world's most secure smartphones are running the Android OS.. Not iOS/Blackberry OS/Firefox's, etc... Android's... Do check them out when you have some time..;
*Silent Circle's Blackphone 2 and
*Blackberry's PRIV


Yes, I did follow that case and here's what happened.. If you think the US government or that of other countries, didn't prior to that time have the means to break into Apple's devices.. Well, I'll ask you to go back to what made Edward Snowden do what he did and why he remains a wanted person till date. World government officials have tremendous cash and human resources at their disposal and at the top of each and every one of their lists, National security ranks the highest.. To the average consumer, Apple can claim that theirs is the most protected OS.. But we in the system know fully well that the more sheltered an OS is, the less secure it often is.. That's just a basic security fact... If mere "mortals" can jailbreak every single major iOS version in the past.. Ask the Chinese authorities if they don't already have a backdoor into the latest iOS firmware and watch their response..

You see! that's the thing. We will take precaution not to exposed our official account in the Android box setup because that's a risk and used a fake account instead (meaning the account has nothing. NO credit detail, purchased, contact, email sync etc........) . But these has become a failure of the android system structure compared with Apple. I have no concerned about using my apple ID with my apple TV. Whatever songs, movies, apps, games that I bought or free download from itune over the years are shared with all my apple devices and family. I have no concern if I lost or damaged any of these devices because once I replace with another apple device unit and key in my apple ID. everything will be restore back exactly as the last back-up.

I'm not trying to say apple are much better. Just that I have more confident using it. The latest loophole in Android we patched are very much like Teamviewer without end user knowledge. it not only affected the android TV boxes but all devices that installed Kodi, popcorn, VLC etc....... Is very dangerous.

These are very hard to predict. It happen to Iran before. Whereby their Nuclear reactor hardware were sabotage and control by CIA. Is possible..... anything can happen but if that happen. Not only apple product. whatever product that came out from these country are at risk. LOL

Best is to go back to stone age. hahahaaaa

As for Edward Snowden. No matter how you see the case. He is a traitor. If that happen to any Country, that country will label him as traitor for sure.

This post has been edited by OCMAX: May 25 2017, 04:37 PM

You see that's the problems. Those User still using these older devices felt betray. Android and KODI abandon them letting them at risk. I can accept if they don't update the apps for future feature but for security risk? A NO NO!

These people will have to trust whoever come out with a patch and who can verify that the patch are safe that is not coming out from the official side?

The only thing left are to used these Android TV box wisely. Take whatever precaution you think is the best for you. Used wisely and smart BUT used at your own risk.

Bottom link. Even I have patched and update to the latest apk. I'll take extra precaution!


Cheers!

This post has been edited by OCMAX: May 25 2017, 05:21 PM

I believe you just missed the entire point made.. I took care to split my answers into 2 and into great detail.. I trust the Android OS and I'm a fan of no-bloat stock Android. It does have access to personal information including cards.. Google Wallet, etc... Looks like you only read the second part and jumped to a conclusion more favorable to your perception . The only reason why I do not have personally identifiable information on my Android media box (Neo U1) is cuz that device is bombarded with apps that are sourced from questionable sources. These apps do what they do best and that's content fetching and playback. Should the Neo U1 crash today.. I have no fear of losing personal info and no issue with wiping it and restoring backups or even using it from scratch. And so I do not bother to put such on it.. If you exposed any of your Apple device to half the risks I've exposed my Minix Neo U1 to, it would have definitely been compromised.. Oh wait, you can't cuz Apple devices are all about rainbows and the illusion of security within closed gardens.. I'm more of the break down walls, full usage, high performance variety.. So the fact that my house hasn't burnt down by hackers taking over my network, is the true testament to the security and strength of open source driven Android OS.

As for Snowden...

Nah, you have to see that therein lies the beauty of the open source community. Kodi devs are able to simply "waltz on", but not before releasing the source code into the "wild".. Absolutely anyone can pick the Kodi code up, browse through it, mod, patch and do whatever to it (as long as they don't call it Kodi), then release it for everyone to enjoy. SPMC, FTMC, XBMC for Minix, OpenELEC, OSMC, LibreELEC, etc... These are all active forks of the Kodi software and are developed and maintained by trusted names in the industry. Many a patches and fixes have been implemented in these various forks FREE!! Now, If Kodi was closed sourced (i.e, Microsoft & Apple drop support of "legacy" devices all the time), then I would agree with you that them moving on is an issue. So the Kodi devs are able to move on to focus on developing more features, improvements, etc.. Allowing the community to carry on where it stopped, pending their latest release. While I may not be 100% in support of the decision to move forward (partly cuz bug-ridden firmware out there on equally crappy devices), I completely understand the logic behind the move and I'm fine with it.

This post has been edited by voncrane: May 25 2017, 11:07 PM

These is what I tried to say. because there are so many free download and easy access and install to any of the android devices. It become a risk.

I'm not throwing out the android devices just that it doesn't give me the confident to utilize the system. Not like apple.


To me. Apple still more secured. LOL

btw! Is sad to see older device that thousands of people are still using label as "crappy devices" and abandon with security risk by those android/Kodi devs.

This post has been edited by OCMAX: May 25 2017, 11:44 PM

And I've pointed out several times that the risk you perceive is only a risk if one ventures out and use the device in an unsafe manner.. If anyone were to use Android exactly as they do an ios device.. ... I can guarantee that they'll not encounter any risks. I'm living proof of that and I'm running a custom ROM, a port of the Samsung Galaxy Note 7's firmware on my much older Samsung Galaxy Note 3 and it works flawlessly. My daily driver for about a year or so.. How? Once again, it's the power of Android being open source and the community. You tell me, which IPhone 4 is running an iPhone 7 plus firmware? Very unlikely and AFAIK,... None! Why? Cuz walled garden.. Look bruh, I get it.. Preferences are preferences and I own an iPad too.. Heck, typing this reply via the iPad. However, having used both OSes extensively, I can honestly say that Android lords over ios by a huge margin... I could go on and on about the numerous ways its superior.. But will stop now.. No point. I'll stick to the safest and most secure, whilst still retaining freedom, mobile OS..

True, it's sad. But here's the thing. The Kodi devs have established a strict standard and there are devices out there that stick to said standards.. Minix devices are one of them, regular OTA updates and why I've stuck with them for the past 3 flagship devices.. They've never failed. Earlier today, I upgraded to the latest Kodi V17.3 without any hassle... If one's device does not play well, majority of the time, it's due to that particular device.. Sure for some, a workaround might arise. See, when a Kodi user goes out and refuses to purchase a recommended for Kodi device, but instead due to cost or a don't care attitude, buys an inferior device that shipped with a buggy firmware, he/she immediately loses the right to complain about incompatibility issues and being left behind. That's just the simple truth. It's the same in the PC gaming world.. Minimum requirements are continually raised as better performance often require better hardware and software. With Kodi, all hope is not lost, as the older compatible versions will always work as intended. One only misses out on future improvements.

Edit: Thanks for the civil banter and not being triggered...

This post has been edited by voncrane: May 26 2017, 01:49 AM

You still couldn't get me. What I say is they left them out with Security risk. It's okay if they think the older or lower end hardware cannot use for the latest feature that they are moving forward but leaving them at risk without helping them to tackle the security loophole that they created.

That's a genius.

I owned Android hp too. I know how crappy it is if running only with untouched stock apps. 99% users owned an Android phones install 3rd party apps because is easy to access. I can't speak for others why they bought an android phone. as for me it's because of the easy access apps.

all the android devices can download Kodi, Popcorn Time and VLC from playstore? So If the stock devices did not install any aheem apps but installed these apps that are affected with the loophole not having any risk without patching? NO!

Oh! I have anther old & clean OS android phones. Only installed or can installed Kodi Javis 16.1. But now at risk due to NO security patch. LOL I only speak for myself and guaranty none. NO patch available currently. LOL

This post has been edited by OCMAX: May 26 2017, 11:17 AM

Thank you for the concern on users such as myself whose having Q16 running on 4.4.2 that's not compatible with Kodi 17.3

This post has been edited by GuyM: May 26 2017, 08:28 AM

These is one example and too bad for hundreds thousands of like TM white box and my poor old clean android phone.

This post has been edited by OCMAX: May 26 2017, 09:51 AM

[quote=GuyM,May 26 2017, 08:07 AM]
You still couldn't get me. What I say is they left them out with Security risk. It's okay if they think the older or lower end hardware cannot use for the latest feature that they are moving forward but leaving them at risk without helping them to tackle the security loophole that they created.

That's a genius.

I owned Android hp too. I know how crappy it is if running only with untouched stock apps. 99% users owned an Android phones install 3rd party apps because is easy to access.

This is the power of choice.. We have options, we make use of the options.. We are not stuck with and told.. Oh you MUST only use these apps or the phone this way cuz we know better than you.. Nope.


[/quote]
Thank you for the concern on users such as myself whose having Q16 running on 4.4.2 that's not compatible with Kodi 17.3

[/quote]
Provided the hardware can take it.. Contact Himedia and ask that a stable firmware update be released for your device.. Keyword here is "stable". As it's no use releasing a buggy Lollipop firmware, just cuz..

[quote=OCMAX,May 26 2017, 08:25 AM]
These is one example and too bad for hundreds thousands of like TM white box and my poor old clean android phone.

[/quote]

TLDR: We like to blame others.. This time, most have picked the Kodi folks. But that's wrong as they are not at fault when users fail to listen to their advice and purchase a device that's not officially supported. Do you hear any Nvidia Shield or Wetek or Minix Neo U1+ device owners complaining? Nope! As I write, the guys at Minix are working on and will release their version of Krypton made specifically for Minix hardware. They've done the same with at least Isengard and Jarvis. That's a manufacturer that cares for its customers.

TM box? Haha.. How about you call TM and demand that they upgrade the firmware to Lollipop? No why stop there, demand for Marshmallow instead.. Are you aware that Android O is released?.. Hahaha.. Wut! the last paragraph of my previous post? Please go take a read again.. Let me try explaining even further.. With each major OS release on any platform, certain bugs are squashed, security is increased, code is made more efficient and able to churn out more performance from improved hardware.. If software can do everything, hardware decoding as we know it today will be irrelevant.. You would not need to dispose of the CRT TVs to get a FHD TV or dispose of the FHD TV, to get a UHD/SUHD with HDR10 and or Dolby Vision.. See where I'm going with this? Software is great and in most cases, some form of hackery can be written to patch things up.. This is what the Kodi devs have been doing for years for Android devices. They sweated and toiled coming up with various methods to keep the ship afloat for free and with limited resources and guess who made the most profit from their slaving..? Mobile device and TV Box manufacturers... Kodi isn't paid any royalty on each device produced capable of supporting it. I recall last year or so, there were only 2 Android developers!.. Imagine that, millions of Android devices running Kodi and these 2 fellas were in charge of making sure that Kodi worked reasonably well on each and every device.. That's a huge task.. they almost had to drop Android support and have been pleading for those with the necessary skills to come work for em officially.

So yeah, look at it from Kodi's perspective.. Android has a standard, all the manufacturers have to do is to incorporate these standards to play nice.. So if it's not working as intended, take an electronic baseball bat and let your device manufacturer have it.. Else, you've learnt your lesson and make wise purchases next time.. Don't blindly purchase such items. I bought my Samsung Galaxy Note 3 back in early 2014 and the Note 8 should be launching later this year. Yet, the Note 3 is still super relevant, despite been abandoned by Samsung.. Why, cuz I did my research and spent accordingly. Same with the Minix Neo U1. The guys at Minix are official diamond backers of the Kodi foundation. Go figure how that ensures I'm able to run the latest V17.3 release..

This post has been edited by voncrane: May 26 2017, 01:19 PM

LOL! Blame the owner that you have an old device running below new spec. That's none of their business.

One person is so happy with thousand having risk. That's your problems. LOL

Ops! I didn't buy the android phone. It was free given by Maxis package but wait that's my problems too because is an old spec.

Oh! I remember that's a statement if the Android phone only used playstore apps are guaranty safe. But now I'm at risk due to low end spec. Oppps.. is end user fault. LOL

This post has been edited by OCMAX: May 26 2017, 01:29 PM

As for me. I leave no choice but to take precaution not to used the subtitle from the apps option for my older devices.

People are not so stupid to buy a back dated gadgets. Is stupid to abandon the old devices which is still working well. Just used wisely and smart.

1. Don't use you official google account to log into these devices. To me is risky.
2. I'll download the subtitle manually if I needed, scan with your anti-virus/Malwarebytes before unzip the SRT files to check the contents. (not asking you guys to follow)
3. Don't simply install addons/apk that you don't know. (I have removed the apk I shared earlier, better don't take the risk)
4. Even that's a patch to closed this security loopholes. Check who is providing
5. Used a VPN.


To be frank. I lost more confident with Android.

Cheers!

This post has been edited by OCMAX: May 27 2017, 11:39 AM

Bro.. My Samsung Galaxy Note 3 is considered an "old" device by today's standards and yet it can run Android OS V6.0.1 and Kodi V17.3 easily.. So yeah...Who else to blame but the user for not knowing how to purchase wisely and or upgrade their device.. It's the age of the internet and ignorance is no longer an excuse.. My Note 3 is probably older than your free device. With Android, you truly get what you pay for. Bad device = Bad experience, Good device = Good experience... Fact! Why else do you think Apple charges a premium for their devices...

Excellent precautions for those who are unable to get upgrade... Now you are talking.. The user takes action and not wait around pointing fingers.. .. .As for people being "stupid" to buy back-dated gadgets.. haha.. Even the iphone 7 is already back-dated.. I hang around device threads, you'll be amazed at how much "stupidity" is out there..

Okay... enjoy the prison disguised as a "secure garden"...

surprised still got ppl using Popcorn...as it's torrent based no ?

and it's illegal:
http://www.pcworld.com/article/2979681/sof...s-survivor.html

This post has been edited by lyc1982: May 26 2017, 03:15 PM

That's my first suggest but people think is useless. LOL

You have to see there's so many people being stuck at these issue. Who doesn't know to buy another devices but some people just not willing to give up the working unit.

You can poison others. Not me. LOL

This is an SRT files sample open with notepad. If you see any suspicious text from the page. deleted the file.



Tha's no pdf,img in the subtittle zip file. there will be only one files name srt. If there's other type of files in the zip. delete the subtitle zip file.


Just sharing.

Cheers!

This post has been edited by OCMAX: May 27 2017, 11:40 AM

Ehh.. Cut off one head and two will take its place.. Vive la révolution!

No lah.. Not useless.. First choice is upgrade, else you've got it all covered. No worries, give the community some time and the patch for Jarvis should surface.. Same like with the HTTPS V2 issue, FTMC and SPMC to the rescue...

Bro.. I'm also not eager to give up my trusty Note 3.. That's why, custom ROM, Kernel, etc.. Few months back, swapped out the battery with a new one for less than RM150.. Back to SOT of 4 hours+.. It's reborn!! . How to swap out battery with newer devices these days all tightly sealed? .. I sincerely hope it doesn't just die on me..

Really.. No poison? sads.. .. Anyway, its all about preferences and I merely set out to correct the notion that Android is a weak/weaker OS.. As that is far from the truth.. A couple years ago, I would have agreed.. Today? Nope.. It rules.

This post has been edited by voncrane: May 26 2017, 03:25 PM

I stop using android phones for years because I don't like the platform but I owned 3 of them. 2 got it free, one I bought for my son.

One of the free unit I used for my DRONE live flight view.

Imagine. I didn't install any other apps but only DJI apps the unit also hang. LOL


About samsung phone battery. I have a friend that repair hp. he told me that's a lot of samsung phone battery will causes the screen to crack if it started to wobble.


This post has been edited by OCMAX: May 26 2017, 03:37 PM

What's the device? If they are handing it out for free.. Its either a crappy device in the first place or... You are so honorable (read as wealthy) that they've made or hope to make at least RM4K off you before the year ends and more the year after... In which case, they gave say 2 free Galaxy S8+ units.. My money is on the latter..

I know its the future.. but i'm no fan of having sealed batteries in mobile phones.. We've seen bad batteries swell up and do damage.. At least with a removable back cover, all i have to do is replace the offending battery. I haven't and hope not to experience such. Battery's intact and AMOLED screen remains as gorgeous as ever... *knocks on wood.

This post has been edited by voncrane: May 26 2017, 03:42 PM

If you have a cooperated account with multiple numbers. they might give you free. Need to check with my niece.

about my free phone. It's HTC lousy model. hahahaaa

I select that phone because is 6" last time. I intended to used it for my DRONE but ended up I cannot used due to the phone hang. my flight view will be lost/gone and I might lost my drone direction. Even the drone has home landing mode is risky.

This post has been edited by OCMAX: May 26 2017, 03:56 PM

He told me because the battery has too much glue stick near the screen and once it wobble it force it's way up and crack the screen. Something like that.

Your drone can lose its direction to my place any day..

Eh, HTC... .. IMO, the HTC HD2 (2009) was the last real phone that HTC came up with.. It shipped with Windows Mobile V6.5, but due to its (at the time) beasty hardware, It was very moddable and as a result able to handle multiple OSes (Windows phone 7 & 8, Android, Windows XP, even Windows RT..) and to top it off, it can dual-boot OSes .. Last year, someone was even able to get Android Nougat working on the HTC HD2...

Oh I see.. Poor build quality then.. Like the Note 7 fiasco.. A smaller unpopular company would have collapsed. Well, Samsung has another chance to prove themselves as leaders. They better not screw up the Note 8 as I'm eyeing to get one for me HM...

This post has been edited by voncrane: May 26 2017, 04:18 PM

Didn't check the model but is two years old. now I only used the HTC to test with Kodi since it's running on Android 4.3 OS. The funny is this phone works well with Kodi and a few others movies apps. I disable everything before installing these apps and leave all the space for KODI. It works. Just for the fun. LOL


As for the DRONE it won't go too far (I set to 5km) Once the connection lost between the Drone and remote control it will triggered to home mode and come back to base and land itself.

I heard Note 7 will be release again, Samsung got the model approved again.

This post has been edited by OCMAX: May 26 2017, 05:04 PM

Well, I am also totally against of pirated stuff and no one is allowed to do copyrights infringement. If I do a comparison of Kodi and popcorn time which I mostly used.

Kodi itself is perfectly legal. The only issue is with its add-ons which may or may not be legal depending on certain other factors like user-intention and the add-on’s own application.

Popcorn Time, on the other hand, is mostly on the illegal side. The thing hasn’t been sued yet, but things aren’t really looking bright for it. maybe it might just get a notice sometime in the future.

For the detailed article on comparison between Kodi and Popcorn

Even if you compare the then here you go Popcorn time with world-renowned Netflix



This post has been edited by graceinc: Dec 12 2017, 10:57 PM