What mechanism is used to access MyCloud Live over the Internet?

WD Legacy Products My Book Live
21

The password isn’t stored at all, if you just type it at the command line (though it can be stored in the bash history). It is stored in memory and visible when using tools like top. You need SSH access to the MBL for that though. If you use the configuration file, it is stored in plain text. Also then you need SSH access to the MBL in order to access this file.

However, depending on your DDNS provider, the DNS update request itself can be sent over the internet in plain text (see for example http://www.noip.com/integrate/request ), so anyone could intercept that request and extract the password. Your MBL is then the least of a problem, in my opinion.

Cheers

22

Interesting post. Leaving it in memory assumes no power outage occurs. However when it does occur, usually the modem resets to a new IP, precisely as the MBL would reboot and lose its ability to update its IP. I guess with a properly-passworded SSH, the plaintext password would only be sent out in clear when an IP change is detected? And thus remain only locally-vulnerable?

I first wanted to enable disk encryption as well, but considered the highly risky and added inconvenience not to be worth it. The DynDNS password is less important than the SSH one that would secure the video recordings.