Hi guys,
I've got Twonky 4.4.2 installed on an Intel Macbook, mostly for sharing iTunes music with a PS3. Obviously the Macbook comes with me as I travel, and with that in mind I had configured Twonky to only share media with the clients I had authorized (which in this case included an Xbox360 and the PS3).
Just a few days ago I was terrified to notice after returning to the Twonky configuration page after a long while that the server had added roughly 20 unknown IP addresses to the known clients list, ranging from "Generic Media Receiver" to Windows machines.
To rule out human error, I reset the client list, unchecked the "Enable sharing for new clients automatically" box and again added the PS3 and the Xbox360 to the list of clients by first letting them discover Twonky and then manually checking the box to the left of the name of the device.
In order to make sure the checkbox did what I expected it to, unchecking it still left Twonky visible to the PS3, but selecting it on the Playstation simply gave a "no shared files" notification. So that seemed to work as expected.
But... I still had a PSP to play with, and followed the instructions to set it up as an RSS stream receiver for Twonky.
To my surprise, the PSP started streaming the music from Twonky without any authorization or approval!
The device appeared in the list of clients on Twonky's configuration page as a "Generic Media Receiver", and despite being unchecked, the RSS feed served by Twonky was showing my full list of music, and the PSP was playing it without a hitch.
Unless the above can be accounted to user ignorance (beyond the choice of having a media server on a laptop to begin with), I consider Twonky Media Server to be potentially dangerous.
Can anyone else verify this behavior? Please try resetting your list of client devices, disabling automatic sharing, and see if your Twonky server shares media with unauthorized devices, via RSS or direct media sharing.
Best regards,
Frand