[Freeswitch-users] remove in local SDP word FREESWITCH

Dmitry Lysenko dvl36.ripe.nick at gmail.com
Sun Jun 23 18:45:17 MSD 2013


The more work should be done by hacker, the more secure system is.
So, "security by obscurity" is working, not so good, but thousands of years.


2013/6/21 Steven Ayre <steveayre at gmail.com>

> 2) *Security trough obscurity != security* its always better than
>> nothing. " hey you don't need to guess the
>> the software I'm using , I'm giving the info for free just find an entry
>> point  and you got it ...."
>
>
> Actually I'd argue the opposite. Security through obscurity often makes
> people assume they're secure and therefore neglect securing their systems
> in the places that actually matter.
>
> The only argument I can really see of hiding that you're running $version
> of $product is that an bug in that $version means an exploit exists.
>
> If that's the case then you need to upgrade to a patched copy of $product
> - you can NOT rely on the fact that people will not realise that they can
> use the exploit because you're hiding what you're running.
>
> The flaw still exists and attackers might either a) guess you're using
> $product and try the exploit anyway or b) have their bot just randomly try
> every exploit in the book against you until one works in which case they
> don't even need to know you're using $product.
>
> The things that matte are actually verifying your authentication is
> working correctly, you're running the latest software, you're following
> software updates / security announcements, etc.
>
> Besides even when $product/$version are hidden they can often be found
> through fingerprinting by looking at differing behaviour between different
> products and within a product between versions.
>
> -Steve
>
>
>
>
> On 21 June 2013 07:59, Antonio Teixeira <eagle.antonio at gmail.com> wrote:
>
>>  @Ken
>> I think we need to drop into the real world...
>>
>> 1) Ok .,... Don't forget to say thanks to Debian , CentOs , Fedora , PHP
>> , Python , Microsoft , all the authors of the OpenSource Libs , the creator
>> of Make , the creator of the IDE that the Dev team uses ,  etc etc when you
>> deliver the next project to your client ...
>>
>> 2)
>> *Security trough obscurity != security* its always better than nothing.
>> " hey you don't need to guess the
>> the software I'm using , I'm giving the info for free just find an entry
>> point  and you got it ...."
>>
>> I could also imagine you agree with showing the version of the software
>> in the HTPP headers (stuff that happens on some webservers/libs ( from my
>> ming i can recall Django?!).
>>
>> 3)
>> The clients pays it doesn't really care about what software you use (
>> unless he fears some patent infringement) he wants results.
>>
>> 4)
>> No , Compliance could be internal or external the end-client could simply
>> say "i don't want the freeswitch brand".
>>
>>
>> ---- ///// ----
>> @all
>> I don't know you guys but my daily work is developing software for some
>> fairly large financial institutions and sincerely i think you are all over
>> reacting to this thing.
>> Yes if you open-source something you will get part of your software
>> stolen , changed or use in a way you were not expecting and not given
>> credit for , that's life .If you don't want it , close the source , resell
>> it , ask for NDA's , etc.
>> In my daily work me and my collegues use alot of open source ( contrary
>> to the popular belief) , closed source and everything in between and you
>> don't expect a public statement thanking anyone for anything.
>>
>> This is the way life works and with open-source this is our current world
>> ( i think the FS Team could even offer a fully custom branded solution) so
>> it could help monetize the project.
>>
>> And before you start thinking yes i bought G729 licenses , the FS Book
>> even before it was out and no to many miles between me and Gluecon , yes i
>> know airplanes exist :D.
>>
>> P.S - I Also assume that you all as sysadmins once found a problem that a
>> blogger may have solved and on your final report to the administration you
>> didn't wrote " problem solved by Blogger XXXXXX"....
>>
>> And never forget he is just the mailman sometimes the boss wants
>> something ( even if not morally correct ) and you have to do it.
>> But the point raised by Anthony regarding the SDP "freeswitch flag" is
>> important and you be featured on the wiki :)
>>
>> Antonio Teixeira
>>
>>
>>
>> On 6/19/13 3:49 PM, Ken Rice wrote:
>>
>> Ok... Lets look at these...
>>
>> Branding... I don't want to show people that I'm using F/OSS software for
>> running my for profit business so I can tell them I'm using either
>> ${some_comercial_platform} or ${we_developed_this_ourselves}
>>
>> Security/Security Requirements - Security throught obscurity != security...
>>
>> Client Requirements - That's a new one one... Unless client is <see
>> branding>
>>
>> Compliance - isnt this the same thing as see security
>>
>>
>> On 6/19/13 8:44 AM, "Antonio Teixeira" <eagle.antonio at gmail.com> <eagle.antonio at gmail.com> wrote:
>>
>>
>>  I could think off
>>
>> Branding
>> Security
>> Client Requirements
>> Security Requirements
>> Compliance
>>
>>
>> On 6/19/13 2:37 PM, Michael Jerris wrote:
>>
>>  Why would you want to do that?
>>
>> On Jun 19, 2013, at 9:28 AM, Abdullah <abdullah at smonte.com> <abdullah at smonte.com> wrote:
>>
>>
>>  HI ALL ,
>>
>> please help me ,how to change or remove o=*"FreeSWITCH"* in free switch Cli
>> Log .
>>
>> any idea ??
>>
>>
>>
>> o=FreeSWITCH 1369449071 1369449072 IN IP4 10.10.50.1
>>    s=FreeSWITCH
>>    c=IN IP4 10.10.50.1
>>
>>  _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:consulting at freeswitch.orghttp://www.freeswitchsolutions.com
>>
>> FreeSWITCH-powered IP PBX: The CudaTel Communication Server
>>
>> Official FreeSWITCH Siteshttp://www.freeswitch.orghttp://wiki.freeswitch.orghttp://www.cluecon.com
>>
>> FreeSWITCH-users mailing listFreeSWITCH-users at lists.freeswitch.orghttp://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-usershttp://www.freeswitch.org
>>
>>  _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:consulting at freeswitch.orghttp://www.freeswitchsolutions.com
>>
>> FreeSWITCH-powered IP PBX: The CudaTel Communication Server
>>
>> Official FreeSWITCH Siteshttp://www.freeswitch.orghttp://wiki.freeswitch.orghttp://www.cluecon.com
>>
>> FreeSWITCH-users mailing listFreeSWITCH-users at lists.freeswitch.orghttp://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-usershttp://www.freeswitch.org
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> 
> 
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20130623/318d1f68/attachment.html 


Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list