[Freeswitch-users] Hacked FreeSWITCH mentioned on the Verge regarding bomb threats

Ken Rice krice at freeswitch.org
Tue Mar 14 23:50:02 MSK 2017


The funniest part is if you actually read the article and followed the links to the examples they were FreePBX and bugs there lol

 

From: freeswitch-users-bounces at lists.freeswitch.org [mailto:freeswitch-users-bounces at lists.freeswitch.org] On Behalf Of David Villasmil
Sent: Tuesday, March 14, 2017 3:47 PM
To: FreeSWITCH Users Help <freeswitch-users at lists.freeswitch.org>
Subject: Re: [Freeswitch-users] Hacked FreeSWITCH mentioned on the Verge regarding bomb threats

 

Make the default password very obscure ramdomized on the fly... that way people will be crying because they can't figure out a password instead of having noobies hacked :)

On Tue, Mar 14, 2017 at 9:40 PM Mirko Brankovic <mirkobrankovic at gmail.com <mailto:mirkobrankovic at gmail.com> > wrote:

Indeed ;)

 

On Mar 14, 2017 20:38, "Antonio Silva" <asilva at wirelessmundi.com <mailto:asilva at wirelessmundi.com> > wrote:

almost... until the user to test set userid = password ... and forget to change it... ops... hacked... 

it's all about good practices.

Regards,
António

On 03/14/2017 07:39 PM, Mirko Brankovic wrote:

Cance default password to uuid(), so every new install will get random one ... Bulletproof :°D

 

On Mar 14, 2017 19:30, "Brian West" <brian at freeswitch.org <mailto:brian at freeswitch.org> > wrote:

This is exactly what prompted me to put the FOUR LINE CRIT statement when the default password isn't changed along with a 10 second delay before proceeding.  Still I see questions posted about the 10 second delay and asking what it means. Not sure how to make it more clear. 

 

/b

 

 

On Tue, Mar 14, 2017 at 1:19 PM, Giovanni Maruzzelli <gmaruzz at gmail.com <mailto:gmaruzz at gmail.com> > wrote:

Is nice because they mention FreeSWITCH in the tag of the link, but the link is about FreePBX.

Anyway, it's true: if you do not use the standard security practice, and leave your FreeSWITCH with standard password "1234", or maybe you change the standard password to "password", you probably will be hacked, and phone calls will be originated from your FreeSWITCH that you do not want to originate.

But, man, that's what you, and me, and anyone is expecting.

Also, please do not drive wrong way in the autobahn :))

-giovanni

 

On 14 March 2017 at 16:42, Mario G <mario_fs at mgtech.com <mailto:mario_fs at mgtech.com> > wrote:

Thought some may be interested in this. I first saw it today via Apple News… Related to tracing bomb threats and Jewish attacks… FreeSWITCH mentioned twice.
http://www.theverge.com/2017/3/14/14913118/jcc-bomb-threats-anonymous-phone-calls-pdx-hacking
_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org <mailto:consulting at freeswitch.org> 
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org> 
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org





-- 


Sincerely,

Giovanni Maruzzelli
OpenTelecom.IT
cell: +39 347 266 56 18


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org <mailto:consulting at freeswitch.org> 
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org> 
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org





 

-- 

Brian West
brian at freeswitch.org <mailto:brian at freeswitch.org> 

Twitter: @FreeSWITCH , @briankwest

http://www.freeswitchbook.com 
http://www.freeswitchcookbook.com

Allison prompts for FreeSWITCH:


 <https://www.gofundme.com/allison-prompts-for-freeswitch> https://www.gofundme.com/allison-prompts-for-freeswitch

Got Bugs? Report them  <https://freeswitch.org/jira> here! | Reddit:  <https://www.reddit.com/r/freeswitch> /r/freeswitch

T:+19184209001 <tel:+1%20918-420-9001>  | F:+19184209002 <tel:+1%20918-420-9002>  | M:+1918424WEST (9378)
Skype:briankwest


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org <mailto:consulting at freeswitch.org> 
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org> 
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

 

_________________________________________________________________________
Professional FreeSWITCH Consulting Services: 
consulting at freeswitch.org <mailto:consulting at freeswitch.org> 
http://www.freeswitchsolutions.com
 
Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com
 
FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org> 
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

 


_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org <mailto:consulting at freeswitch.org> 
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org> 
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org <mailto:consulting at freeswitch.org> 
http://www.freeswitchsolutions.com

Official FreeSWITCH Sites
http://www.freeswitch.org
http://confluence.freeswitch.org
http://www.cluecon.com

FreeSWITCH-users mailing list
FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org> 
http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
http://www.freeswitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170314/79ebbd80/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list