[Freeswitch-users] Hacked FreeSWITCH mentioned on the Verge regarding bomb threats
Antonio Silva
asilva at wirelessmundi.com
Wed Mar 15 00:03:09 MSK 2017
so true!!
https://xkcd.com/936/
:)
On 03/14/2017 09:57 PM, Giovanni Maruzzelli wrote:
> btw the problem is always with users/customers that change the demo
> password "1234" (where there is a delay of 10 seconds put there by
> this purpose) to something like "password".
>
> And what I can do about this?
>
> I will put a safeguard against silly passwords, and you will make the
> effort to circumvent also that safeguard because "is easier for my users"?
>
> On 14 March 2017 at 21:56, Giovanni Maruzzelli <gmaruzz at gmail.com
> <mailto:gmaruzz at gmail.com>> wrote:
>
> NO, the default password of the demo configuration is just that, a
> DEFAULT password of a DEMO configuration.
>
> That is meant to DEMO just OUT OF THE BOX
>
> So, it must stay this way, because it just works, and is a demo
>
> Then, if you put a demo in production, the problem is between the
> monitor and the seat, not in the software
>
> On 14 March 2017 at 21:46, David Villasmil
> <david.villasmil.work at gmail.com
> <mailto:david.villasmil.work at gmail.com>> wrote:
>
> Make the default password very obscure ramdomized on the
> fly... that way people will be crying because they can't
> figure out a password instead of having noobies hacked :)
>
> On Tue, Mar 14, 2017 at 9:40 PM Mirko Brankovic
> <mirkobrankovic at gmail.com <mailto:mirkobrankovic at gmail.com>>
> wrote:
>
> Indeed ;)
>
> On Mar 14, 2017 20:38, "Antonio Silva"
> <asilva at wirelessmundi.com
> <mailto:asilva at wirelessmundi.com>> wrote:
>
> almost... until the user to test set userid = password
> ... and forget to change it... ops... hacked...
>
> it's all about good practices.
>
> Regards,
> António
>
> On 03/14/2017 07:39 PM, Mirko Brankovic wrote:
>> Cance default password to uuid(), so every new
>> install will get random one ... Bulletproof :°D
>>
>> On Mar 14, 2017 19:30, "Brian West"
>> <brian at freeswitch.org <mailto:brian at freeswitch.org>>
>> wrote:
>>
>> This is exactly what prompted me to put the FOUR
>> LINE CRIT statement when the default password
>> isn't changed along with a 10 second delay before
>> proceeding. Still I see questions posted about
>> the 10 second delay and asking what it means. Not
>> sure how to make it more clear.
>>
>> /b
>>
>>
>> On Tue, Mar 14, 2017 at 1:19 PM, Giovanni
>> Maruzzelli <gmaruzz at gmail.com
>> <mailto:gmaruzz at gmail.com>> wrote:
>>
>> Is nice because they mention FreeSWITCH in
>> the tag of the link, but the link is about
>> FreePBX.
>>
>> Anyway, it's true: if you do not use the
>> standard security practice, and leave your
>> FreeSWITCH with standard password "1234", or
>> maybe you change the standard password to
>> "password", you probably will be hacked, and
>> phone calls will be originated from your
>> FreeSWITCH that you do not want to originate.
>>
>> But, man, that's what you, and me, and anyone
>> is expecting.
>>
>> Also, please do not drive wrong way in the
>> autobahn :))
>>
>> -giovanni
>>
>>
>> On 14 March 2017 at 16:42, Mario G
>> <mario_fs at mgtech.com
>> <mailto:mario_fs at mgtech.com>> wrote:
>>
>> Thought some may be interested in this. I
>> first saw it today via Apple News…
>> Related to tracing bomb threats and
>> Jewish attacks… FreeSWITCH mentioned twice.
>> http://www.theverge.com/2017/3/14/14913118/jcc-bomb-threats-anonymous-phone-calls-pdx-hacking
>> <http://www.theverge.com/2017/3/14/14913118/jcc-bomb-threats-anonymous-phone-calls-pdx-hacking>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com
>> <http://www.freeswitchsolutions.com>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> <http://confluence.freeswitch.org>
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> <mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>> http://www.freeswitch.org
>>
>>
>>
>>
>> --
>>
>> Sincerely,
>>
>> Giovanni Maruzzelli
>> OpenTelecom.IT
>> cell: +39 347 266 56 18
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com
>> <http://www.freeswitchsolutions.com>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> <http://confluence.freeswitch.org>
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> <mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>> http://www.freeswitch.org
>>
>>
>>
>>
>> --
>>
>> */Brian West/*
>> brian at freeswitch.org <mailto:brian at freeswitch.org>
>>
>> */Twitter: @FreeSWITCH , @briankwest/*
>>
>> http://www.freeswitchbook.com
>> http://www.freeswitchcookbook.com
>> <http://www.freeswitchcookbook.com>
>>
>> Allison prompts for FreeSWITCH:
>>
>> *https://www.gofundme.com/allison-prompts-for-freeswitch*
>> <https://www.gofundme.com/allison-prompts-for-freeswitch>
>>
>> Got Bugs? Report them here
>> <https://freeswitch.org/jira>! | Reddit:
>> /r/freeswitch <https://www.reddit.com/r/freeswitch>
>>
>> *T:*+19184209001 <tel:+1%20918-420-9001> |
>> *F:*+19184209002 <tel:+1%20918-420-9002> |
>> *M:*+1918424WEST (9378)
>> *Skype:*briankwest
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com
>> <http://www.freeswitchsolutions.com>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> <http://confluence.freeswitch.org>
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> <mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>> http://www.freeswitch.org
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com
>> <http://www.freeswitchsolutions.com>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> <http://confluence.freeswitch.org>
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> <mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>> http://www.freeswitch.org
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
> <http://www.freeswitchsolutions.com> Official
> FreeSWITCH Sites http://www.freeswitch.org
> http://confluence.freeswitch.org
> <http://confluence.freeswitch.org>
> http://www.cluecon.com FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
> <http://www.freeswitchsolutions.com> Official FreeSWITCH
> Sites http://www.freeswitch.org
> http://confluence.freeswitch.org
> <http://confluence.freeswitch.org> http://www.cluecon.com
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com
> <http://www.freeswitchsolutions.com> Official FreeSWITCH Sites
> http://www.freeswitch.org http://confluence.freeswitch.org
> <http://confluence.freeswitch.org> http://www.cluecon.com
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org
>
> --
> Sincerely, Giovanni Maruzzelli OpenTelecom.IT cell: +39 347 266 56 18
>
> --
> Sincerely, Giovanni Maruzzelli OpenTelecom.IT cell: +39 347 266 56 18
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170314/5bc45f9b/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list