[Freeswitch-users] Hacked FreeSWITCH mentioned on the Verge regarding bomb threats

acheraime . acheraime at gmail.com
Wed Mar 15 00:05:15 MSK 2017 

Agreed!

One practice that I would highly recommend any one to stay away from is
using numeric extension number "1001" as sip username and dictionary based
passwords.


On Tue, Mar 14, 2017 at 4:57 PM, Giovanni Maruzzelli <gmaruzz at gmail.com>
wrote:

> btw the problem is always with users/customers that change the demo
> password "1234" (where there is a delay of 10 seconds put there by this
> purpose)  to something like "password".
>
> And what I can do about this?
>
> I will put a safeguard against silly passwords, and you will make the
> effort to circumvent also that safeguard because "is easier for my users"?
>
> On 14 March 2017 at 21:56, Giovanni Maruzzelli <gmaruzz at gmail.com> wrote:
>
>> NO, the default password of the demo configuration is just that, a
>> DEFAULT password of a DEMO configuration.
>>
>> That is meant to DEMO just OUT OF THE BOX
>>
>> So, it must stay this way, because it just works, and is a demo
>>
>> Then, if you put a demo in production, the problem is between the monitor
>> and the seat, not in the software
>>
>> On 14 March 2017 at 21:46, David Villasmil <david.villasmil.work at gmail.co
>> m> wrote:
>>
>>> Make the default password very obscure ramdomized on the fly... that way
>>> people will be crying because they can't figure out a password instead of
>>> having noobies hacked :)
>>>
>>> On Tue, Mar 14, 2017 at 9:40 PM Mirko Brankovic <
>>> mirkobrankovic at gmail.com> wrote:
>>>
>>>> Indeed ;)
>>>>
>>>> On Mar 14, 2017 20:38, "Antonio Silva" <asilva at wirelessmundi.com>
>>>> wrote:
>>>>
>>>> almost... until the user to test set userid = password ... and forget
>>>> to change it... ops... hacked...
>>>>
>>>> it's all about good practices.
>>>>
>>>> Regards,
>>>> António
>>>>
>>>> On 03/14/2017 07:39 PM, Mirko Brankovic wrote:
>>>>
>>>> Cance default password to uuid(), so every new install will get random
>>>> one ... Bulletproof :°D
>>>>
>>>> On Mar 14, 2017 19:30, "Brian West" <brian at freeswitch.org> wrote:
>>>>
>>>> This is exactly what prompted me to put the FOUR LINE CRIT statement
>>>> when the default password isn't changed along with a 10 second delay before
>>>> proceeding.  Still I see questions posted about the 10 second delay and
>>>> asking what it means. Not sure how to make it more clear.
>>>>
>>>> /b
>>>>
>>>>
>>>> On Tue, Mar 14, 2017 at 1:19 PM, Giovanni Maruzzelli <gmaruzz at gmail.com
>>>> > wrote:
>>>>
>>>> Is nice because they mention FreeSWITCH in the tag of the link, but the
>>>> link is about FreePBX.
>>>>
>>>> Anyway, it's true: if you do not use the standard security practice,
>>>> and leave your FreeSWITCH with standard password "1234", or maybe you
>>>> change the standard password to "password", you probably will be hacked,
>>>> and phone calls will be originated from your FreeSWITCH that you do not
>>>> want to originate.
>>>>
>>>> But, man, that's what you, and me, and anyone is expecting.
>>>>
>>>> Also, please do not drive wrong way in the autobahn :))
>>>>
>>>> -giovanni
>>>>
>>>>
>>>> On 14 March 2017 at 16:42, Mario G <mario_fs at mgtech.com> wrote:
>>>>
>>>> Thought some may be interested in this. I first saw it today via Apple
>>>> News… Related to tracing bomb threats and Jewish attacks… FreeSWITCH
>>>> mentioned twice.
>>>> http://www.theverge.com/2017/3/14/14913118/jcc-bomb-threats-
>>>> anonymous-phone-calls-pdx-hacking
>>>> ____________________________________________________________
>>>> _____________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>> switch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Sincerely,
>>>>
>>>> Giovanni Maruzzelli
>>>> OpenTelecom.IT
>>>> cell: +39 347 266 56 18
>>>>
>>>> ____________________________________________________________
>>>> _____________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>> switch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *Brian West*
>>>> brian at freeswitch.org
>>>>
>>>> *Twitter: @FreeSWITCH , @briankwest*
>>>>
>>>> http://www.freeswitchbook.com
>>>> http://www.freeswitchcookbook.com
>>>>
>>>> Allison prompts for FreeSWITCH:
>>>>
>>>> *https://www.gofundme.com/allison-prompts-for-freeswitch*
>>>> <https://www.gofundme.com/allison-prompts-for-freeswitch>
>>>>
>>>> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
>>>> /r/freeswitch <https://www.reddit.com/r/freeswitch>
>>>>
>>>> *T:*+19184209001 <+1%20918-420-9001> | *F:*+19184209002
>>>> <+1%20918-420-9002> | *M:*+1918424WEST (9378)
>>>> *Skype:*briankwest
>>>>
>>>> ____________________________________________________________
>>>> _____________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>> switch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services: consulting at freeswitch.orghttp://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Siteshttp://www.freeswitch.orghttp://confluence.freeswitch.orghttp://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing listFreeSWITCH-users at lists.freeswitch.orghttp://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-usershttp://www.freeswitch.org
>>>>
>>>>
>>>>
>>>> ____________________________________________________________
>>>> _____________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>> switch-users
>>>> http://www.freeswitch.org
>>>>
>>>> ____________________________________________________________
>>>> _____________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://confluence.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>>> switch-users
>>>> http://www.freeswitch.org
>>>
>>>
>>> ____________________________________________________________
>>> _____________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>>
>> --
>>
>> Sincerely,
>>
>> Giovanni Maruzzelli
>> OpenTelecom.IT
>> cell: +39 347 266 56 18
>>
>
>
>
> --
>
> Sincerely,
>
> Giovanni Maruzzelli
> OpenTelecom.IT
> cell: +39 347 266 56 18
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 


*Adolphe CHER-AIME*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170314/f830aa50/attachment-0001.html

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list