[Freeswitch-users] Hacked FreeSWITCH mentioned on the Verge regarding bomb threats
Mario G
mario_fs at mgtech.com
Wed Mar 15 00:27:05 MSK 2017
Hmmm, keep it easy, don’t randomize, but force a change from 1234…… How about this (sound like it should be easy): If the default password of 1234 is used in ANY user registration, print a RED message and ONLY ALLOW 3 extensions to work. This way, anyone using FS in a production environment is forced to change the password but initial setup for demo is very easy with 1234 OK to use but only 3 extensions can register if any one of them uses 1234.
Mario
> On Mar 14, 2017, at 2:10 PM, Brian West <brian at freeswitch.org> wrote:
>
> Anything that changes, makes it more difficult to toy with out of the box will throw road blocks on potential new users, I'd like to focus more on education of the end users on how to properly secure FreeSWITCH and the available security concepts that you can use in various situations.
>
> /b
>
>
> On Tue, Mar 14, 2017 at 5:07 PM, acheraime . <acheraime at gmail.com <mailto:acheraime at gmail.com>> wrote:
> I meant to say in production. A demo is a demo.
>
>
>
> On Tue, Mar 14, 2017 at 5:04 PM, Brian West <brian at freeswitch.org <mailto:brian at freeswitch.org>> wrote:
> Giovanni is correct, anything that raises the barrier of entry will only hinder us as a project, We can't solve the PEBKAC, Humans ultimately are the weak link in the security chain.
>
> /b
>
>
> On Tue, Mar 14, 2017 at 4:57 PM, Giovanni Maruzzelli <gmaruzz at gmail.com <mailto:gmaruzz at gmail.com>> wrote:
> btw the problem is always with users/customers that change the demo password "1234" (where there is a delay of 10 seconds put there by this purpose) to something like "password".
>
> And what I can do about this?
>
> I will put a safeguard against silly passwords, and you will make the effort to circumvent also that safeguard because "is easier for my users"?
>
> On 14 March 2017 at 21:56, Giovanni Maruzzelli <gmaruzz at gmail.com <mailto:gmaruzz at gmail.com>> wrote:
> NO, the default password of the demo configuration is just that, a DEFAULT password of a DEMO configuration.
>
> That is meant to DEMO just OUT OF THE BOX
>
> So, it must stay this way, because it just works, and is a demo
>
> Then, if you put a demo in production, the problem is between the monitor and the seat, not in the software
>
>
> On 14 March 2017 at 21:46, David Villasmil <david.villasmil.work at gmail.com <mailto:david.villasmil.work at gmail.com>> wrote:
> Make the default password very obscure ramdomized on the fly... that way people will be crying because they can't figure out a password instead of having noobies hacked :)
>
> On Tue, Mar 14, 2017 at 9:40 PM Mirko Brankovic <mirkobrankovic at gmail.com <mailto:mirkobrankovic at gmail.com>> wrote:
> Indeed ;)
>
> On Mar 14, 2017 20:38, "Antonio Silva" <asilva at wirelessmundi.com <mailto:asilva at wirelessmundi.com>> wrote:
> almost... until the user to test set userid = password ... and forget to change it... ops... hacked...
>
> it's all about good practices.
>
> Regards,
> António
>
> On 03/14/2017 07:39 PM, Mirko Brankovic wrote:
>> Cance default password to uuid(), so every new install will get random one ... Bulletproof :°D
>>
>> On Mar 14, 2017 19:30, "Brian West" <brian at freeswitch.org <mailto:brian at freeswitch.org>> wrote:
>> This is exactly what prompted me to put the FOUR LINE CRIT statement when the default password isn't changed along with a 10 second delay before proceeding. Still I see questions posted about the 10 second delay and asking what it means. Not sure how to make it more clear.
>>
>> /b
>>
>>
>> On Tue, Mar 14, 2017 at 1:19 PM, Giovanni Maruzzelli <gmaruzz at gmail.com <mailto:gmaruzz at gmail.com>> wrote:
>> Is nice because they mention FreeSWITCH in the tag of the link, but the link is about FreePBX.
>>
>> Anyway, it's true: if you do not use the standard security practice, and leave your FreeSWITCH with standard password "1234", or maybe you change the standard password to "password", you probably will be hacked, and phone calls will be originated from your FreeSWITCH that you do not want to originate.
>>
>> But, man, that's what you, and me, and anyone is expecting.
>>
>> Also, please do not drive wrong way in the autobahn :))
>>
>> -giovanni
>>
>>
>> On 14 March 2017 at 16:42, Mario G <mario_fs at mgtech.com <mailto:mario_fs at mgtech.com>> wrote:
>> Thought some may be interested in this. I first saw it today via Apple News… Related to tracing bomb threats and Jewish attacks… FreeSWITCH mentioned twice.
>> http://www.theverge.com/2017/3/14/14913118/jcc-bomb-threats-anonymous-phone-calls-pdx-hacking <http://www.theverge.com/2017/3/14/14913118/jcc-bomb-threats-anonymous-phone-calls-pdx-hacking>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org <http://www.freeswitch.org/>
>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>> http://www.cluecon.com <http://www.cluecon.com/>
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>
>>
>> --
>>
>> Sincerely,
>>
>> Giovanni Maruzzelli
>> OpenTelecom.IT
>> cell: +39 347 266 56 18
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org <http://www.freeswitch.org/>
>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>> http://www.cluecon.com <http://www.cluecon.com/>
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>
>>
>>
>> --
>> Brian West
>> brian at freeswitch.org <mailto:brian at freeswitch.org>
>> Twitter: @FreeSWITCH , @briankwest
>>
>> http://www.freeswitchbook.com <http://www.freeswitchbook.com/>
>> http://www.freeswitchcookbook.com <http://www.freeswitchcookbook.com/>
>>
>> Allison prompts for FreeSWITCH:
>>
>> https://www.gofundme.com/allison-prompts-for-freeswitch <https://www.gofundme.com/allison-prompts-for-freeswitch>
>> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit: /r/freeswitch <https://www.reddit.com/r/freeswitch>
>> T:+19184209001 <tel:+1%20918-420-9001> | F:+19184209002 <tel:+1%20918-420-9002> | M:+1918424WEST (9378)
>> Skype:briankwest
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org <http://www.freeswitch.org/>
>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>> http://www.cluecon.com <http://www.cluecon.com/>
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>> http://www.freeswitch.org <http://www.freeswitch.org/>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
>> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org <http://www.freeswitch.org/>
>> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
>> http://www.cluecon.com <http://www.cluecon.com/>
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
>> http://www.freeswitch.org <http://www.freeswitch.org/>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>
>
>
>
> --
>
> Sincerely,
>
> Giovanni Maruzzelli
> OpenTelecom.IT
> cell: +39 347 266 56 18
>
>
>
> --
>
> Sincerely,
>
> Giovanni Maruzzelli
> OpenTelecom.IT
> cell: +39 347 266 56 18
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>
>
>
>
> --
> Brian West
> brian at freeswitch.org <mailto:brian at freeswitch.org>
> Twitter: @FreeSWITCH , @briankwest
>
> http://www.freeswitchbook.com <http://www.freeswitchbook.com/>
> http://www.freeswitchcookbook.com <http://www.freeswitchcookbook.com/>
>
> Allison prompts for FreeSWITCH:
>
> https://www.gofundme.com/allison-prompts-for-freeswitch <https://www.gofundme.com/allison-prompts-for-freeswitch>
> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit: /r/freeswitch <https://www.reddit.com/r/freeswitch>
> T:+19184209001 <tel:(918)%20420-9001> | F:+19184209002 <tel:(918)%20420-9002> | M:+1918424WEST (9378)
> Skype:briankwest
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>
>
>
>
> --
> Adolphe CHER-AIME
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://confluence.freeswitch.org <http://confluence.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org <mailto:FreeSWITCH-users at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users <http://lists.freeswitch.org/mailman/listinfo/freeswitch-users>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users <http://lists.freeswitch.org/mailman/options/freeswitch-users>
> http://www.freeswitch.org <http://www.freeswitch.org/>
>
>
>
> --
> Brian West
> brian at freeswitch.org <mailto:brian at freeswitch.org>
> Twitter: @FreeSWITCH , @briankwest
>
> http://www.freeswitchbook.com <http://www.freeswitchbook.com/>
> http://www.freeswitchcookbook.com <http://www.freeswitchcookbook.com/>
>
> Allison prompts for FreeSWITCH:
>
> https://www.gofundme.com/allison-prompts-for-freeswitch <https://www.gofundme.com/allison-prompts-for-freeswitch>
> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit: /r/freeswitch <https://www.reddit.com/r/freeswitch>
> T:+19184209001 | F:+19184209002 | M:+1918424WEST (9378)
> Skype:briankwest
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170314/da6b0280/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list