<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">I agree, the big red lines say it all. Even if FS left out a default password someone may put 1234 in. Maybe bigger/more red lines.đşâ ď¸<div class=""><div class=""><br class=""></div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Mar 15, 2017, at 7:22 AM, Brian West <<a href="mailto:brian@freeswitch.org" class="">brian@freeswitch.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">That would negate any existing documentation on getting started, lets not add more work without a solid plan of action to get everything updated and who is going to be responsible for updating everything across Confluence and the Web.<div class=""><br class=""></div><div class="">We still have people using 1.0.6 how-to docs that are posted in various places all over the web. <br class=""><div class=""><br class=""></div><div class="">/b</div><div class=""><br class=""></div></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Wed, Mar 15, 2017 at 10:18 AM, Kevin Wormington <span dir="ltr" class=""><<a href="mailto:kworm@sofnet.com" target="_blank" class="">kworm@sofnet.com</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I think if any change were to be made it would be best to set the default password to nothing (empty string) in the default config and not allow FS to start with an empty password. Put comments in the config file and documentation for the install to include setting a password.<br class="">
<br class="">
I donât think that would be too much of a barrier to entry for newbie users and would eliminate FS from that default password decision. If the user sets an insecure password and gets hacked then they are totally responsible.<br class="">
<br class="">
Just my .02<br class="">
<span class="HOEnZb"><font color="#888888" class=""><br class="">
Kevin<br class="">
</font></span><div class="HOEnZb"><div class="h5">> On Mar 15, 2017, at 9:09 AM, Brian West <<a href="mailto:brian@freeswitch.org" class="">brian@freeswitch.org</a>> wrote:<br class="">
><br class="">
> I do believe Giovanni hit the nail on the head. And in all honesty it wouldn't matter what we try to do to protect the end user from themselves, If they don't fully grasp the concepts and how the security model works there isn't much more we can do as project to prevent bad deployments with shady security settings.<br class="">
><br class="">
><br class="">
> /b<br class="">
><br class="">
><br class="">
> On Wed, Mar 15, 2017 at 10:04 AM, Steven Ayre <<a href="mailto:steveayre@gmail.com" class="">steveayre@gmail.com</a>> wrote:<br class="">
> Bundle a dictionary of commonly used passwords and reject the calls if the password is on the blacklist? ;)<br class="">
><br class="">
><br class="">
> On 14 March 2017 at 18:29, Brian West <<a href="mailto:brian@freeswitch.org" class="">brian@freeswitch.org</a>> wrote:<br class="">
> This is exactly what prompted me to put the FOUR LINE CRIT statement when the default password isn't changed along with a 10 second delay before proceeding. Still I see questions posted about the 10 second delay and asking what it means. Not sure how to make it more clear.<br class="">
><br class="">
> /b<br class="">
><br class="">
><br class="">
> On Tue, Mar 14, 2017 at 1:19 PM, Giovanni Maruzzelli <<a href="mailto:gmaruzz@gmail.com" class="">gmaruzz@gmail.com</a>> wrote:<br class="">
> Is nice because they mention FreeSWITCH in the tag of the link, but the link is about FreePBX.<br class="">
><br class="">
> Anyway, it's true: if you do not use the standard security practice, and leave your FreeSWITCH with standard password "1234", or maybe you change the standard password to "password", you probably will be hacked, and phone calls will be originated from your FreeSWITCH that you do not want to originate.<br class="">
><br class="">
> But, man, that's what you, and me, and anyone is expecting.<br class="">
><br class="">
> Also, please do not drive wrong way in the autobahn :))<br class="">
><br class="">
> -giovanni<br class="">
><br class="">
><br class="">
> On 14 March 2017 at 16:42, Mario G <<a href="mailto:mario_fs@mgtech.com" class="">mario_fs@mgtech.com</a>> wrote:<br class="">
> Thought some may be interested in this. I first saw it today via Apple News⌠Related to tracing bomb threats and Jewish attacks⌠FreeSWITCH mentioned twice.<br class="">
> <a href="http://www.theverge.com/2017/3/14/14913118/jcc-bomb-threats-anonymous-phone-calls-pdx-hacking" rel="noreferrer" target="_blank" class="">http://www.theverge.com/2017/<wbr class="">3/14/14913118/jcc-bomb-<wbr class="">threats-anonymous-phone-calls-<wbr class="">pdx-hacking</a><br class="">
> ______________________________<wbr class="">______________________________<wbr class="">_____________<br class="">
> Professional FreeSWITCH Consulting Services:<br class="">
> <a href="mailto:consulting@freeswitch.org" class="">consulting@freeswitch.org</a><br class="">
> <a href="http://www.freeswitchsolutions.com/" rel="noreferrer" target="_blank" class="">http://www.<wbr class="">freeswitchsolutions.com</a><br class="">
><br class="">
> Official FreeSWITCH Sites<br class="">
> <a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
> <a href="http://confluence.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://confluence.freeswitch.<wbr class="">org</a><br class="">
> <a href="http://www.cluecon.com/" rel="noreferrer" target="_blank" class="">http://www.cluecon.com</a><br class="">
><br class="">
> FreeSWITCH-users mailing list<br class="">
> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" class="">FreeSWITCH-users@lists.<wbr class="">freeswitch.org</a><br class="">
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/<wbr class="">mailman/listinfo/freeswitch-<wbr class="">users</a><br class="">
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.<wbr class="">freeswitch.org/mailman/<wbr class="">options/freeswitch-users</a><br class="">
> <a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
><br class="">
><br class="">
><br class="">
> --<br class="">
><br class="">
> Sincerely,<br class="">
><br class="">
> Giovanni Maruzzelli<br class="">
> OpenTelecom.IT<br class="">
> cell: <a href="tel:%2B39%20347%20266%2056%2018" value="+393472665618" class="">+39 347 266 56 18</a><br class="">
><br class="">
> ______________________________<wbr class="">______________________________<wbr class="">_____________<br class="">
> Professional FreeSWITCH Consulting Services:<br class="">
> <a href="mailto:consulting@freeswitch.org" class="">consulting@freeswitch.org</a><br class="">
> <a href="http://www.freeswitchsolutions.com/" rel="noreferrer" target="_blank" class="">http://www.<wbr class="">freeswitchsolutions.com</a><br class="">
><br class="">
> Official FreeSWITCH Sites<br class="">
> <a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
> <a href="http://confluence.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://confluence.freeswitch.<wbr class="">org</a><br class="">
> <a href="http://www.cluecon.com/" rel="noreferrer" target="_blank" class="">http://www.cluecon.com</a><br class="">
><br class="">
> FreeSWITCH-users mailing list<br class="">
> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" class="">FreeSWITCH-users@lists.<wbr class="">freeswitch.org</a><br class="">
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/<wbr class="">mailman/listinfo/freeswitch-<wbr class="">users</a><br class="">
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.<wbr class="">freeswitch.org/mailman/<wbr class="">options/freeswitch-users</a><br class="">
> <a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
><br class="">
><br class="">
><br class="">
> --<br class="">
> Brian West<br class="">
> <a href="mailto:brian@freeswitch.org" class="">brian@freeswitch.org</a><br class="">
><br class="">
> Twitter: @FreeSWITCH , @briankwest<br class="">
><br class="">
> <a href="http://www.freeswitchbook.com/" rel="noreferrer" target="_blank" class="">http://www.freeswitchbook.com</a><br class="">
> <a href="http://www.freeswitchcookbook.com/" rel="noreferrer" target="_blank" class="">http://www.freeswitchcookbook.<wbr class="">com</a><br class="">
><br class="">
> Allison prompts for FreeSWITCH:<br class="">
><br class="">
> <a href="https://www.gofundme.com/allison-prompts-for-freeswitch" rel="noreferrer" target="_blank" class="">https://www.gofundme.com/<wbr class="">allison-prompts-for-freeswitch</a><br class="">
><br class="">
> Got Bugs? Report them here! | Reddit: /r/freeswitch<br class="">
><br class="">
> T:<a href="tel:%2B19184209001" value="+19184209001" class="">+19184209001</a> | F:<a href="tel:%2B19184209002" value="+19184209002" class="">+19184209002</a> | M:+1918424WEST (9378)<br class="">
> <a href="Skype:briankwest" class="">Skype:briankwest</a><br class="">
><br class="">
><br class="">
> ______________________________<wbr class="">______________________________<wbr class="">_____________<br class="">
> Professional FreeSWITCH Consulting Services:<br class="">
> <a href="mailto:consulting@freeswitch.org" class="">consulting@freeswitch.org</a><br class="">
> <a href="http://www.freeswitchsolutions.com/" rel="noreferrer" target="_blank" class="">http://www.<wbr class="">freeswitchsolutions.com</a><br class="">
><br class="">
> Official FreeSWITCH Sites<br class="">
> <a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
> <a href="http://confluence.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://confluence.freeswitch.<wbr class="">org</a><br class="">
> <a href="http://www.cluecon.com/" rel="noreferrer" target="_blank" class="">http://www.cluecon.com</a><br class="">
><br class="">
> FreeSWITCH-users mailing list<br class="">
> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" class="">FreeSWITCH-users@lists.<wbr class="">freeswitch.org</a><br class="">
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/<wbr class="">mailman/listinfo/freeswitch-<wbr class="">users</a><br class="">
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.<wbr class="">freeswitch.org/mailman/<wbr class="">options/freeswitch-users</a><br class="">
> <a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
><br class="">
><br class="">
> ______________________________<wbr class="">______________________________<wbr class="">_____________<br class="">
> Professional FreeSWITCH Consulting Services:<br class="">
> <a href="mailto:consulting@freeswitch.org" class="">consulting@freeswitch.org</a><br class="">
> <a href="http://www.freeswitchsolutions.com/" rel="noreferrer" target="_blank" class="">http://www.<wbr class="">freeswitchsolutions.com</a><br class="">
><br class="">
> Official FreeSWITCH Sites<br class="">
> <a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
> <a href="http://confluence.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://confluence.freeswitch.<wbr class="">org</a><br class="">
> <a href="http://www.cluecon.com/" rel="noreferrer" target="_blank" class="">http://www.cluecon.com</a><br class="">
><br class="">
> FreeSWITCH-users mailing list<br class="">
> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" class="">FreeSWITCH-users@lists.<wbr class="">freeswitch.org</a><br class="">
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/<wbr class="">mailman/listinfo/freeswitch-<wbr class="">users</a><br class="">
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.<wbr class="">freeswitch.org/mailman/<wbr class="">options/freeswitch-users</a><br class="">
> <a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
><br class="">
><br class="">
><br class="">
> --<br class="">
> Brian West<br class="">
> <a href="mailto:brian@freeswitch.org" class="">brian@freeswitch.org</a><br class="">
><br class="">
> Twitter: @FreeSWITCH , @briankwest<br class="">
><br class="">
> <a href="http://www.freeswitchbook.com/" rel="noreferrer" target="_blank" class="">http://www.freeswitchbook.com</a><br class="">
> <a href="http://www.freeswitchcookbook.com/" rel="noreferrer" target="_blank" class="">http://www.freeswitchcookbook.<wbr class="">com</a><br class="">
><br class="">
> Allison prompts for FreeSWITCH:<br class="">
><br class="">
> <a href="https://www.gofundme.com/allison-prompts-for-freeswitch" rel="noreferrer" target="_blank" class="">https://www.gofundme.com/<wbr class="">allison-prompts-for-freeswitch</a><br class="">
><br class="">
> Got Bugs? Report them here! | Reddit: /r/freeswitch<br class="">
><br class="">
> T:<a href="tel:%2B19184209001" value="+19184209001" class="">+19184209001</a> | F:<a href="tel:%2B19184209002" value="+19184209002" class="">+19184209002</a> | M:+1918424WEST (9378)<br class="">
> <a href="Skype:briankwest" class="">Skype:briankwest</a><br class="">
><br class="">
> ______________________________<wbr class="">______________________________<wbr class="">_____________<br class="">
> Professional FreeSWITCH Consulting Services:<br class="">
> <a href="mailto:consulting@freeswitch.org" class="">consulting@freeswitch.org</a><br class="">
> <a href="http://www.freeswitchsolutions.com/" rel="noreferrer" target="_blank" class="">http://www.<wbr class="">freeswitchsolutions.com</a><br class="">
><br class="">
> Official FreeSWITCH Sites<br class="">
> <a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
> <a href="http://confluence.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://confluence.freeswitch.<wbr class="">org</a><br class="">
> <a href="http://www.cluecon.com/" rel="noreferrer" target="_blank" class="">http://www.cluecon.com</a><br class="">
><br class="">
> FreeSWITCH-users mailing list<br class="">
> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org" class="">FreeSWITCH-users@lists.<wbr class="">freeswitch.org</a><br class="">
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/<wbr class="">mailman/listinfo/freeswitch-<wbr class="">users</a><br class="">
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.<wbr class="">freeswitch.org/mailman/<wbr class="">options/freeswitch-users</a><br class="">
> <a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
<br class="">
<br class="">
<br class="">
______________________________<wbr class="">______________________________<wbr class="">_____________<br class="">
Professional FreeSWITCH Consulting Services:<br class="">
<a href="mailto:consulting@freeswitch.org" class="">consulting@freeswitch.org</a><br class="">
<a href="http://www.freeswitchsolutions.com/" rel="noreferrer" target="_blank" class="">http://www.<wbr class="">freeswitchsolutions.com</a><br class="">
<br class="">
Official FreeSWITCH Sites<br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class="">
<a href="http://confluence.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://confluence.freeswitch.<wbr class="">org</a><br class="">
<a href="http://www.cluecon.com/" rel="noreferrer" target="_blank" class="">http://www.cluecon.com</a><br class="">
<br class="">
FreeSWITCH-users mailing list<br class="">
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" class="">FreeSWITCH-users@lists.<wbr class="">freeswitch.org</a><br class="">
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/<wbr class="">mailman/listinfo/freeswitch-<wbr class="">users</a><br class="">
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.<wbr class="">freeswitch.org/mailman/<wbr class="">options/freeswitch-users</a><br class="">
<a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a></div></div></blockquote></div><br class=""><br clear="all" class=""><div class=""><br class=""></div>-- <br class=""><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><p class=""><font face="courier new, monospace" class=""><b class=""><i class=""><font size="4" class="">Brian West</font></i></b><br class=""><span style="font-size:x-small" class=""><a href="mailto:brian@freeswitch.org" target="_blank" class="">brian@freeswitch.org</a></span></font></p><p class=""><b style="font-family:monospace,monospace;font-size:small" class=""><i class="">Twitter: @FreeSWITCH , @briankwest</i></b></p><p class=""><font size="2" face="monospace, monospace" class=""><a href="http://www.freeswitchbook.com/" target="_blank" class="">http://www.freeswitchbook.com</a> <br class=""><a href="http://www.freeswitchcookbook.com/" target="_blank" class="">http://www.freeswitchcookbook.com</a><br class=""><br class="">Allison prompts for FreeSWITCH:</font></p><table cellspacing="0" cellpadding="0" style="font-size:12.8px" class=""><tbody class=""><tr class=""><td valign="baseline" class=""><p class=""><span class=""><a href="https://www.gofundme.com/allison-prompts-for-freeswitch" target="_blank" class=""><b class="">https://www.gofundme.com/allison-prompts-for-freeswitch</b></a></span></p></td></tr></tbody></table><p class=""><span style="font-family:monospace,monospace;font-size:12.8px" class="">Got Bugs? Report them </span><a href="https://freeswitch.org/jira" style="font-family:monospace,monospace;font-size:12.8px" target="_blank" class="">here</a><span style="font-family:monospace,monospace;font-size:12.8px" class="">! | Reddit: </span><a href="https://www.reddit.com/r/freeswitch" style="font-family:monospace,monospace;font-size:12.8px" target="_blank" class="">/r/freeswitch</a><br class=""></p><p class=""><font size="2" face="monospace, monospace" class=""><b class="">T:</b>+19184209001 | <b class="">F:</b>+19184209002 | <b class="">M:</b>+1918424WEST (9378)<br class=""><b class="">Skype:</b>briankwest<br class=""></font></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
_________________________________________________________________________<br class="">Professional FreeSWITCH Consulting Services: <br class=""><a href="mailto:consulting@freeswitch.org" class="">consulting@freeswitch.org</a><br class="">http://www.freeswitchsolutions.com<br class=""><br class="">Official FreeSWITCH Sites<br class="">http://www.freeswitch.org<br class="">http://confluence.freeswitch.org<br class="">http://www.cluecon.com<br class=""><br class="">FreeSWITCH-users mailing list<br class="">FreeSWITCH-users@lists.freeswitch.org<br class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users<br class="">UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br class="">http://www.freeswitch.org</div></blockquote></div><br class=""></div></div></body></html>