[Freeswitch-users] Hacked FreeSWITCH mentioned on the Verge regarding bomb threats

David Villasmil david.villasmil.work at gmail.com
Wed Mar 15 00:06:58 MSK 2017 

IMHO, a demo config shouldn't be shipped out by default, it's very risky.
If everyone using freeswitch (or any other softswitch for that matter) for
the first time was a seasoned sysops, then yes. But this is very much not
the case.

So maybe it would be safer for everyone to ship it out with a locked-down
config, so that user WILL learn how fs works by having to open features one
at a time... and then describe in the wiki how to implement the demo config
from a git repo.

This way EVERYONE using fs for the first time Will know they are using a
demo config with everything defaulted and "open"...

But this is just my opinion.
On Tue, Mar 14, 2017 at 9:58 PM Giovanni Maruzzelli <gmaruzz at gmail.com>
wrote:

> btw the problem is always with users/customers that change the demo
> password "1234" (where there is a delay of 10 seconds put there by this
> purpose)  to something like "password".
>
> And what I can do about this?
>
> I will put a safeguard against silly passwords, and you will make the
> effort to circumvent also that safeguard because "is easier for my users"?
>
> On 14 March 2017 at 21:56, Giovanni Maruzzelli <gmaruzz at gmail.com> wrote:
>
> NO, the default password of the demo configuration is just that, a DEFAULT
> password of a DEMO configuration.
>
> That is meant to DEMO just OUT OF THE BOX
>
> So, it must stay this way, because it just works, and is a demo
>
> Then, if you put a demo in production, the problem is between the monitor
> and the seat, not in the software
>
> On 14 March 2017 at 21:46, David Villasmil <david.villasmil.work at gmail.com
> > wrote:
>
> Make the default password very obscure ramdomized on the fly... that way
> people will be crying because they can't figure out a password instead of
> having noobies hacked :)
>
> On Tue, Mar 14, 2017 at 9:40 PM Mirko Brankovic <mirkobrankovic at gmail.com>
> wrote:
>
> Indeed ;)
>
> On Mar 14, 2017 20:38, "Antonio Silva" <asilva at wirelessmundi.com> wrote:
>
> almost... until the user to test set userid = password ... and forget to
> change it... ops... hacked...
>
> it's all about good practices.
>
> Regards,
> António
>
> On 03/14/2017 07:39 PM, Mirko Brankovic wrote:
>
> Cance default password to uuid(), so every new install will get random one
> ... Bulletproof :°D
>
> On Mar 14, 2017 19:30, "Brian West" <brian at freeswitch.org> wrote:
>
> This is exactly what prompted me to put the FOUR LINE CRIT statement when
> the default password isn't changed along with a 10 second delay before
> proceeding.  Still I see questions posted about the 10 second delay and
> asking what it means. Not sure how to make it more clear.
>
> /b
>
>
> On Tue, Mar 14, 2017 at 1:19 PM, Giovanni Maruzzelli <gmaruzz at gmail.com>
> wrote:
>
> Is nice because they mention FreeSWITCH in the tag of the link, but the
> link is about FreePBX.
>
> Anyway, it's true: if you do not use the standard security practice, and
> leave your FreeSWITCH with standard password "1234", or maybe you change
> the standard password to "password", you probably will be hacked, and phone
> calls will be originated from your FreeSWITCH that you do not want to
> originate.
>
> But, man, that's what you, and me, and anyone is expecting.
>
> Also, please do not drive wrong way in the autobahn :))
>
> -giovanni
>
>
> On 14 March 2017 at 16:42, Mario G <mario_fs at mgtech.com> wrote:
>
> Thought some may be interested in this. I first saw it today via Apple
> News… Related to tracing bomb threats and Jewish attacks… FreeSWITCH
> mentioned twice.
>
> http://www.theverge.com/2017/3/14/14913118/jcc-bomb-threats-anonymous-phone-calls-pdx-hacking
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> --
>
> Sincerely,
>
> Giovanni Maruzzelli
> OpenTelecom.IT
> cell: +39 347 266 56 18
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> --
>
> *Brian West*
> brian at freeswitch.org
>
> *Twitter: @FreeSWITCH , @briankwest*
>
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
>
> Allison prompts for FreeSWITCH:
>
> *https://www.gofundme.com/allison-prompts-for-freeswitch*
> <https://www.gofundme.com/allison-prompts-for-freeswitch>
>
> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
> /r/freeswitch <https://www.reddit.com/r/freeswitch>
>
> *T:*+19184209001 <+1%20918-420-9001> | *F:*+19184209002
> <+1%20918-420-9002> | *M:*+1918424WEST (9378)
> *Skype:*briankwest
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services: consulting at freeswitch.orghttp://www.freeswitchsolutions.com
>
> Official FreeSWITCH Siteshttp://www.freeswitch.orghttp://confluence.freeswitch.orghttp://www.cluecon.com
>
> FreeSWITCH-users mailing listFreeSWITCH-users at lists.freeswitch.orghttp://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-usershttp://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
>
> --
>
> Sincerely,
>
> Giovanni Maruzzelli
> OpenTelecom.IT
> cell: +39 347 266 56 18
>
>
>
>
> --
>
> Sincerely,
>
> Giovanni Maruzzelli
> OpenTelecom.IT
> cell: +39 347 266 56 18
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170314/8641f9a3/attachment-0001.html

Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list