[Freeswitch-users] Hacked FreeSWITCH mentioned on the Verge regarding bomb threats

Wed Mar 15 17:22:15 MSK 2017

That would negate any existing documentation on getting started, lets not
add more work without a solid plan of action to get everything updated and
who is going to be responsible for updating everything across Confluence
and the Web.

We still have people using 1.0.6 how-to docs that are posted in various
places all over the web.

/b

On Wed, Mar 15, 2017 at 10:18 AM, Kevin Wormington <kworm at sofnet.com> wrote:

> I think if any change were to be made it would be best to set the default
> password to nothing (empty string) in the default config and not allow FS
> to start with an empty password.   Put comments in the config file and
> documentation for the install to include setting a password.
>
> I don’t think that would be too much of a barrier to entry for newbie
> users and would eliminate FS from that default password decision.  If the
> user sets an insecure password and gets hacked then they are totally
> responsible.
>
> Just my .02
>
> Kevin
> > On Mar 15, 2017, at 9:09 AM, Brian West <brian at freeswitch.org> wrote:
> >
> > I do believe Giovanni hit the nail on the head.  And in all honesty it
> wouldn't matter what we try to do to protect the end user from themselves,
> If they don't fully grasp the concepts and how the security model works
> there isn't much more we can do as project to prevent bad deployments with
> shady security settings.
> >
> >
> > /b
> >
> >
> > On Wed, Mar 15, 2017 at 10:04 AM, Steven Ayre <steveayre at gmail.com>
> wrote:
> > Bundle a dictionary of commonly used passwords and reject the calls if
> the password is on the blacklist? ;)
> >
> >
> > On 14 March 2017 at 18:29, Brian West <brian at freeswitch.org> wrote:
> > This is exactly what prompted me to put the FOUR LINE CRIT statement
> when the default password isn't changed along with a 10 second delay before
> proceeding.  Still I see questions posted about the 10 second delay and
> asking what it means. Not sure how to make it more clear.
> >
> > /b
> >
> >
> > On Tue, Mar 14, 2017 at 1:19 PM, Giovanni Maruzzelli <gmaruzz at gmail.com>
> wrote:
> > Is nice because they mention FreeSWITCH in the tag of the link, but the
> link is about FreePBX.
> >
> > Anyway, it's true: if you do not use the standard security practice, and
> leave your FreeSWITCH with standard password "1234", or maybe you change
> the standard password to "password", you probably will be hacked, and phone
> calls will be originated from your FreeSWITCH that you do not want to
> originate.
> >
> > But, man, that's what you, and me, and anyone is expecting.
> >
> > Also, please do not drive wrong way in the autobahn :))
> >
> > -giovanni
> >
> >
> > On 14 March 2017 at 16:42, Mario G <mario_fs at mgtech.com> wrote:
> > Thought some may be interested in this. I first saw it today via Apple
> News… Related to tracing bomb threats and Jewish attacks… FreeSWITCH
> mentioned twice.
> > http://www.theverge.com/2017/3/14/14913118/jcc-bomb-
> threats-anonymous-phone-calls-pdx-hacking
> > ____________________________________________________________
> _____________
> > Professional FreeSWITCH Consulting Services:
> > consulting at freeswitch.org
> > http://www.freeswitchsolutions.com
> >
> > Official FreeSWITCH Sites
> > http://www.freeswitch.org
> > http://confluence.freeswitch.org
> > http://www.cluecon.com
> >
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
> >
> >
> >
> > --
> >
> > Sincerely,
> >
> > Giovanni Maruzzelli
> > OpenTelecom.IT
> > cell: +39 347 266 56 18
> >
> > ____________________________________________________________
> _____________
> > Professional FreeSWITCH Consulting Services:
> > consulting at freeswitch.org
> > http://www.freeswitchsolutions.com
> >
> > Official FreeSWITCH Sites
> > http://www.freeswitch.org
> > http://confluence.freeswitch.org
> > http://www.cluecon.com
> >
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
> >
> >
> >
> > --
> > Brian West
> > brian at freeswitch.org
> >
> > Twitter: @FreeSWITCH , @briankwest
> >
> > http://www.freeswitchbook.com
> > http://www.freeswitchcookbook.com
> >
> > Allison prompts for FreeSWITCH:
> >
> > https://www.gofundme.com/allison-prompts-for-freeswitch
> >
> > Got Bugs? Report them here! | Reddit: /r/freeswitch
> >
> > T:+19184209001 | F:+19184209002 | M:+1918424WEST (9378)
> > Skype:briankwest
> >
> >
> > ____________________________________________________________
> _____________
> > Professional FreeSWITCH Consulting Services:
> > consulting at freeswitch.org
> > http://www.freeswitchsolutions.com
> >
> > Official FreeSWITCH Sites
> > http://www.freeswitch.org
> > http://confluence.freeswitch.org
> > http://www.cluecon.com
> >
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
> >
> >
> > ____________________________________________________________
> _____________
> > Professional FreeSWITCH Consulting Services:
> > consulting at freeswitch.org
> > http://www.freeswitchsolutions.com
> >
> > Official FreeSWITCH Sites
> > http://www.freeswitch.org
> > http://confluence.freeswitch.org
> > http://www.cluecon.com
> >
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
> >
> >
> >
> > --
> > Brian West
> > brian at freeswitch.org
> >
> > Twitter: @FreeSWITCH , @briankwest
> >
> > http://www.freeswitchbook.com
> > http://www.freeswitchcookbook.com
> >
> > Allison prompts for FreeSWITCH:
> >
> > https://www.gofundme.com/allison-prompts-for-freeswitch
> >
> > Got Bugs? Report them here! | Reddit: /r/freeswitch
> >
> > T:+19184209001 | F:+19184209002 | M:+1918424WEST (9378)
> > Skype:briankwest
> >
> > ____________________________________________________________
> _____________
> > Professional FreeSWITCH Consulting Services:
> > consulting at freeswitch.org
> > http://www.freeswitchsolutions.com
> >
> > Official FreeSWITCH Sites
> > http://www.freeswitch.org
> > http://confluence.freeswitch.org
> > http://www.cluecon.com
> >
> > FreeSWITCH-users mailing list
> > FreeSWITCH-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>

-- 

*Brian West*
brian at freeswitch.org

*Twitter: @FreeSWITCH , @briankwest*

http://www.freeswitchbook.com
http://www.freeswitchcookbook.com

Allison prompts for FreeSWITCH:

*https://www.gofundme.com/allison-prompts-for-freeswitch*
<https://www.gofundme.com/allison-prompts-for-freeswitch>

Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
/r/freeswitch <https://www.reddit.com/r/freeswitch>

*T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
*Skype:*briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170315/da81c3c8/attachment.html 