[Freeswitch-users] Hacked FreeSWITCH mentioned on the Verge regarding bomb threats
Brian West
brian at freeswitch.org
Wed Mar 15 21:05:06 MSK 2017
You guys recall the message that talks about you have to define a user in a
domain when an endpoint tries to register, That one was a single line
message, it kept growing and to this day its still asked what does it
mean. So more is not always better. :)
/b
On Wed, Mar 15, 2017 at 1:53 PM, Mario G <mario_fs at mgtech.com> wrote:
> I agree, the big red lines say it all. Even if FS left out a default
> password someone may put 1234 in. Maybe bigger/more red lines.👺☠️
>
>
> On Mar 15, 2017, at 7:22 AM, Brian West <brian at freeswitch.org> wrote:
>
> That would negate any existing documentation on getting started, lets not
> add more work without a solid plan of action to get everything updated and
> who is going to be responsible for updating everything across Confluence
> and the Web.
>
> We still have people using 1.0.6 how-to docs that are posted in various
> places all over the web.
>
> /b
>
>
> On Wed, Mar 15, 2017 at 10:18 AM, Kevin Wormington <kworm at sofnet.com>
> wrote:
>
>> I think if any change were to be made it would be best to set the default
>> password to nothing (empty string) in the default config and not allow FS
>> to start with an empty password. Put comments in the config file and
>> documentation for the install to include setting a password.
>>
>> I don’t think that would be too much of a barrier to entry for newbie
>> users and would eliminate FS from that default password decision. If the
>> user sets an insecure password and gets hacked then they are totally
>> responsible.
>>
>> Just my .02
>>
>> Kevin
>> > On Mar 15, 2017, at 9:09 AM, Brian West <brian at freeswitch.org> wrote:
>> >
>> > I do believe Giovanni hit the nail on the head. And in all honesty it
>> wouldn't matter what we try to do to protect the end user from themselves,
>> If they don't fully grasp the concepts and how the security model works
>> there isn't much more we can do as project to prevent bad deployments with
>> shady security settings.
>> >
>> >
>> > /b
>> >
>> >
>> > On Wed, Mar 15, 2017 at 10:04 AM, Steven Ayre <steveayre at gmail.com>
>> wrote:
>> > Bundle a dictionary of commonly used passwords and reject the calls if
>> the password is on the blacklist? ;)
>> >
>> >
>> > On 14 March 2017 at 18:29, Brian West <brian at freeswitch.org> wrote:
>> > This is exactly what prompted me to put the FOUR LINE CRIT statement
>> when the default password isn't changed along with a 10 second delay before
>> proceeding. Still I see questions posted about the 10 second delay and
>> asking what it means. Not sure how to make it more clear.
>> >
>> > /b
>> >
>> >
>> > On Tue, Mar 14, 2017 at 1:19 PM, Giovanni Maruzzelli <gmaruzz at gmail.com>
>> wrote:
>> > Is nice because they mention FreeSWITCH in the tag of the link, but the
>> link is about FreePBX.
>> >
>> > Anyway, it's true: if you do not use the standard security practice,
>> and leave your FreeSWITCH with standard password "1234", or maybe you
>> change the standard password to "password", you probably will be hacked,
>> and phone calls will be originated from your FreeSWITCH that you do not
>> want to originate.
>> >
>> > But, man, that's what you, and me, and anyone is expecting.
>> >
>> > Also, please do not drive wrong way in the autobahn :))
>> >
>> > -giovanni
>> >
>> >
>> > On 14 March 2017 at 16:42, Mario G <mario_fs at mgtech.com> wrote:
>> > Thought some may be interested in this. I first saw it today via Apple
>> News… Related to tracing bomb threats and Jewish attacks… FreeSWITCH
>> mentioned twice.
>> > http://www.theverge.com/2017/3/14/14913118/jcc-bomb-threats-
>> anonymous-phone-calls-pdx-hacking
>> > ____________________________________________________________
>> _____________
>> > Professional FreeSWITCH Consulting Services:
>> > consulting at freeswitch.org
>> > http://www.freeswitchsolutions.com
>> >
>> > Official FreeSWITCH Sites
>> > http://www.freeswitch.org
>> > http://confluence.freeswitch.org
>> > http://www.cluecon.com
>> >
>> > FreeSWITCH-users mailing list
>> > FreeSWITCH-users at lists.freeswitch.org
>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/
>> freeswitch-users
>> > http://www.freeswitch.org
>> >
>> >
>> >
>> > --
>> >
>> > Sincerely,
>> >
>> > Giovanni Maruzzelli
>> > OpenTelecom.IT
>> > cell: +39 347 266 56 18
>> >
>> > ____________________________________________________________
>> _____________
>> > Professional FreeSWITCH Consulting Services:
>> > consulting at freeswitch.org
>> > http://www.freeswitchsolutions.com
>> >
>> > Official FreeSWITCH Sites
>> > http://www.freeswitch.org
>> > http://confluence.freeswitch.org
>> > http://www.cluecon.com
>> >
>> > FreeSWITCH-users mailing list
>> > FreeSWITCH-users at lists.freeswitch.org
>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/
>> freeswitch-users
>> > http://www.freeswitch.org
>> >
>> >
>> >
>> > --
>> > Brian West
>> > brian at freeswitch.org
>> >
>> > Twitter: @FreeSWITCH , @briankwest
>> >
>> > http://www.freeswitchbook.com
>> > http://www.freeswitchcookbook.com
>> >
>> > Allison prompts for FreeSWITCH:
>> >
>> > https://www.gofundme.com/allison-prompts-for-freeswitch
>> >
>> > Got Bugs? Report them here! | Reddit: /r/freeswitch
>> >
>> > T:+19184209001 | F:+19184209002 | M:+1918424WEST (9378)
>> > Skype:briankwest
>> >
>> >
>> > ____________________________________________________________
>> _____________
>> > Professional FreeSWITCH Consulting Services:
>> > consulting at freeswitch.org
>> > http://www.freeswitchsolutions.com
>> >
>> > Official FreeSWITCH Sites
>> > http://www.freeswitch.org
>> > http://confluence.freeswitch.org
>> > http://www.cluecon.com
>> >
>> > FreeSWITCH-users mailing list
>> > FreeSWITCH-users at lists.freeswitch.org
>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/
>> freeswitch-users
>> > http://www.freeswitch.org
>> >
>> >
>> > ____________________________________________________________
>> _____________
>> > Professional FreeSWITCH Consulting Services:
>> > consulting at freeswitch.org
>> > http://www.freeswitchsolutions.com
>> >
>> > Official FreeSWITCH Sites
>> > http://www.freeswitch.org
>> > http://confluence.freeswitch.org
>> > http://www.cluecon.com
>> >
>> > FreeSWITCH-users mailing list
>> > FreeSWITCH-users at lists.freeswitch.org
>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/
>> freeswitch-users
>> > http://www.freeswitch.org
>> >
>> >
>> >
>> > --
>> > Brian West
>> > brian at freeswitch.org
>> >
>> > Twitter: @FreeSWITCH , @briankwest
>> >
>> > http://www.freeswitchbook.com
>> > http://www.freeswitchcookbook.com
>> >
>> > Allison prompts for FreeSWITCH:
>> >
>> > https://www.gofundme.com/allison-prompts-for-freeswitch
>> >
>> > Got Bugs? Report them here! | Reddit: /r/freeswitch
>> >
>> > T:+19184209001 | F:+19184209002 | M:+1918424WEST (9378)
>> > Skype:briankwest
>> >
>> > ____________________________________________________________
>> _____________
>> > Professional FreeSWITCH Consulting Services:
>> > consulting at freeswitch.org
>> > http://www.freeswitchsolutions.com
>> >
>> > Official FreeSWITCH Sites
>> > http://www.freeswitch.org
>> > http://confluence.freeswitch.org
>> > http://www.cluecon.com
>> >
>> > FreeSWITCH-users mailing list
>> > FreeSWITCH-users at lists.freeswitch.org
>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/
>> freeswitch-users
>> > http://www.freeswitch.org
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> --
>
> *Brian West*
> brian at freeswitch.org
>
> *Twitter: @FreeSWITCH , @briankwest*
>
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
>
> Allison prompts for FreeSWITCH:
>
> *https://www.gofundme.com/allison-prompts-for-freeswitch*
> <https://www.gofundme.com/allison-prompts-for-freeswitch>
>
> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
> /r/freeswitch <https://www.reddit.com/r/freeswitch>
>
> *T:*+19184209001 <(918)%20420-9001> | *F:*+19184209002 <(918)%20420-9002>
> | *M:*+1918424WEST (9378)
> *Skype:*briankwest
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
--
*Brian West*
brian at freeswitch.org
*Twitter: @FreeSWITCH , @briankwest*
http://www.freeswitchbook.com
http://www.freeswitchcookbook.com
Allison prompts for FreeSWITCH:
*https://www.gofundme.com/allison-prompts-for-freeswitch*
<https://www.gofundme.com/allison-prompts-for-freeswitch>
Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
/r/freeswitch <https://www.reddit.com/r/freeswitch>
*T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
*Skype:*briankwest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170315/15f1e4f0/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list