[Freeswitch-users] Hacked FreeSWITCH mentioned on the Verge regarding bomb threats

Nandy Dagondon nandy1925 at gmail.com
Thu Mar 16 18:36:18 MSK 2017


I'm on the side of easy entry.  Just like babies we drink milk and on soft
diet. As we mature, we eat solid foods - and wiser.  Had FS  started as
solid food, it may have turned me off.  Thanks to the gurus!

/Nandy

On Wed, Mar 15, 2017 at 6:05 PM, Brian West <brian at freeswitch.org> wrote:

> You guys recall the message that talks about you have to define a user in
> a domain when an endpoint tries to register, That one was a single line
> message, it kept growing and to this day its still asked what does it
> mean.  So more is not always better. :)
>
> /b
>
> On Wed, Mar 15, 2017 at 1:53 PM, Mario G <mario_fs at mgtech.com> wrote:
>
>> I agree, the big red lines say it all. Even if FS left out a default
>> password someone may put 1234 in. Maybe bigger/more red lines.👺☠️
>>
>>
>> On Mar 15, 2017, at 7:22 AM, Brian West <brian at freeswitch.org> wrote:
>>
>> That would negate any existing documentation on getting started, lets not
>> add more work without a solid plan of action to get everything updated and
>> who is going to be responsible for updating everything across Confluence
>> and the Web.
>>
>> We still have people using 1.0.6 how-to docs that are posted in various
>> places all over the web.
>>
>> /b
>>
>>
>> On Wed, Mar 15, 2017 at 10:18 AM, Kevin Wormington <kworm at sofnet.com>
>> wrote:
>>
>>> I think if any change were to be made it would be best to set the
>>> default password to nothing (empty string) in the default config and not
>>> allow FS to start with an empty password.   Put comments in the config file
>>> and documentation for the install to include setting a password.
>>>
>>> I don’t think that would be too much of a barrier to entry for newbie
>>> users and would eliminate FS from that default password decision.  If the
>>> user sets an insecure password and gets hacked then they are totally
>>> responsible.
>>>
>>> Just my .02
>>>
>>> Kevin
>>> > On Mar 15, 2017, at 9:09 AM, Brian West <brian at freeswitch.org> wrote:
>>> >
>>> > I do believe Giovanni hit the nail on the head.  And in all honesty it
>>> wouldn't matter what we try to do to protect the end user from themselves,
>>> If they don't fully grasp the concepts and how the security model works
>>> there isn't much more we can do as project to prevent bad deployments with
>>> shady security settings.
>>> >
>>> >
>>> > /b
>>> >
>>> >
>>> > On Wed, Mar 15, 2017 at 10:04 AM, Steven Ayre <steveayre at gmail.com>
>>> wrote:
>>> > Bundle a dictionary of commonly used passwords and reject the calls if
>>> the password is on the blacklist? ;)
>>> >
>>> >
>>> > On 14 March 2017 at 18:29, Brian West <brian at freeswitch.org> wrote:
>>> > This is exactly what prompted me to put the FOUR LINE CRIT statement
>>> when the default password isn't changed along with a 10 second delay before
>>> proceeding.  Still I see questions posted about the 10 second delay and
>>> asking what it means. Not sure how to make it more clear.
>>> >
>>> > /b
>>> >
>>> >
>>> > On Tue, Mar 14, 2017 at 1:19 PM, Giovanni Maruzzelli <
>>> gmaruzz at gmail.com> wrote:
>>> > Is nice because they mention FreeSWITCH in the tag of the link, but
>>> the link is about FreePBX.
>>> >
>>> > Anyway, it's true: if you do not use the standard security practice,
>>> and leave your FreeSWITCH with standard password "1234", or maybe you
>>> change the standard password to "password", you probably will be hacked,
>>> and phone calls will be originated from your FreeSWITCH that you do not
>>> want to originate.
>>> >
>>> > But, man, that's what you, and me, and anyone is expecting.
>>> >
>>> > Also, please do not drive wrong way in the autobahn :))
>>> >
>>> > -giovanni
>>> >
>>> >
>>> > On 14 March 2017 at 16:42, Mario G <mario_fs at mgtech.com> wrote:
>>> > Thought some may be interested in this. I first saw it today via Apple
>>> News… Related to tracing bomb threats and Jewish attacks… FreeSWITCH
>>> mentioned twice.
>>> > http://www.theverge.com/2017/3/14/14913118/jcc-bomb-threats-
>>> anonymous-phone-calls-pdx-hacking
>>> > ____________________________________________________________
>>> _____________
>>> > Professional FreeSWITCH Consulting Services:
>>> > consulting at freeswitch.org
>>> > http://www.freeswitchsolutions.com
>>> >
>>> > Official FreeSWITCH Sites
>>> > http://www.freeswitch.org
>>> > http://confluence.freeswitch.org
>>> > http://www.cluecon.com
>>> >
>>> > FreeSWITCH-users mailing list
>>> > FreeSWITCH-users at lists.freeswitch.org
>>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>> switch-users
>>> > http://www.freeswitch.org
>>> >
>>> >
>>> >
>>> > --
>>> >
>>> > Sincerely,
>>> >
>>> > Giovanni Maruzzelli
>>> > OpenTelecom.IT
>>> > cell: +39 347 266 56 18
>>> >
>>> > ____________________________________________________________
>>> _____________
>>> > Professional FreeSWITCH Consulting Services:
>>> > consulting at freeswitch.org
>>> > http://www.freeswitchsolutions.com
>>> >
>>> > Official FreeSWITCH Sites
>>> > http://www.freeswitch.org
>>> > http://confluence.freeswitch.org
>>> > http://www.cluecon.com
>>> >
>>> > FreeSWITCH-users mailing list
>>> > FreeSWITCH-users at lists.freeswitch.org
>>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>> switch-users
>>> > http://www.freeswitch.org
>>> >
>>> >
>>> >
>>> > --
>>> > Brian West
>>> > brian at freeswitch.org
>>> >
>>> > Twitter: @FreeSWITCH , @briankwest
>>> >
>>> > http://www.freeswitchbook.com
>>> > http://www.freeswitchcookbook.com
>>> >
>>> > Allison prompts for FreeSWITCH:
>>> >
>>> > https://www.gofundme.com/allison-prompts-for-freeswitch
>>> >
>>> > Got Bugs? Report them here! | Reddit: /r/freeswitch
>>> >
>>> > T:+19184209001 | F:+19184209002 | M:+1918424WEST (9378)
>>> > Skype:briankwest
>>> >
>>> >
>>> > ____________________________________________________________
>>> _____________
>>> > Professional FreeSWITCH Consulting Services:
>>> > consulting at freeswitch.org
>>> > http://www.freeswitchsolutions.com
>>> >
>>> > Official FreeSWITCH Sites
>>> > http://www.freeswitch.org
>>> > http://confluence.freeswitch.org
>>> > http://www.cluecon.com
>>> >
>>> > FreeSWITCH-users mailing list
>>> > FreeSWITCH-users at lists.freeswitch.org
>>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>> switch-users
>>> > http://www.freeswitch.org
>>> >
>>> >
>>> > ____________________________________________________________
>>> _____________
>>> > Professional FreeSWITCH Consulting Services:
>>> > consulting at freeswitch.org
>>> > http://www.freeswitchsolutions.com
>>> >
>>> > Official FreeSWITCH Sites
>>> > http://www.freeswitch.org
>>> > http://confluence.freeswitch.org
>>> > http://www.cluecon.com
>>> >
>>> > FreeSWITCH-users mailing list
>>> > FreeSWITCH-users at lists.freeswitch.org
>>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>> switch-users
>>> > http://www.freeswitch.org
>>> >
>>> >
>>> >
>>> > --
>>> > Brian West
>>> > brian at freeswitch.org
>>> >
>>> > Twitter: @FreeSWITCH , @briankwest
>>> >
>>> > http://www.freeswitchbook.com
>>> > http://www.freeswitchcookbook.com
>>> >
>>> > Allison prompts for FreeSWITCH:
>>> >
>>> > https://www.gofundme.com/allison-prompts-for-freeswitch
>>> >
>>> > Got Bugs? Report them here! | Reddit: /r/freeswitch
>>> >
>>> > T:+19184209001 | F:+19184209002 | M:+1918424WEST (9378)
>>> > Skype:briankwest
>>> >
>>> > ____________________________________________________________
>>> _____________
>>> > Professional FreeSWITCH Consulting Services:
>>> > consulting at freeswitch.org
>>> > http://www.freeswitchsolutions.com
>>> >
>>> > Official FreeSWITCH Sites
>>> > http://www.freeswitch.org
>>> > http://confluence.freeswitch.org
>>> > http://www.cluecon.com
>>> >
>>> > FreeSWITCH-users mailing list
>>> > FreeSWITCH-users at lists.freeswitch.org
>>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/free
>>> switch-users
>>> > http://www.freeswitch.org
>>>
>>>
>>>
>>> ____________________________________________________________
>>> _____________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://confluence.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>
>>
>>
>> --
>>
>> *Brian West*
>> brian at freeswitch.org
>>
>> *Twitter: @FreeSWITCH , @briankwest*
>>
>> http://www.freeswitchbook.com
>> http://www.freeswitchcookbook.com
>>
>> Allison prompts for FreeSWITCH:
>>
>> *https://www.gofundme.com/allison-prompts-for-freeswitch*
>> <https://www.gofundme.com/allison-prompts-for-freeswitch>
>>
>> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
>> /r/freeswitch <https://www.reddit.com/r/freeswitch>
>>
>> *T:*+19184209001 <(918)%20420-9001> | *F:*+19184209002 <(918)%20420-9002>
>> | *M:*+1918424WEST (9378)
>> *Skype:*briankwest
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> --
>
> *Brian West*
> brian at freeswitch.org
>
> *Twitter: @FreeSWITCH , @briankwest*
>
> http://www.freeswitchbook.com
> http://www.freeswitchcookbook.com
>
> Allison prompts for FreeSWITCH:
>
> *https://www.gofundme.com/allison-prompts-for-freeswitch*
> <https://www.gofundme.com/allison-prompts-for-freeswitch>
>
> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
> /r/freeswitch <https://www.reddit.com/r/freeswitch>
>
> *T:*+19184209001 <(918)%20420-9001> | *F:*+19184209002 <(918)%20420-9002>
> | *M:*+1918424WEST (9378)
> *Skype:*briankwest
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170316/611b5d78/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list