[asterisk-biz] PBX got Hacked
Peter Beckman
beckman at angryox.com
Wed Mar 11 14:16:44 CDT 2009
On Wed, 11 Mar 2009, Remco Barendse wrote:
> While this may all be true and valid, obviously there is already an
> authentication scheme implemented in Asterisk checking username and
> password.
>
> If it is difficult to implement what i suggested with all the options and
> configurable settings, why not implement it in a more simple form?
>
> Despite of all the arguments on other things we could do, why not increase
> the level of security in Asterisk if there is a possibility to do so?
The problem is that Asterisk is not insecure, it is the configuration that
makes it insecure. Short, non-random passwords are the problem here.
---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman at angryox.com http://www.angryox.com/
---------------------------------------------------------------------------
More information about the asterisk-biz
mailing list