[asterisk-biz] Hacking the network

Alex Balashov abalashov at evaristesys.com
Mon Oct 5 10:03:39 CDT 2009


David Gibbons wrote:

> To be clear, you only have yourself to BLAME if you leave your 
> doors unlocked. That's not to say that the break-in was right, 
> justified or legal, just that you should have used a measure of 
> caution.

That depends on how one chooses to direct blame, and why.  Blame can 
be directed either at a failure to prevent a preventable event, or at 
the human agency that perpetrated said event irrespectively of efforts 
(or lack of them) to prevent it.

When corporate managers in large-company CYA cultures, clerical 
bureaucrats, government administrators and the like issue blame, for 
example, they generally pick whichever of those options fits the goal 
of political expediency and minimises their own culpability. 
Sometimes you blame the perpetrator, and sometimes you blame someone's 
"failure to act," just depending on where exactly you are looking for 
the chips to fall, who is in the way of your career at the moment, who 
  you think should be demonised by the Two Minutes' Hate of the day, 
and so on.

> I'm not saying that there's no culpability for crooks, I'm saying 
> that just like driving defensively, we need to be proactive about 
> security. If someone registers a phone against your SIP server and 
> uses 10k long distance minutes across the globe, your upstream 
> provider will likely not have any sympathy for you. We have no one 
> to blame but ourselves when we overlook security.

There can be no argument with that.

-- 
Alex Balashov - Principal
Evariste Systems
Web     : http://www.evaristesys.com/
Tel     : (+1) (678) 954-0670
Direct  : (+1) (678) 954-0671



More information about the asterisk-biz mailing list