[Asterisk-Dev] Re: [Asterisk-Users] SIP SECURITY WARNING: v1-0 (cvs today) sip context in general section ignored goes to default instead - allowing unauthorized sip devices to place calls in default context

[Christopher L. Wade]

Tracy R Reed wrote:
> On Sat, Dec 04, 2004 at 07:50:56AM -0600, Steven Critchfield spake thusly:
> 
>>What do you do to protect the truly stupid, lazy, or the wonderful
>>combination of both? 
> 
> 
> Personally, I think it is about time that lack of attention to security
> finally started costing someone some real money.

Like Steven said, I can give you the Fort Knox security system, it only 
protects you up to the point you post your security gate code on a 
roadside billboard and leave the front door key in the knob.

If your too lazy [or stupid -- worse yet... both] to use the security 
tools you already have available, isn't it your fault?  * is still a 
work in progress, leave the -dev team free to implement true CORE code 
that makes things work, while you, the -user, implement YOUR policies 
that stop things from working.

[please allow me to put on my flame retardant suit before you start 
blasting me]

-Chris

ps.  i'm not addressing any one person, I'm just stating my armpit.
pps.  there are at least two groups in the world of security, those who 
start a project from the security standpoint, and those who start from a 
  functionality standpoint, I think * is right where it should be.

[armpit == opinion (we all got em, and most stink)]

-- 
Christopher L. Wade                     Unistar-Sparco Computers, Inc.
Senior Systems Administrator                            dba Sparco.com
Email: clwade at sparco.com                             7089 Ryburn Drive
Phone: (901) 872 2272 / (800) 840 8400            Millington, TN 38053
Fax:   (901) 872 8482                                              USA