[Asterisk-Dev] Re: [Asterisk-Users] SIP SECURITY WARNING: v1-0 (cvs today) sip context in general section ignored goes to default instead - allowing unauthorized sip devices to place calls in default context

Steven Critchfield critch at basesys.com
Mon Dec 6 14:11:21 MST 2004


On Tue, 2004-12-07 at 08:53 +1300, Matt Riddell wrote:
> Tracy R Reed wrote:
> > On Sat, Dec 04, 2004 at 07:50:56AM -0600, Steven Critchfield spake thusly:
> > 
> >>What do you do to protect the truly stupid, lazy, or the wonderful
> >>combination of both? 
> > 
> > Personally, I think it is about time that lack of attention to security
> > finally started costing someone some real money.
> 
> What does this statement mean?
> 
> Do you want me to hack you?

It probably means exactly what it says.

Here in the US, people drove very stupid in the begining. Problem was
that noone was usually hurt in an accident with a car then. The speeds
where not enough to do much in the way of damage. Then as vehicles went
faster and people started to feel the dangers of driving stupid, they
enacted laws to force people to drive more sane. 

In computers as well as vehicles, until one knows the risk up close it
will probably be ignored. Until you know what to fear, you don't have
any fear. Until you know the downside of not knowing what lack of
security does to yourself, you don't implement security.

Trouble being, that the majority of computer users now don't know what
to do to fix the problem. The problems are too abstract for them to see
or feel and therefore don't pose a risk. Your average user is too
oblivious of the risks. 

What was being suggested above is the wish for a way to make these risks
become more tangible and therefore less abstract. Something for the
common idiot to get behind and want to get fixed even at any cost.
-- 
Steven Critchfield <critch at basesys.com>




More information about the asterisk-dev mailing list