[Asterisk-Dev] Is anyone thinking anymore?

Greg Boehnlein damin at nacs.net
Thu Jul 29 21:50:54 MST 2004 

On Thu, 29 Jul 2004, Steve Szmidt wrote:

> On Thursday 29 July 2004 03:57 pm, dking at pimpsoft.com wrote:
>
> > The word is cracked not hacked. Or so I'm told.
> 
> Actually hacking is the activity of getting into and working inside a 
> computer, usually to fix it. However you can hack with criminal intent and 
> it's still hacking. Cracking came about as people who hacked but did not want 
> to be associated with the criminal activity, started calling it cracking. 
> Either one is correct, though one is more descriptive, but less used. (This 
> is something some people will start a flame war over.)
> 
> Then we got white, gray and black hats etc... Going too far off topic though.

Uhh.. no...

Hacking is gaining unauthorized access to resources you aren't supposed 
to access. Used to mean computers, but it has been expanded to include 
hacking hardware or non-computerized systems.

Cracking means defeating the copy protection of a piece of software to 
allow duplication. Such as removing the DECCS encryption from a DVD so it 
can be copied.

Phreaking is using the telephone to gain access to resources that you 
aren't supposed to access. I.E. using a RedBox to generate nickel, dime or 
quarter tones into a payphone to get free calls, or using a 2600 Hz tone 
to BlueBox (although anyone doing this today is pretty stupid).

A server running Asterisk may potentially be "hacked" by using a 
buffer-overflow exploit (Which these patches help prevent) to smash the 
stack and allow a remote user to execute arbitrary code as the user that 
Asterisk is running as. If that user is "root", as the default CVS install 
is, this is an avenue to compromise the server and take control of it. It 
is absolutely imperative that good security standards be applied to the 
code to help minimize the impact of these attacks. It's happened to a lot 
of software.. OpenSSH, OpenSSL, Apache, ProFTPD WuFTPD etc.. 

These patches are good, smart, defensive coding. Especially since Asterisk 
runs as root in most installations.

-- 
    Vice President of N2Net, a New Age Consulting Service, Inc. Company
         http://www.n2net.net Where everything clicks into place!
                             KP-216-121-ST

More information about the asterisk-dev mailing list