[asterisk-users] Softphone that supports central provisioning?

Andrew Furey andrew.furey at gmail.com
Mon Apr 23 17:44:41 MST 2007


On 24/04/07, Senad Jordanovic <senad at bicom.us> wrote:
> > Tzafrir Cohen wrote:
> >> Dear Senad,
> >>
> >> The setup program for your soft phone can be downloaded from here:
> >> <a href="http://malwareserver.com/malware.exe">http://LINK</a>
> >>
> >> During the setup you will be asked for configuration file. Please use
> >> attached file.
>
> Tzafrir is referring to possible link that user can receive from
> "someone"...
>
> Since I was referring to SYSTEM email message generated from within PBXware,
> above is not possible without some serious hacking of the network, the box,
> the chroot etc... If one is at that level it then becomes a criminal issue.

Not denying the criminal aspect, but who says the email has to really
come from that box? If there's one thing SMTP is "good" at, it's
allowing forged emails... it wouldn't take a decent phisher 10 minutes
to craft an email that has all the same content including From
addresses.

Sure, the full headers would give up the game - but how many of your
users would (a) check them, and (b) understand what they're seeing?
I'd be surprised if it's more than 5% - and in many cases it only
takes one person to fall for it...

Andrew

-- 
Linux supports the notion of a command line or a shell for the same
reason that only children read books with only pictures in them.
Language, be it English or something else, is the only tool flexible
enough to accomplish a sufficiently broad range of tasks.
                          -- Bill Garrett


More information about the asterisk-users mailing list