[asterisk-users] Softphone that supports central provisioning?
Senad Jordanovic
senad at bicom.us
Wed Apr 25 07:04:19 MST 2007
Andrew Furey wrote:
> On 24/04/07, Senad Jordanovic <senad at bicom.us> wrote:
>>> Tzafrir Cohen wrote:
>>>> Dear Senad,
>>>>
>>>> The setup program for your soft phone can be downloaded from here:
>>>> <a href="http://malwareserver.com/malware.exe">http://LINK</a>
>>>>
>>>> During the setup you will be asked for configuration file. Please
>>>> use attached file.
>>
>> Tzafrir is referring to possible link that user can receive from
>> "someone"...
>>
>> Since I was referring to SYSTEM email message generated from within
>> PBXware, above is not possible without some serious hacking of the
>> network, the box, the chroot etc... If one is at that level it then
>> becomes a criminal issue.
>
> Not denying the criminal aspect, but who says the email has to really
> come from that box? If there's one thing SMTP is "good" at, it's
> allowing forged emails... it wouldn't take a decent phisher 10
> minutes to craft an email that has all the same content including
> From addresses.
>
> Sure, the full headers would give up the game - but how many of your
> users would (a) check them, and (b) understand what they're seeing?
> I'd be surprised if it's more than 5% - and in many cases it only
> takes one person to fall for it...
>
> Andrew
Hi
Yeah, all valid points. Thanks for bringing this up.
In order to eliminate above the setup program is actually in user self care
on the local box. That is where the link refers to. The user self care is
password protected.
In addition, all of the above is on LAN. For someone to know there is
installation going on at "some" LAN is very private matter so anyone wanting
send these emails will have to be psychic.
Regards,
Senad
More information about the asterisk-users
mailing list