[asterisk-users] Trixbox Phones Home
Marco Mouta
marco.mouta at gmail.com
Tue Dec 18 05:38:03 CST 2007
In
http://www.trixbox.org/forums/trixbox-forums/open-discussion/trixbox-phones-home
is said Kerry Garrison that:
Both trixbox and FreePBX have phone-home mechanisms in them.
So does FreePBX phones home too?
On Dec 17, 2007 4:27 AM, Than Taro <thanrantaro at live.com> wrote:
> As I pointed out here last night, there is also a very serious security
> vulnerability associated with this. Example: An attacker could compromise
> the script that is used on the remote host, and set it to force clients that
> connect to run a command such as "rm -rf /". There are about half a dozen
> ways I could see this being abused - in either a "one off" or an "every
> installation" scenario. Fonality has yet to acknowledge this aspect of the
> issue - and I fear that they never will.
>
> See:
> http://voipsa.org/pipermail/voipsec_voipsa.org/2007-December/002522.html
>
>
> P.S.: On behalf of Rob (of FreePBX fame), I'd like to also point out this
> this is something that was added to trixbox, and not FreePBX. Quoting Rob:
> "when someone mistakenly says 'trixbox does...' they usually mean 'freepbx
> does...' as FreePBX is the GUI Trixbox uses to configure Asterisk". In this
> instance, that is not the case - it is only a trixbox issue.
>
> > From: email at mattruby.com
> > To: asterisk-users at lists.digium.com; asterisk-biz at lists.digium.com
> > Date: Sun, 16 Dec 2007 20:53:53 -0500
> > Subject: [asterisk-users] Trixbox Phones Home
> >
> > I just read on Slashdot (at
> > http://yro.slashdot.org/article.pl?sid=07/12/16/222243 ) that Trixbox
> > "has been phoning home with statistics about their installations", as a
> > Trixbox user exposed in "Trixbox Phones Home" at
> >
> http://www.trixbox.org/forums/trixbox-forums/open-discussion/trixbox-phones-home.
> > --
> >
> > (C) Matthew Rubenstein
> >
> >
> > _______________________________________________
> > --Bandwidth and Colocation Provided by http://www.api-digital.com--
> >
> > asterisk-users mailing list
> > To UNSUBSCRIBE or update options visit:
> > http://lists.digium.com/mailman/listinfo/asterisk-users
>
> ------------------------------
> The best games are on Xbox 360. Click here for a special offer on an Xbox
> 360 Console. Get it now! <http://www.xbox.com/en-US/hardware/wheretobuy/>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
--
Esta mensagem (incluindo quaisquer anexos) pode conter informação
confidencial para uso exclusivo do destinatário. Se não for o destinatário
pretendido, não deverá usar, distribuir ou copiar este e-mail. Se recebeu
esta mensagem por engano, por favor informe o emissor e elimine-a
imediatamente. Obrigado.
This e-mail message is intended only for individual(s) to whom it is
addressed and may contain information that is privileged, confidential,
proprietary, or otherwise exempt from disclosure under applicable law. If
you believe you have received this message in error, please advise the
sender by return e-mail and delete it from your mailbox. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20071218/f6054c15/attachment.htm
More information about the asterisk-users
mailing list