In <a href="http://www.trixbox.org/forums/trixbox-forums/open-discussion/trixbox-phones-home">http://www.trixbox.org/forums/trixbox-forums/open-discussion/trixbox-phones-home</a> is said Kerry Garrison that:<br><br>Both trixbox and FreePBX have phone-home mechanisms in them.
<br><br>So does FreePBX phones home too?<br><br><div class="gmail_quote">On Dec 17, 2007 4:27 AM, Than Taro <<a href="mailto:thanrantaro@live.com">thanrantaro@live.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
As I pointed out here last night, there is also a very serious security vulnerability associated with this. Example: An attacker could compromise the script that is used on the remote host, and set it to force clients that connect to run a command such as "rm -rf /". There are about half a dozen ways I could see this being abused - in either a "one off" or an "every installation" scenario. Fonality has yet to acknowledge this aspect of the issue - and I fear that they never will.
<br><br>See:<br><a href="http://voipsa.org/pipermail/voipsec_voipsa.org/2007-December/002522.html" target="_blank">http://voipsa.org/pipermail/voipsec_voipsa.org/2007-December/002522.html</a><br><br><br>P.S.: On behalf of Rob (of FreePBX fame), I'd like to also point out this
this is something that was added to trixbox, and not FreePBX. Quoting
Rob: "when someone mistakenly says 'trixbox does...' they usually mean
'freepbx does...' as FreePBX is the GUI Trixbox uses to configure
Asterisk". In this instance, that is not the case - it is only a
trixbox issue.<br><br>> From: <a href="mailto:email@mattruby.com" target="_blank">email@mattruby.com</a><br>> To: <a href="mailto:asterisk-users@lists.digium.com" target="_blank">asterisk-users@lists.digium.com</a>
; <a href="mailto:asterisk-biz@lists.digium.com" target="_blank">asterisk-biz@lists.digium.com</a><br>> Date: Sun, 16 Dec 2007 20:53:53 -0500<br>> Subject: [asterisk-users] Trixbox Phones Home<div class="Ih2E3d"><br>
> <br>> I just read on Slashdot (at<br>> <a href="http://yro.slashdot.org/article.pl?sid=07/12/16/222243" target="_blank">http://yro.slashdot.org/article.pl?sid=07/12/16/222243</a> ) that Trixbox<br>> "has been phoning home with statistics about their installations", as a
<br>> Trixbox user exposed in "Trixbox Phones Home" at<br>> <a href="http://www.trixbox.org/forums/trixbox-forums/open-discussion/trixbox-phones-home" target="_blank">http://www.trixbox.org/forums/trixbox-forums/open-discussion/trixbox-phones-home
</a> .<br>> -- <br>> <br>> (C) Matthew Rubenstein<br>> <br>> <br>> _______________________________________________<br>> --Bandwidth and Colocation Provided by <a href="http://www.api-digital.com--" target="_blank">
http://www.api-digital.com--</a><br>> <br></div>> asterisk-users mailing list<div class="Ih2E3d"><br>> To UNSUBSCRIBE or update options visit:<br></div>> <a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">
http://lists.digium.com/mailman/listinfo/asterisk-users</a><br><br><hr>The best games are on Xbox 360. Click here for a special offer on an Xbox 360 Console. <a href="http://www.xbox.com/en-US/hardware/wheretobuy/" target="_blank">
Get it now!</a></div>
<br>_______________________________________________<br>--Bandwidth and Colocation Provided by <a href="http://www.api-digital.com--" target="_blank">http://www.api-digital.com--</a><br><br>asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br> <a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br></blockquote></div><br><br clear="all">
<br>-- <br>Esta mensagem (incluindo quaisquer anexos) pode conter informação confidencial para uso exclusivo do destinatário. Se não for o destinatário pretendido, não deverá usar, distribuir ou copiar este e-mail. Se recebeu esta mensagem por engano, por favor informe o emissor e elimine-a imediatamente. Obrigado.
<br><br>This e-mail message is intended only for individual(s) to whom it is addressed and may contain information that is privileged, confidential, proprietary, or otherwise exempt from disclosure under applicable law. If you believe you have received this message in error, please advise the sender by return e-mail and delete it from your mailbox. Thank you.