[asterisk-users] Trixbox Phones Home
Than Taro
thanrantaro at live.com
Sun Dec 16 22:27:36 CST 2007
As I pointed out here last night, there is also a very serious security vulnerability associated with this. Example: An attacker could compromise the script that is used on the remote host, and set it to force clients that connect to run a command such as "rm -rf /". There are about half a dozen ways I could see this being abused - in either a "one off" or an "every installation" scenario. Fonality has yet to acknowledge this aspect of the issue - and I fear that they never will.
See:
http://voipsa.org/pipermail/voipsec_voipsa.org/2007-December/002522.html
P.S.: On behalf of Rob (of FreePBX fame), I'd like to also point out this
this is something that was added to trixbox, and not FreePBX. Quoting
Rob: "when someone mistakenly says 'trixbox does...' they usually mean
'freepbx does...' as FreePBX is the GUI Trixbox uses to configure
Asterisk". In this instance, that is not the case - it is only a
trixbox issue.
> From: email at mattruby.com
> To: asterisk-users at lists.digium.com; asterisk-biz at lists.digium.com
> Date: Sun, 16 Dec 2007 20:53:53 -0500
> Subject: [asterisk-users] Trixbox Phones Home
>
> I just read on Slashdot (at
> http://yro.slashdot.org/article.pl?sid=07/12/16/222243 ) that Trixbox
> "has been phoning home with statistics about their installations", as a
> Trixbox user exposed in "Trixbox Phones Home" at
> http://www.trixbox.org/forums/trixbox-forums/open-discussion/trixbox-phones-home .
> --
>
> (C) Matthew Rubenstein
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
_________________________________________________________________
The best games are on Xbox 360. Click here for a special offer on an Xbox 360 Console.
http://www.xbox.com/en-US/hardware/wheretobuy/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20071216/af4cf7e1/attachment.htm
More information about the asterisk-users
mailing list