Wednesday, March 11, 2009

Re: [asterisk-biz] PBX got Hacked

On Wed, 11 Mar 2009, Remco Barendse wrote:

> While this may all be true and valid, obviously there is already an
> authentication scheme implemented in Asterisk checking username and
> password.
>
> If it is difficult to implement what i suggested with all the options and
> configurable settings, why not implement it in a more simple form?
>
> Despite of all the arguments on other things we could do, why not increase
> the level of security in Asterisk if there is a possibility to do so?

The problem is that Asterisk is not insecure, it is the configuration that
makes it insecure. Short, non-random passwords are the problem here.

---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman@angryox.com http://www.angryox.com/
---------------------------------------------------------------------------

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz

No comments: