may i add , eyebeams confnig file is xml and could be generated , BUT, the password is hashed in some way.. any idea on that ? its a pretty long hash
On 4/25/07, Senad Jordanovic <[EMAIL PROTECTED]> wrote:
Andrew Furey wrote: > On 24/04/07, Senad Jordanovic <[EMAIL PROTECTED]> wrote: >>> Tzafrir Cohen wrote: >>>> Dear Senad, >>>> >>>> The setup program for your soft phone can be downloaded from here: >>>> <a href="http://malwareserver.com/malware.exe">http://LINK</a> >>>> >>>> During the setup you will be asked for configuration file. Please >>>> use attached file. >> >> Tzafrir is referring to possible link that user can receive from >> "someone"... >> >> Since I was referring to SYSTEM email message generated from within >> PBXware, above is not possible without some serious hacking of the >> network, the box, the chroot etc... If one is at that level it then >> becomes a criminal issue. > > Not denying the criminal aspect, but who says the email has to really > come from that box? If there's one thing SMTP is "good" at, it's > allowing forged emails... it wouldn't take a decent phisher 10 > minutes to craft an email that has all the same content including > From addresses. > > Sure, the full headers would give up the game - but how many of your > users would (a) check them, and (b) understand what they're seeing? > I'd be surprised if it's more than 5% - and in many cases it only > takes one person to fall for it... > > Andrew Hi Yeah, all valid points. Thanks for bringing this up. In order to eliminate above the setup program is actually in user self care on the local box. That is where the link refers to. The user self care is password protected. In addition, all of the above is on LAN. For someone to know there is installation going on at "some" LAN is very private matter so anyone wanting send these emails will have to be psychic. Regards, Senad _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
-- Mike Sales Manager http://www.voicemeup.com Making it happen 1.877.807.VOIP (8647) 1.514.312.7030
_______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users