Hello,
I was testing something and used a toll free number of my local bank
(because it is free and there is a voice and DTMF System menu to play
around)... I was suprised seeing lines like this in
/var/log/fsogsmd.log:
2012-04-08T11:49:59.395616Z [INFO] libfsotransport <0710:2>: SRC: "+VTS=#" ->
[ "OK" ]
The value of +VTS=x is the DTMF tone to send; the value x should not be logged,
at least not in the INFO level; keep in mind that such DTMF tones often
are used to send credentials, PIN or other secret information to the
other side of a call. While it is technically nearly imposible to
intercept them in the call, it is prety much easy to read them out of
the log files of a (stolen or lost) phone.
I will file a bug report in Trac for SHR.
Thanks
matthias
--
Matthias Apitz
t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
e <g...@unixarea.de> - w http://www.unixarea.de/
UNIX since V7 on PDP-11 | UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2 | FreeBSD since 2.2.5
_______________________________________________
Shr-devel mailing list
Shr-devel@lists.shr-project.org
http://lists.shr-project.org/mailman/listinfo/shr-devel
