RE: PBX Security

From: Jacek Lipkowski (sq5bpf@acid.ch.pw.edu.pl)
Date: Mon Feb 10 2003 - 23:48:40 EST


On Mon, 10 Feb 2003, Jonathan Rickman wrote:

> ...and Avaya pretty much told the customer pack sand when they asked for
> the root password to secure the box themselves. In this case, it may very
> well cost the reseller a customer, because when the customer threatened to
> leverage their physical access to break root for themselves, Avaya balked
> and told the reseller they were on their own. Any such changes would void
> the service contract. The box was a default install all the way, with the
> sole exception (apparently) of the pop3 daemon. Can't recall the
> specifics, but if I remember correctly, it was an older version of SCO
> Unixware.

uname -a gives unixware 2.1.2 on some boxes. others give you 'at&t unix'
or something similar.

btw. audix is a good product. unfortunately in the world of
telecomunications it's considered normal to have
"secret" internal passwords etc. - all this that the "data" people call
security through obscurity.

jacek

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:27 EDT