Penetration Testing mailing list archives
RE: PBX Security
From: Jacek Lipkowski <sq5bpf () acid ch pw edu pl>
Date: Tue, 11 Feb 2003 05:48:40 +0100 (CET)
On Mon, 10 Feb 2003, Jonathan Rickman wrote:
...and Avaya pretty much told the customer pack sand when they asked for the root password to secure the box themselves. In this case, it may very well cost the reseller a customer, because when the customer threatened to leverage their physical access to break root for themselves, Avaya balked and told the reseller they were on their own. Any such changes would void the service contract. The box was a default install all the way, with the sole exception (apparently) of the pop3 daemon. Can't recall the specifics, but if I remember correctly, it was an older version of SCO Unixware.
uname -a gives unixware 2.1.2 on some boxes. others give you 'at&t unix' or something similar. btw. audix is a good product. unfortunately in the world of telecomunications it's considered normal to have "secret" internal passwords etc. - all this that the "data" people call security through obscurity. jacek ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- PBX Security Razvan (Feb 05)
- RE: PBX Security Rob Shein (Feb 06)
- Re: PBX Security Fabio Pietrosanti (naif) (Feb 10)
- <Possible follow-ups>
- RE: PBX Security Martin Walker (Feb 09)
- RE: PBX Security Thomas Porter, Ph.D. (Feb 09)
- RE: PBX Security Jonathan Rickman (Feb 10)
- RE: PBX Security Jacek Lipkowski (Feb 11)
- RE: PBX Security Thomas Porter, Ph.D. (Feb 09)
- RE: PBX Security Brennen Reynolds (Feb 10)