[App_rpt-users] toy throwing time?
Willem Schreuder
willem at prinmath.com
Mon Sep 12 17:04:22 UTC 2016
On Mon, 12 Sep 2016, Stephen - K1LNX wrote:
> What exactly does it gain for us?
I realize keepng up with the Asterisk code base is a lot to ask, but for
one thing it buys you is security. While it is certainly true that
"improvements" do introduce new security holes, a more mature and current
Asterisk is more likely to have fewer security holes.
Since many nodes face the public internet, it would certainly be
catastrophic if a black hat were to have the ability to knock any public
facing AllStar node in the world off the air by exploiting a previously
undisclosed vulnerability. Combining such an exploit with a router
exploit to get to private networks of nodes is a real possibility, and
there are LOTS of people around the world, including some big players,
that invest heavily in having such a toolset ready for when it would
benefit them.
Having what is essentially a static code base makes it easier for those
folks. I know that sounds rather paranoid, but just sayin....
73 -Willem AC0KQ
More information about the App_rpt-users
mailing list