We were burned by a consultant via WebEx. He didn't do anything bad per se,
but it violated our policy and exposed what I consider a hole in WebEx (at
the time).
He connected our corporate computer to WebEx. Enabled remote control. Went
to dinner, then back to his hotel. All the while, we had a back door into
our network that was only as good as his session password with WebEx.
This was a couple of years ago, WebEx may have resolved that problem. Would
be as easy as a timeout when you offer to share control.
WebEx is now blocked at multiple levels :)
On Wed, Mar 5, 2008 at 11:26 AM, Ben Scott <[EMAIL PROTECTED]> wrote:
> On Wed, Mar 5, 2008 at 9:17 AM, <[EMAIL PROTECTED]> wrote:
> > What I am concerned about are potential security issues
> > that could be introduced by this service. Is it a secure service WebEx
> claim
> > it to be?
>
> Keep in mind that installing any of these third-party remote-access
> services mean that your computer is now accessible by anyone who works
> for the third-party, or has access to the third-party's
> infrastructure. The transport ("AES", "SSL", etc.) doesn't matter,
> that's not where the weak points are. The weak points are at the
> other end. That's what I would worry about. Historically, we've seen
> breaches at datacenters and the like, usually through stupid human
> mistakes by employees. (The SalesForce.com incident being a good,
> recent example.) So my expectation would be that any threats would
> come from that direction.
>
> "Using encryption on the Internet is the equivalent of arranging an
> armored car to deliver credit card information from someone living in
> a cardboard box to someone living on a park bench."
> -- Prof. Gene "spaf" Spafford
>
> -- Ben
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~
> ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
>
~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
