Remember when Cisco cared about security
Remember when Cisco cared about security
Other urls found in this thread:
infoworld.com
twitter.com
Nope.They're been a part of NSA data collection for a while now.
infoworld.com
I remember when linksys did.
what are you implying? that http(s) ports are open? whooah what a security hole!!
skiddie's first network scan
NSA I knew about but at least it wasn't too public. This is just a joke, no authentication. Just username and subdomain enumeration
Go back to school you child. This shows all the companies that use webex via subdomain and the username for rooms to listen / watch internal discussions is open for any to join
>what is reverse dns host discovery
as I said, this is nothing. Go back to hackforums.
Cisco does care about security. Cisco Talos team had a ton of talent.
Its almost as if Cisco is a mega corp with independently operating branches.
Literally nothing
How is private information disclosure nothing ?
Clearly you don';t understand how big companies value their information.
No authentication ?
Why don't you prove to me that it's a serious security hole. Go exploit it.
Already done with Walmart Corp
Their Friday morning project budget meetings were fun
No, just room name and company subdomain
>private information disclosure
You clearly don't understand how the internet works. If you wanted this to not happen every service should be in its own domain, otherwise you can easily list them all, there is just no way to avoid it.
And besides, if you wanted to complain do it about the fact that they require just a room number and no auth, not about the fact that you can see the companies using it, since thats not a secret anyway.
Not a secret at all but the room's not having authentication is worrying
And I've been working in InfoSec for the last 8 years and spoken at conferences before so I'd say I know a little more than whatever nonsense you think you know
>I've been working in InfoSec for the last 8 years and spoken at conferences before so I'd say I know a little more than whatever nonsense you think you know
I'm sure you can stop spewing bullshit and talk in technical terms then.
If you're such a veteran you should know about 2005's IOS critical bugs, and how they tried to sue the researchers who found them. Did cisco care about security back then, or is 2005 too soon?
2005 is admittedly a little too far back for me in the industry but thanks for the google search result
Why are you doxxing John? What did he ever do to you
and it goes way further back
What cons? You going to thotcon this year? Just bought my tickets my man
No US conferences I'm afraid, I am mostly based out of Europe/Asia
John was simply the first target I tested this method on I'm afraid. Most of the rooms aren't active but I am working on somehow scraping the active rooms and listing them publicly so people can join at their own will until either Cisco adds authentication or removes their product from external access
They should do it like Zoom. Sudomain is fine but add random meeting ID that must be inputed
Exactly, the subdomain is only a gateway to the real issue. Authentication / random meeting ID is needed
Did they do the Walmart cheer?
You're based out of your ass friend
>Authentication / random meeting ID is needed
>uhc.webex.com
pic related
I mean not the most secure, but none of them open to a public chatroom that I found