Remember when Cisco cared about security
Remember when Cisco cared about security
Cameron James
Other urls found in this thread:
infoworld.com
twitter.com
Jordan Young
Nope.They're been a part of NSA data collection for a while now.
infoworld.com
Josiah Ross
I remember when linksys did.
Austin Ross
what are you implying? that http(s) ports are open? whooah what a security hole!!
skiddie's first network scan
Jace Robinson
NSA I knew about but at least it wasn't too public. This is just a joke, no authentication. Just username and subdomain enumeration
Parker Lee
Go back to school you child. This shows all the companies that use webex via subdomain and the username for rooms to listen / watch internal discussions is open for any to join
Alexander Sanders
>what is reverse dns host discovery
as I said, this is nothing. Go back to hackforums.
Dominic Lopez
Cisco does care about security. Cisco Talos team had a ton of talent.
Its almost as if Cisco is a mega corp with independently operating branches.
Brandon Carter
Literally nothing
Leo Hughes
How is private information disclosure nothing ?
Clearly you don';t understand how big companies value their information.
Kayden Cooper
No authentication ?
Lucas Howard
Why don't you prove to me that it's a serious security hole. Go exploit it.
Lincoln Lee
Already done with Walmart Corp
Their Friday morning project budget meetings were fun
Cooper Diaz
No, just room name and company subdomain
Lucas Gray
>private information disclosure
You clearly don't understand how the internet works. If you wanted this to not happen every service should be in its own domain, otherwise you can easily list them all, there is just no way to avoid it.
And besides, if you wanted to complain do it about the fact that they require just a room number and no auth, not about the fact that you can see the companies using it, since thats not a secret anyway.
Mason Gomez
Not a secret at all but the room's not having authentication is worrying
And I've been working in InfoSec for the last 8 years and spoken at conferences before so I'd say I know a little more than whatever nonsense you think you know
Nathan Adams
>I've been working in InfoSec for the last 8 years and spoken at conferences before so I'd say I know a little more than whatever nonsense you think you know
I'm sure you can stop spewing bullshit and talk in technical terms then.
If you're such a veteran you should know about 2005's IOS critical bugs, and how they tried to sue the researchers who found them. Did cisco care about security back then, or is 2005 too soon?
Isaac Carter
2005 is admittedly a little too far back for me in the industry but thanks for the google search result
Elijah Murphy
Why are you doxxing John? What did he ever do to you
Jace Foster
and it goes way further back
Juan Nguyen
What cons? You going to thotcon this year? Just bought my tickets my man
Ayden Peterson
No US conferences I'm afraid, I am mostly based out of Europe/Asia
John was simply the first target I tested this method on I'm afraid. Most of the rooms aren't active but I am working on somehow scraping the active rooms and listing them publicly so people can join at their own will until either Cisco adds authentication or removes their product from external access
Charles Mitchell
They should do it like Zoom. Sudomain is fine but add random meeting ID that must be inputed
Alexander Scott
Exactly, the subdomain is only a gateway to the real issue. Authentication / random meeting ID is needed
Jayden Robinson
Did they do the Walmart cheer?
Evan Young
You're based out of your ass friend
Cameron Mitchell
>Authentication / random meeting ID is needed
>uhc.webex.com
pic related
I mean not the most secure, but none of them open to a public chatroom that I found