Penetration Testing mailing list archives
Re: [PEN-TEST] WebEx security?
From: Steve <steve () SECURESOLUTIONS ORG>
Date: Tue, 31 Oct 2000 14:45:30 -0700
Portscanning has nothing to do with it. The last thing I'm going to do is announce which vulnerabilities are present within the Webex system to this list, that is not my intention.
But that is exactly what you have done by making such a broad statement with no facts to back it up. Oh, and by the way, portscanning has a lot to do with it. I am pretty sure that your comment caused a few of the list subscribers to fire up a portscanner and start looking at the WebEx network.
I do not condone anyone mapping out their network topology, or attempting to exploit known holes within their network. A simple "would I want my corporation's non-public data residing on this system?" would suffice.
But it is clear that you must have done this yourself in order to make such a comment. I agree with Alfred's earlier statement. Just because a company creates a security product, it doesn't mean that their IT staff will be 100% when it comes to security issues. It would be nice and obviously it makes sense for the company to have their IT Staff work with the security people to protect their own assets. But in a real world, this is harder said than done. A good example of this would be another large corporation, IBM, they market their security services as world class, yet I know that if any of you where to look at their internal IT Security recommendations you would vomit and shake your head. But does this mean that we should stay away from all IBM hardware and software? No, other issues may cause this to be the case but the security of their own network has nothing to do with it. Now if you have information on the product itself that would make it a bad choice lets hear it.
Current thread:
- Re: [PEN-TEST] WebEx security?, (continued)
- Re: [PEN-TEST] WebEx security? Alfred Huger (Nov 01)
- Re: [PEN-TEST] WebEx security? Erik Tayler (Nov 01)
- Re: [PEN-TEST] WebEx security? Alfred Huger (Nov 01)
- Re: [PEN-TEST] WebEx security? Erik Tayler (Nov 01)
- Re: [PEN-TEST] WebEx security? Bennett Todd (Nov 01)
- Re: [PEN-TEST] WebEx security? Air Force Guy (Nov 01)
- Re: [PEN-TEST] WebEx security? Alfred Huger (Nov 01)
- Re: [PEN-TEST] WebEx security? Wil Allsopp (Nov 01)
- Re: [PEN-TEST] WebEx security? Erik Tayler (Nov 01)
- Re: [PEN-TEST] WebEx security? Steve (Nov 01)
- Re: [PEN-TEST] WebEx security? Bennett Todd (Nov 01)