Educause Security Discussion mailing list archives

Re: [EXTERNAL] Re: [SECURITY] TikTok Security (should we block it)

From: Gene LeDuc <gleduc () SDSU EDU>
Date: Fri, 14 Feb 2020 08:08:18 -0800

Palo Alto has an app signature for tiktok, we'd block on that if weneeded to. We haven't talked about doing anything like that, if we doit will probably be just for domain-joined devices.


Gene


On 2/14/20 6:57 AM, randy wrote:

I'm not sure how one would block it given it being installed mostly onindividual machines. Certainly a warning about its dangers/weaknessesshould be publicized.

-Randy Marchany
VA Tech IT Security Office & Lab

On Thu, Feb 13, 2020 at 10:33 AM Davidson, Charles <cdavidson () wpi edu<mailto:cdavidson () wpi edu>> wrote:


    Hello,

    Has anyone considered blocking Tiktok on their campus due to the
    poor security reported?
    Some of the articles I have been reading are below.

    Thanks,
    Charlie

            Related TikTok Articles:


            *China's TikTok banned by US Army amid security concerns:
            Report*

            https://www.zdnet.com/google-amp/article/chinas-tiktok-banned-by-us-army-amid-security-concerns-report/
            
<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.zdnet.com%2Fgoogle-amp%2Farticle%2Fchinas-tiktok-banned-by-us-army-amid-security-concerns-report%2F&data=02%7C01%7Ccdavidson%40wpi.edu%7Cb0cc6b0b011a45abc7b708d7b0938d51%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637172020083130449&sdata=ZZXum%2BGblVLPKmpTqJpjFGbjprNPbjH6XtTdZ%2BJjF%2Fk%3D&reserved=0>
 reported
            in the news


            *Senators call for federal investigation into TikTok for
            potential national security risks*

            
https://www.zdnet.com/article/senators-call-for-federal-investigation-into-tiktok-for-potential-national-security-risks/#ftag=CAD-00-10aag7e
            
<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fsenators-call-for-federal-investigation-into-tiktok-for-potential-national-security-risks%2F%23ftag%3DCAD-00-10aag7e&data=02%7C01%7Ccdavidson%40wpi.edu%7Cb0cc6b0b011a45abc7b708d7b0938d51%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637172020083140437&sdata=3UlM7W%2B7RU7urZRjjDOGDhG0GDDXAreGmokeTaAFRV0%3D&reserved=0>

            *Major TikTok Security Flaws Found*

            https://www.nytimes.com/2020/01/08/technology/tiktok-security-flaws.html
            
<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.nytimes.com%2F2020%2F01%2F08%2Ftechnology%2Ftiktok-security-flaws.html&data=02%7C01%7Ccdavidson%40wpi.edu%7Cb0cc6b0b011a45abc7b708d7b0938d51%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637172020083140437&sdata=6xjzKyq8kwjiK4DKzcD%2FmE7yVY03hXUBpsOlaC1Lx8M%3D&reserved=0>

            *Tik or Tok? Is TikTok secure enough?*

            https://research.checkpoint.com/2020/tik-or-tok-is-tiktok-secure-enough/
            
<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fresearch.checkpoint.com%2F2020%2Ftik-or-tok-is-tiktok-secure-enough%2F&data=02%7C01%7Ccdavidson%40wpi.edu%7Cb0cc6b0b011a45abc7b708d7b0938d51%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637172020083150432&sdata=nwL09xLOEy849tOkghdUYD0u8pQHRvi0wkpy9RE2N7I%3D&reserved=0>

            *Is TikTok a Cybersecurity Threat?*

            https://www.infosecurity-magazine.com/opinions/tiktok-cybersecurity-threat/
            
<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.infosecurity-magazine.com%2Fopinions%2Ftiktok-cybersecurity-threat%2F&data=02%7C01%7Ccdavidson%40wpi.edu%7Cb0cc6b0b011a45abc7b708d7b0938d51%7C589c76f5ca1541f9884b55ec15a0672a%7C0%7C0%7C637172020083160424&sdata=vzWrvx55AkMPxW6LYV8C2fwtouaCecyiOc5gjKNYBgs%3D&reserved=0>



    *Charles Davidson, CISSP*

    Information Security Engineer

    *p:*(508) 831-6250

        1518278940442_worcester-polytechnic-institute_2014-06-05_14-10-50.981.png

    /Worcester Polytechnic Institute //•// Information Technology/

    **********
    Replies to EDUCAUSE Community Group emails are sent to the entire
    community list. If you want to reply only to the person who sent the
    message, copy and paste their email address and forward the email
    reply. Additional participation and subscription information can be
    found at https://www.educause.edu/community

**********

Replies to EDUCAUSE Community Group emails are sent to the entirecommunity list. If you want to reply only to the person who sent themessage, copy and paste their email address and forward the email reply.Additional participation and subscription information can be found athttps://www.educause.edu/community


--
Gene LeDuc                 | Any sufficiently advanced technology is
Technology Security        | indistinguishable from a rigged demo.
San Diego State University |   --James Klass

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Current thread:

TikTok Security (should we block it) Davidson, Charles (Feb 13)
- Re: TikTok Security (should we block it) randy (Feb 14)
  - Re: [EXTERNAL] Re: [SECURITY] TikTok Security (should we block it) Gene LeDuc (Feb 14)
    - Re: [EXTERNAL] Re: [SECURITY] TikTok Security (should we block it) Menne, Michael S (Feb 14)
    - Re: [EXTERNAL] Re: [SECURITY] TikTok Security (should we block it) Rob Milman (Feb 14)