Re: [EXTERNAL] Re: [SECURITY] TikTok Security (should we block it)

[Rob Milman <rob.milman () SAIT CA>]

Agreed.

Rob Milman
Associate Director, Information Security
Information Technology Services

Southern Alberta Institute of Technology
EH Crandell Building, GA 214
1301 – 16 Avenue NW, Calgary AB, T2M 0L4

(Office) 403.774.5401  (Cell) 403.606.3173
rob.milman () sait ca

-----Original Message-----
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Menne, Michael S
Sent: Friday, February 14, 2020 12:01 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] [EXTERNAL] Re: [SECURITY] TikTok Security (should we block it)

I do not want to be in the business of policing what apps people should or shouldn't use by means of technology 
blocking. Blocking them at the firewall is pretty much a useless futile effort. Users will simply turn off WiFi and run 
over cell data.

Given the concerns and risks to student data we face as a University, TikTok is not one that rises to the top of my 
list to worry about on a daily basis. It's kind of a daily fire fight. With the house in front of me burning, I can't 
worry about the house that may or may not catch fire across the street.  Do I need to keep an eye on the developments?  
Certainly, but not to the level that I'm going to take action on at the moment. We may post a news article, but that's 
about as far as I would take it at the moment.


Michael Menne, CISSP
Chief Information Security Officer
IT Solutions Information Security
Minnesota State University, Mankato
Phone:  (507) 389-5705
mnsu.edu/cyberaware
 

 
Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended 
recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or 
distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message. 



-----Original Message-----
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Gene LeDuc
Sent: Friday, February 14, 2020 10:08 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] [EXTERNAL] Re: [SECURITY] TikTok Security (should we block it)

Palo Alto has an app signature for tiktok, we'd block on that if we needed to.  We haven't talked about doing anything 
like that, if we do it will probably be just for domain-joined devices.

Gene


On 2/14/20 6:57 AM, randy wrote:
> I'm not sure how one would block it given it being installed mostly on 
> individual machines. Certainly a warning about its dangers/weaknesses 
> should be publicized.
> -Randy Marchany
> VA Tech IT Security Office & Lab
>
> On Thu, Feb 13, 2020 at 10:33 AM Davidson, Charles <cdavidson () wpi edu 
> <mailto:cdavidson () wpi edu>> wrote:
>
>     Hello,
>
>     Has anyone considered blocking Tiktok on their campus due to the
>     poor security reported?
>     Some of the articles I have been reading are below.
>
>     Thanks,
>     Charlie
>
>             Related TikTok Articles:
>
>
>             *China's TikTok banned by US Army amid security concerns:
>             Report*
>
>             
> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.zdnet.com%2Fgoogle-amp%2Farticle%2Fchinas-tiktok-banned-by-us-army-amid-security-concerns-report%2F&amp;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d7b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637172933053739523&amp;sdata=bJUfu%2FHWqe9iZ7dBzqeD870arSpRP%2BosPouajW8siGw%3D&amp;reserved=0
>             
> <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.zdnet.com%2Fgoogle-amp%2Farticle%2Fchinas-tiktok-banned-by-us-army-amid-security-concerns-report%2F&amp;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d7b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637172933053739523&amp;sdata=bJUfu%2FHWqe9iZ7dBzqeD870arSpRP%2BosPouajW8siGw%3D&amp;reserved=0>
>  reported
>             in the news
>
>
>             *Senators call for federal investigation into TikTok for
>             potential national security risks*
>
>             
> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> zdnet.com%2Farticle%2Fsenators-call-for-federal-investigation-into-tik
> tok-for-potential-national-security-risks%2F%23ftag%3DCAD-00-10aag7e&a
> mp;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d7b
> 1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C63717293305373952
> 3&amp;sdata=vElFn%2BATr7r4o93KvFJIUwQfi069TF4YV3DhRrDbyYQ%3D&amp;reser
> ved=0
>             
> <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww
> .zdnet.com%2Farticle%2Fsenators-call-for-federal-investigation-into-ti
> ktok-for-potential-national-security-risks%2F%23ftag%3DCAD-00-10aag7e&
> amp;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d7
> b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C6371729330537395
> 23&amp;sdata=vElFn%2BATr7r4o93KvFJIUwQfi069TF4YV3DhRrDbyYQ%3D&amp;rese
> rved=0>
>
>             *Major TikTok Security Flaws Found*
>
>             
> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> nytimes.com%2F2020%2F01%2F08%2Ftechnology%2Ftiktok-security-flaws.html
> &amp;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d
> 7b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637172933053739
> 523&amp;sdata=RDCMitH8MyfKZh7IhCEXxL%2BSCTMHRSQzVoYYfeneI1Y%3D&amp;res
> erved=0
>             
> <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww
> .nytimes.com%2F2020%2F01%2F08%2Ftechnology%2Ftiktok-security-flaws.htm
> l&amp;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708
> d7b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C63717293305373
> 9523&amp;sdata=RDCMitH8MyfKZh7IhCEXxL%2BSCTMHRSQzVoYYfeneI1Y%3D&amp;re
> served=0>
>
>             *Tik or Tok? Is TikTok secure enough?*
>
>             
> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Frese
> arch.checkpoint.com%2F2020%2Ftik-or-tok-is-tiktok-secure-enough%2F&amp
> ;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d7b16
> 81e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637172933053749521&
> amp;sdata=xFmCZDmDC%2FUgcS%2BS7yuCrmNhc%2Frn1w8PfyA9kb4s5EM%3D&amp;res
> erved=0
>             
> <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fres
> earch.checkpoint.com%2F2020%2Ftik-or-tok-is-tiktok-secure-enough%2F&am
> p;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d7b1
> 681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637172933053749521
> &amp;sdata=xFmCZDmDC%2FUgcS%2BS7yuCrmNhc%2Frn1w8PfyA9kb4s5EM%3D&amp;re
> served=0>
>
>             *Is TikTok a Cybersecurity Threat?*
>
>             
> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> infosecurity-magazine.com%2Fopinions%2Ftiktok-cybersecurity-threat%2F&
> amp;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d7
> b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C6371729330537495
> 21&amp;sdata=WCtkTTqa7q7Ruoh%2BPbQPTWiRoH74TWTIxgcB%2FAxO6LE%3D&amp;re
> served=0
>             
> <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww
> .infosecurity-magazine.com%2Fopinions%2Ftiktok-cybersecurity-threat%2F
> &amp;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d
> 7b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637172933053749
> 521&amp;sdata=WCtkTTqa7q7Ruoh%2BPbQPTWiRoH74TWTIxgcB%2FAxO6LE%3D&amp;r
> eserved=0>
>
>
>
>     *Charles Davidson, CISSP*
>
>     Information Security Engineer
>
>     *p:*(508) 831-6250
>
>       
> 1518278940442_worcester-polytechnic-institute_2014-06-05_14-10-50.981.
> png
>
>     /Worcester Polytechnic Institute //•// Information Technology/
>
>     **********
>     Replies to EDUCAUSE Community Group emails are sent to the entire
>     community list. If you want to reply only to the person who sent the
>     message, copy and paste their email address and forward the email
>     reply. Additional participation and subscription information can be
>     found at
> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> educause.edu%2Fcommunity&amp;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7
> C8f7cedb77b9a433a46e708d7b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7
> C0%7C0%7C637172933053749521&amp;sdata=aNKOyVh%2FBqIYFtqYNdtxd1slFpZC2e
> sxxRvrYowzxGU%3D&amp;reserved=0
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire 
> community list. If you want to reply only to the person who sent the 
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at 
> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> educause.edu%2Fcommunity&amp;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7
> C8f7cedb77b9a433a46e708d7b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7
> C0%7C0%7C637172933053749521&amp;sdata=aNKOyVh%2FBqIYFtqYNdtxd1slFpZC2e
> sxxRvrYowzxGU%3D&amp;reserved=0

-- 
Gene LeDuc                 | Any sufficiently advanced technology is
Technology Security        | indistinguishable from a rigged demo.
San Diego State University |   --James Klass

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&amp;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d7b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637172933053749521&amp;sdata=aNKOyVh%2FBqIYFtqYNdtxd1slFpZC2esxxRvrYowzxGU%3D&amp;reserved=0

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community