Educause Security Discussion mailing list archives
Re: [EXTERNAL] Re: [SECURITY] TikTok Security (should we block it)
From: Rob Milman <rob.milman () SAIT CA>
Date: Fri, 14 Feb 2020 20:54:11 +0000
Agreed. Rob Milman Associate Director, Information Security Information Technology Services Southern Alberta Institute of Technology EH Crandell Building, GA 214 1301 – 16 Avenue NW, Calgary AB, T2M 0L4 (Office) 403.774.5401 (Cell) 403.606.3173 rob.milman () sait ca -----Original Message----- From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Menne, Michael S Sent: Friday, February 14, 2020 12:01 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] [EXTERNAL] Re: [SECURITY] TikTok Security (should we block it) I do not want to be in the business of policing what apps people should or shouldn't use by means of technology blocking. Blocking them at the firewall is pretty much a useless futile effort. Users will simply turn off WiFi and run over cell data. Given the concerns and risks to student data we face as a University, TikTok is not one that rises to the top of my list to worry about on a daily basis. It's kind of a daily fire fight. With the house in front of me burning, I can't worry about the house that may or may not catch fire across the street. Do I need to keep an eye on the developments? Certainly, but not to the level that I'm going to take action on at the moment. We may post a news article, but that's about as far as I would take it at the moment. Michael Menne, CISSP Chief Information Security Officer IT Solutions Information Security Minnesota State University, Mankato Phone: (507) 389-5705 mnsu.edu/cyberaware Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -----Original Message----- From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Gene LeDuc Sent: Friday, February 14, 2020 10:08 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] [EXTERNAL] Re: [SECURITY] TikTok Security (should we block it) Palo Alto has an app signature for tiktok, we'd block on that if we needed to. We haven't talked about doing anything like that, if we do it will probably be just for domain-joined devices. Gene On 2/14/20 6:57 AM, randy wrote:
I'm not sure how one would block it given it being installed mostly on individual machines. Certainly a warning about its dangers/weaknesses should be publicized. -Randy Marchany VA Tech IT Security Office & Lab On Thu, Feb 13, 2020 at 10:33 AM Davidson, Charles <cdavidson () wpi edu <mailto:cdavidson () wpi edu>> wrote: Hello, Has anyone considered blocking Tiktok on their campus due to the poor security reported? Some of the articles I have been reading are below. Thanks, Charlie Related TikTok Articles: *China's TikTok banned by US Army amid security concerns: Report* https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.zdnet.com%2Fgoogle-amp%2Farticle%2Fchinas-tiktok-banned-by-us-army-amid-security-concerns-report%2F&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d7b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637172933053739523&sdata=bJUfu%2FHWqe9iZ7dBzqeD870arSpRP%2BosPouajW8siGw%3D&reserved=0 <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.zdnet.com%2Fgoogle-amp%2Farticle%2Fchinas-tiktok-banned-by-us-army-amid-security-concerns-report%2F&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d7b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637172933053739523&sdata=bJUfu%2FHWqe9iZ7dBzqeD870arSpRP%2BosPouajW8siGw%3D&reserved=0> reported in the news *Senators call for federal investigation into TikTok for potential national security risks* https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. zdnet.com%2Farticle%2Fsenators-call-for-federal-investigation-into-tik tok-for-potential-national-security-risks%2F%23ftag%3DCAD-00-10aag7e&a mp;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d7b 1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C63717293305373952 3&sdata=vElFn%2BATr7r4o93KvFJIUwQfi069TF4YV3DhRrDbyYQ%3D&reser ved=0 <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww .zdnet.com%2Farticle%2Fsenators-call-for-federal-investigation-into-ti ktok-for-potential-national-security-risks%2F%23ftag%3DCAD-00-10aag7e& amp;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d7 b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C6371729330537395 23&sdata=vElFn%2BATr7r4o93KvFJIUwQfi069TF4YV3DhRrDbyYQ%3D&rese rved=0> *Major TikTok Security Flaws Found* https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. nytimes.com%2F2020%2F01%2F08%2Ftechnology%2Ftiktok-security-flaws.html &data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d 7b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637172933053739 523&sdata=RDCMitH8MyfKZh7IhCEXxL%2BSCTMHRSQzVoYYfeneI1Y%3D&res erved=0 <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww .nytimes.com%2F2020%2F01%2F08%2Ftechnology%2Ftiktok-security-flaws.htm l&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708 d7b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C63717293305373 9523&sdata=RDCMitH8MyfKZh7IhCEXxL%2BSCTMHRSQzVoYYfeneI1Y%3D&re served=0> *Tik or Tok? Is TikTok secure enough?* https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Frese arch.checkpoint.com%2F2020%2Ftik-or-tok-is-tiktok-secure-enough%2F& ;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d7b16 81e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637172933053749521& amp;sdata=xFmCZDmDC%2FUgcS%2BS7yuCrmNhc%2Frn1w8PfyA9kb4s5EM%3D&res erved=0 <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fres earch.checkpoint.com%2F2020%2Ftik-or-tok-is-tiktok-secure-enough%2F&am p;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d7b1 681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637172933053749521 &sdata=xFmCZDmDC%2FUgcS%2BS7yuCrmNhc%2Frn1w8PfyA9kb4s5EM%3D&re served=0> *Is TikTok a Cybersecurity Threat?* https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. infosecurity-magazine.com%2Fopinions%2Ftiktok-cybersecurity-threat%2F& amp;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d7 b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C6371729330537495 21&sdata=WCtkTTqa7q7Ruoh%2BPbQPTWiRoH74TWTIxgcB%2FAxO6LE%3D&re served=0 <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww .infosecurity-magazine.com%2Fopinions%2Ftiktok-cybersecurity-threat%2F &data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d 7b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637172933053749 521&sdata=WCtkTTqa7q7Ruoh%2BPbQPTWiRoH74TWTIxgcB%2FAxO6LE%3D&r eserved=0> *Charles Davidson, CISSP* Information Security Engineer *p:*(508) 831-6250 1518278940442_worcester-polytechnic-institute_2014-06-05_14-10-50.981. png /Worcester Polytechnic Institute //•// Information Technology/ ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. educause.edu%2Fcommunity&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7 C8f7cedb77b9a433a46e708d7b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7 C0%7C0%7C637172933053749521&sdata=aNKOyVh%2FBqIYFtqYNdtxd1slFpZC2e sxxRvrYowzxGU%3D&reserved=0 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. educause.edu%2Fcommunity&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7 C8f7cedb77b9a433a46e708d7b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7 C0%7C0%7C637172933053749521&sdata=aNKOyVh%2FBqIYFtqYNdtxd1slFpZC2e sxxRvrYowzxGU%3D&reserved=0
-- Gene LeDuc | Any sufficiently advanced technology is Technology Security | indistinguishable from a rigged demo. San Diego State University | --James Klass ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8f7cedb77b9a433a46e708d7b1681e6e%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C637172933053749521&sdata=aNKOyVh%2FBqIYFtqYNdtxd1slFpZC2esxxRvrYowzxGU%3D&reserved=0 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- TikTok Security (should we block it) Davidson, Charles (Feb 13)
- Re: TikTok Security (should we block it) randy (Feb 14)
- Re: [EXTERNAL] Re: [SECURITY] TikTok Security (should we block it) Gene LeDuc (Feb 14)
- Re: [EXTERNAL] Re: [SECURITY] TikTok Security (should we block it) Menne, Michael S (Feb 14)
- Re: [EXTERNAL] Re: [SECURITY] TikTok Security (should we block it) Rob Milman (Feb 14)
- Re: [EXTERNAL] Re: [SECURITY] TikTok Security (should we block it) Gene LeDuc (Feb 14)
- Re: TikTok Security (should we block it) randy (Feb 14)