http://krebsonsecurity.com/2014/10/whos-watching-your-webex/
By Brian Krebs
Krebs on Security
Oct 13, 2014
KrebsOnSecurity spent a good part of the past week working with Cisco to
alert more than four dozen companies — many of them household names —
about regular corporate WebEx conference meetings that lack passwords and
are thus open to anyone who wants to listen in.
At issue are recurring video- and audio conference-based meetings that
companies make available to their employees via WebEx, a set of online
conferencing tools run by Cisco. These services allow customers to
password-protect meetings, but it was trivial to find dozens of major
companies that do not follow this basic best practice and allow virtually
anyone to join daily meetings about apparently internal discussions and
planning sessions.
Many of the meetings that can be found by a cursory search within an
organization’s “Events Center” listing on Webex.com seem to be intended
for public viewing, such as product demonstrations and presentations for
prospective customers and clients. However, from there it is often easy to
discover a host of other, more proprietary WebEx meetings simply by
clicking through the daily and weekly meetings listed in each
organization’s “Meeting Center” section on the Webex.com site.
Some of the more interesting, non-password-protected recurring meetings I
found include those from Charles Schwab, CSC, CBS, CVS, The U.S.
Department of Energy, Fannie Mae, Jones Day, Orbitz, Paychex Services, and
Union Pacific. Some entities even also allowed access to archived event
recordings.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
