Monday, May 18, 2009

Need Security? Don't try WebEx... "WebEx Security Vulnerability Could Allow Remote Attacks"

Great article at the http://www.webconferencingcouncil.com/ which illustrates how much security is a consideration with Web Conferencing solutions:

An ActiveX control (atucfobj.dll) that is used by the Cisco WebEx Meeting Manager contains a buffer overflow vulnerability that may result in a denial of service or remote code execution. The WebEx Meeting Manager is a client-side program that is provided by the Cisco WebEx meeting service. The Cisco WebEx meeting service automatically downloads, installs, and configures Meeting Manager the first time a user begins or joins a meeting.

As Cisco says:

“A buffer overflow vulnerability exists in an ActiveX control used by the WebEx Meeting Manager. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the user client machine. The WebEx Meeting Manager is a client-side program that is provided by the Cisco WebEx meeting service. The Cisco WebEx meeting service automatically downloads, installs, and configures Meeting Manager the first time a user begins or joins a meeting.”


If you want to use a fully secure web conferencing product, you will want to try VIA3 at http://www.viack.com/:

VIA3 was built from the ground up to offer privacy for anyone who needs to rely on the Internet for sensitive communications. VIACK uses combination of SSL (Secure Socket Layer - similar to your bank or online shopping cart) and end-to-end Advanced Encryption Standard (AES) encryption for all data, including audio and video.

The VIA3 cryptographic module has been certified to meet Federal Information Processing Standards (FIPS) 140-2, a government standard for cryptographic module security requirements as defined by the National Institute of Standards and Technology.

This commitment to privacy protects your data at every possible point whether your information is in motion or at rest in a Workspace. With VIA3, you control who can contact you or see you online. You determine the level of access each person has to your sensitive files, workspaces and online meetings. All files, meetings and data are fully encrypted.