Closed-door meetings by Canada's Quebec Liberal Party were exposed to trivial eavesdropping thanks to flaws in its video conferencing software.
The flaws, found and reported by a resident white hat researcher, are being fixed.
The researcher speaking on the condition of anonymity told local tabloid Le Journal de Montreal (French) he accessed the video streams using a vulnerability and the default password which was in use.
They were able to gain on-demand access to two meeting rooms in Quebec and Montreal, and supplied screen captures as evidence of the exploit.
"It was just too easy," the researcher told the paper. "It is as if they had stuck their PIN on their credit card."
Party communications director Maxime Roy says nothing relating to national security was discussed at the meetings... "We are working with our supplier." more
Need help?
Call me.
Showing posts with label conference call. Show all posts
Showing posts with label conference call. Show all posts
Wednesday, June 22, 2016
Tuesday, January 26, 2016
Security Director Alert: Check your board and conference rooms for equipment made by AMX
Lots of companies -- and even the White House -- use a conference calling system that could possibly be tapped by hackers, according to new research.
On Thursday, cybersecurity experts at SEC Consult revealed a secret doorway that's built into a popular conference calling product built by a company called AMX.
AMX makes tablet panels used to control conference calls for businesses, government agencies and universities.
The company hard-coded backdoor access into its system. AMX created a "secret account" with a permanent username and password, which means a hacker who already sneaked into a computer network could tap into actual meetings, if the hacker knew the backdoor access code.
It's a glaring security hole. more
Murray Associates Recommendation
A firmware update is available for products and systems incorporating the NetLinx NX Control platform:
Firmware downloads require a current login and password for the AMX Account Center to access the protected Technical Documentation and Support Materials sections of the AMX by HARMAN website. Technical Support Staff within End User organizations should contact their authorized AMX Dealer or HARMAN Professional representative for assistance.
On Thursday, cybersecurity experts at SEC Consult revealed a secret doorway that's built into a popular conference calling product built by a company called AMX.
AMX makes tablet panels used to control conference calls for businesses, government agencies and universities.
The company hard-coded backdoor access into its system. AMX created a "secret account" with a permanent username and password, which means a hacker who already sneaked into a computer network could tap into actual meetings, if the hacker knew the backdoor access code.
It's a glaring security hole. more
Murray Associates Recommendation
A firmware update is available for products and systems incorporating the NetLinx NX Control platform:
NX Series Controllers
|
Massio® ControlPads
|
||||||||||||
Enova® DVX All-in-One Presentation Switchers
|
Firmware downloads require a current login and password for the AMX Account Center to access the protected Technical Documentation and Support Materials sections of the AMX by HARMAN website. Technical Support Staff within End User organizations should contact their authorized AMX Dealer or HARMAN Professional representative for assistance.
Friday, August 15, 2014
The 1-Click Conference Call Trick - Ease or Espionage?
from the website...
"We made CCALL because it’s a pain in the axx to enter conference codes from a mobile phone. If you've ever had a calendar invite with a long conference ID and scribbled it on the back of your hand to avoid jumping between the email, your calendar and your phone app then you understand why we did this."
Question: Do you think this a clever public service, or a clever social engineering eavesdropping / espionage trick? Doesn't matter. I know what I am telling my clients.
"We made CCALL because it’s a pain in the axx to enter conference codes from a mobile phone. If you've ever had a calendar invite with a long conference ID and scribbled it on the back of your hand to avoid jumping between the email, your calendar and your phone app then you understand why we did this."
Question: Do you think this a clever public service, or a clever social engineering eavesdropping / espionage trick? Doesn't matter. I know what I am telling my clients.
Friday, July 11, 2014
You Know You Want One...
Have something small — cash, microfilm, an SD card loaded with private videos — that you want kept safe and out-of-sight?
Hide it in plain view with the Spy Bolt. Based on Soviet KGB hollow bolts, this handy gadget features a secret storage compartment that's nearly half and inch in diameter and almost three inches long, offering plenty of room for covert communications. And should the bolt find its way outside, you rest assured that the contents are safe, thanks to an O-ring seal around the top. (more)
Wednesday, June 11, 2014
Conference Call Eavesdropping: The Secretary Will Disavow Any Knowledge...
CO - Kelly Cronin, former vice chancellor for institutional advancement for the Texas Tech System, is leaving her fundraising post at the University of Colorado after her assistant was found to have eavesdropped on a private meeting of the CU Foundation’s Board of Directors.
According to the Chronicle of Higher Education, a $40,000 outside investigation found Cronin’s assistant listened in on a closed-session conference call of the board, but found no evidence Cronin told the assistant to do so. (more)
According to the Chronicle of Higher Education, a $40,000 outside investigation found Cronin’s assistant listened in on a closed-session conference call of the board, but found no evidence Cronin told the assistant to do so. (more)
Subscribe to:
Posts (Atom)