OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [PEN-TEST] WebEx security?
From: Jonah Kowall (jkowallPSTEERING.COM)
Date: Tue Oct 31 2000 - 12:44:49 CST


I agree with that, my company integrates, and uses the product. Its a
suberb product, it works through all large corporate firewalls, which is
more than most compeditors. It is also small, quick, and very functional.
Since they do all the hosting, the insecure nature of their corporate
network does worry me about using the product. I had never looked over
their network, but in my basic probes it seems they do have a number of
holes.

-----Original Message-----
From: Alfred Huger [mailto:ahSECURITYFOCUS.COM]
Sent: Tuesday, October 31, 2000 12:53 PM
To: PEN-TESTSECURITYFOCUS.COM
Subject: Re: [PEN-TEST] WebEx security?

On Tue, 31 Oct 2000, Erik Tayler wrote:

> A general overview would suffice. Anyone with non-intrusive probing
> capabilities would be able to tell right off the bat.
>
> And no, I didn't break into their site, then draw up the conclusion they
> are insecure.

I would have to disagree with the notion that weak network security on
their site relates to an insecure product. The IT folks are without doubt
not the same people who are writing the application in question. I can
think of a number of vendors who have excellent products in terms of
security and terrible network security....

Bad IT people do not add up to a bad product.