Reader Comments (rss)

(Flattened / Threaded)

1.  

   

   Chilly8, Aug 3rd, 2012 @ 5:25am

   
   

   So, if you work at DOJ and need WebEX, you can just use a VPN to get around it.

    

   [ reply to this | link to this | view in thread ]

2.  

   

   Ninja (profile), Aug 3rd, 2012 @ 5:30am

   
   

   Ignorance Technology.
   
   Or if you read to the opposit (TI) you could say Total Ignorance.

    

   [ reply to this | link to this | view in thread ]

3.  

   

   Loki, Aug 3rd, 2012 @ 5:31am

   
   

   I have a T-shirt that says "Sarcasm is the Body's Natural Defense Against Stupid."
   
   In this case I don't think that level of sarcasm exists. It's like using a volleyball net to protect yourself from a hurricane.

    

   [ reply to this | link to this | view in thread ]

4.  

   

   fogbugzd (profile), Aug 3rd, 2012 @ 5:32am

   
   

   I don't blame the DOJ. After all, there might be semenars on the Fourth Amendment, fair use, or other subversive material.

    

   [ reply to this | link to this | view in thread ]

5.  

   

   Ninja (profile), Aug 3rd, 2012 @ 5:44am

   
   

   Re:

   Need to keep everything in harmony to prevent social disturbances, right?

    

   [ reply to this | link to this | view in thread ]

6.  

   

   Zakida Paul (profile), Aug 3rd, 2012 @ 5:48am

   
   

   Re:

   And then you get the sack for breach of IT usage policy :)

    

   [ reply to this | link to this | view in thread ]

7.  

   

   GunSheep (profile), Aug 3rd, 2012 @ 5:59am

   
   

   I doubt it's the IT staff that is incompetent. I'm more likely to believe this is a management issue where the IT staff is taking the 'blame'.

    

   [ reply to this | link to this | view in thread ]

8.  

   

   John, Aug 3rd, 2012 @ 6:04am

   
   

   Java Maybe?

   I'm a network administrator and I block a lot but I allow Webex.
   
   "WebEx is the only on-demand online collaboration service provider to have earned both WebTrust and SAS70 certification, giving you the highest levels of security possible."
   
   If I had to guess I would say their IT doesn't like the requirements - Java, cookies enabled or ActiveX.

    

   [ reply to this | link to this | view in thread ]

9.  

   

   Anonymous Coward, Aug 3rd, 2012 @ 6:06am

   
   

   Re:

   This, ever so hard. Being in IT, I have lost count of the amount of times where IT is blamed for a shit policy we all know is completely ass-backwards, but someone so high demanded it and no one between my level and the 5 levels up where it was demanded has a backbone enough to say, "no, that's retarded," that we have to do it.

    

   [ reply to this | link to this | view in thread ]

10.  

    

    Anonymous Coward, Aug 3rd, 2012 @ 6:07am

    
    

    Hmmm...it's likely that there are a whole lot of people other than the IT staff who are incompetent..including the WebEx developer.
    
    Blaming the IT staff for this is like blaming the average soldier for strategic decisions by their commanders, defense contractors, and enemy combatants.

     

    [ reply to this | link to this | view in thread ]

11.  

    

    Danny (profile), Aug 3rd, 2012 @ 6:13am

    
    

    Re: Re:

    win win situation?

     

    [ reply to this | link to this | view in thread ]

12.  

    

    MonkeyFracasJr (profile), Aug 3rd, 2012 @ 6:16am

    
    

    Re: Management

    Yep.
    Mgmt: We have a problem with unauthorized Internet use.
    
    IT: Well have a 'discussion' with the people who are abusing privileges, explain the rules, and lay out consequences. AND FOLLOW THROUGH WITH THEM.
    
    Mgmt: No no no, just block the Internet for everyone.
    
    IT: derp.

     

    [ reply to this | link to this | view in thread ]

13.  

    

    Joe, Aug 3rd, 2012 @ 6:17am

    
    

    WebEx has issues

    I'm an IT administrator, and I'm grumpy that joining a WebEx meeting with Internet Explorer downloads an insecure version of their recording format player, which I then have to remove after-the-fact with my administrative permissions. It would be easier to just block WebEx, of course, but I don't want to interrupt the flow of work.
    
    More details below, from Secunia.
    
    Description:
    Multiple vulnerabilities have been reported in WebEx Recording Format Player, which can be exploited by malicious people to compromise a user's system.
    
    1) An indexing error when storing certain data during the processing of WRF files can be exploited to corrupt memory.
    
    2) An error when handling the length value of a Define Huffman Table (DHT) JPEG marker within a WRF file can be exploited to cause a stack-based buffer overflow.
    
    3) An error when processing certain records within WRF files can be exploited to cause a heap-based buffer overflow.
    
    4) A boundary error when processing WRF files can be exploited to cause a heap-based buffer overflow via a specially crafted Audio size value.
    
    Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
    
    The vulnerabilities are reported in the following versions:
    * Client builds 28.0.0 (T28 L10N).
    * Client builds 27.32.1 (T27 LD SP32 CP1) and prior.
    * Client builds 27.25.10 (T27 LC SP25 EP10) and prior.
    * Client builds 27.21.10 (T27 LB SP21 EP10) and prior.
    * Client builds 27.11.26 (T27 L SP11 EP26) and prior.
    
    Solution:
    Update to a fixed client build (please see the vendor's advisory for details).
    
    Provided and/or discovered by:
    1, 2, 4) Damian Put via iDefense.
    3) An anonymous person via iDefense.
    
    The vendor also credits Microsoft Vulnerability Research (MSVR).
    
    Changelog:
    2012-07-18: Updated vulnerabilities #1 through #4. Updated credits and added links.
    
    Original Advisory:
    Cisco:
    http://tools.cisco.com/security/...dvisory/cisco-sa-20120627-webex

     

    [ reply to this | link to this | view in thread ]

14. This comment has been flagged by the community. Click to show the comment.
     

    

    Anonymous Coward, Aug 3rd, 2012 @ 6:41am

    
    

    so there is an issue, but this non story from mike can't be passed over, he just wants to push his agenda about his hate for the govt and rules in general

     

    [ reply to this | link to this | view in thread ]

15.  

    

    j paul armstrong, Aug 3rd, 2012 @ 6:41am

    
    

    ECF training in 2012? DOJ 5-7 years late to the game

    ECF widely implemented in Federal District Courts more than 5 in many districts over 10 years ago so pretty tragic if they are still in the training phase. Given the ham fisted firewall wardens perhaps they are just getting online? truly frightening thought.....this has to be just for recent hires to get up to speed

     

    [ reply to this | link to this | view in thread ]

16.  

    

    quawonk, Aug 3rd, 2012 @ 6:48am

    
    

    Definitely a government that can be trusted with something like SOPA.

     

    [ reply to this | link to this | view in thread ]

17.  

    

    Anonymous Coward, Aug 3rd, 2012 @ 6:52am

    
    

    If they really want the IT folks to understand how stupid this is, tell them that from now on all IT Training will be by telephone only and watch the IT people melt down.

     

    [ reply to this | link to this | view in thread ]

18.  

    

    Ninja (profile), Aug 3rd, 2012 @ 6:53am

    
    

    Re: WebEx has issues

    That would be a reasonable motivation for the blockade. But they could warn the users about that. Somehow I think DOJ IT department has never seen this issue, it's just a blockad taken out of their collective behinds. I work at a Govt agency btw.

     

    [ reply to this | link to this | view in thread ]

19.  

    

    Josh in CharlotteNC (profile), Aug 3rd, 2012 @ 6:58am

    
    

    Re: Java Maybe?

    I'm thinking they have a problem with the high levels of security. Someone probably told them it uses that evil thing known as encryption.

     

    [ reply to this | link to this | view in thread ]

20.  

    

    Berenerd (profile), Aug 3rd, 2012 @ 7:07am

    
    

    Re: Java Maybe?

    Having formery worked in IT in the government, I am willing to bet its because there are gaping holes in IE 6 and to patch them now is to upgrade to IE8/9 and well, that would mean they would need to upgrade their internal websites and thats just crazy talk.

     

    [ reply to this | link to this | view in thread ]

21.  

    

    Berenerd (profile), Aug 3rd, 2012 @ 7:12am

    
    

    Re:

    I think the late night drinking binges have killed the last of your brain cells.

     

    [ reply to this | link to this | view in thread ]

22.  

    

    Jasmine Charter, Aug 3rd, 2012 @ 7:13am

    
    

    Buffons...

    It's really simple... yes... there are some vulnerabilities... yes.. WebEx is useful...
    
    Setup a conference room with a dedicated PC, off the main network... and allow webex's from the PC. No critical or sensitive data on the PC... no chance for hacking into their system...
    
    So simple... a caveman could do it.
    
    If only cavemen were running the DoJ instead of monkeys...

     

    [ reply to this | link to this | view in thread ]

23.  

    

    Anonymous Coward, Aug 3rd, 2012 @ 7:13am

    
    

    Webex is in fact a huge security hole. I would rather have the DOJ computers blocked from this and more. The OP's knee-jerk reaction to having his freedom restricted by this indicates a lack of understanding about security, and I would not be surprised to see him turn around and ridicule some agency for having a breach.

     

    [ reply to this | link to this | view in thread ]

24.  

    

    Anonymous Coward, Aug 3rd, 2012 @ 7:20am

    
    

    Re: Java Maybe?

    I'm going to have to agree with John and the other IT staff who've responded here. When I've worked external / customer helpdesk in the past, I spoke to dozens of government workers who just couldn't install plugins, or couldn't open a port. A lot of applications (including MS terminal server / mstsc.exe) open a random port on the client, and assume that the client firewall allows the executable to do as such.
    
    I doubt they blocked the webex site, I bet they just blocked technology that webex needs to function.

     

    [ reply to this | link to this | view in thread ]

25.  

    

    Donnicton, Aug 3rd, 2012 @ 7:23am

    
    

    Re:

    [Citation Needed]
    
    (and if you have one, why didn't you link it to begin with?)

     

    [ reply to this | link to this | view in thread ]

26.  

    

    Chris Estes, Aug 3rd, 2012 @ 7:30am

    
    

    US Govt Systems often blocked due to sensitive data

    Several government agencies block certain kinds of Internet access, especially those that allow for desktop sharing, because of the potential of accidentally leaking privacy information. Some agencies got funding to upgrade to modern systems, set up alternate safe computers for this, but we live in an age where denying any spending on government is all the rage and we blame government when their out-dated computer systems are unable to meet today's standards. This is a more nuanced issue than the bumper-sticker sized treatment it's getting. I remember when FBI agents had to have two computers, on for the network with their information, one to see the outside world. And the ATF -- well, ask the NRA why they aren't able to upgrade systems.

     

    [ reply to this | link to this | view in thread ]

27.  

    

    Loki, Aug 3rd, 2012 @ 8:01am

    
    

    Re:

    Agreed, although experience has shown that management this breathtakingly clueless tend to have issues keeping top notch IT people because they get tired of the headaches from banging their heads against the wall and find more rewarding places to work.

     

    [ reply to this | link to this | view in thread ]

28.  

    

    Anonymous Coward, Aug 3rd, 2012 @ 8:28am

    
    

    Re: Donnicton

    [Citation not needed]
    
    Joe already cited secunia above. Even without software vulnerabilities, Webex is two-way communication, not just a webinar viewer.

     

    [ reply to this | link to this | view in thread ]

29.  

    

    Gregory Snipes, Aug 3rd, 2012 @ 8:50am

    
    

    Re:

    VPNs are blocked too.

     

    [ reply to this | link to this | view in thread ]

30.  

    

    The eejit (profile), Aug 3rd, 2012 @ 9:44am

    
    

    Re: Re: Management

    I think that "derp" is clearly replaced with homicidal thoughts towards management done as either a Java applet or in Ruby.
    
    Which is blocked. Cue recursive violent thoughts against management...

     

    [ reply to this | link to this | view in thread ]

31.  

    

    The eejit (profile), Aug 3rd, 2012 @ 9:47am

    
    

    Re: Re:

    Don't mind that. I was just testing the WebEx zombie script I just wrote.

     

    [ reply to this | link to this | view in thread ]

32.  

    

    harbingerofdoom (profile), Aug 3rd, 2012 @ 10:39am

    
    

    Re: Re:

    as far as an IT group goes, you would have to be a special kind of stupid to wind up blocking webex like that. i would say i agree and that it has got to be an upper management decision driving this... but sadly we are talking about the DOJ and its quite conceivable that we are talking about IT people that really *ARE* that special kinda stupid.

     

    [ reply to this | link to this | view in thread ]

33.  

    

    ZacWolf, Aug 3rd, 2012 @ 2:19pm

    
    

    WebEx allows desktop sharing

    There are two valid reasons I can think of for this...
    
    WebEx Conferencing is configured "per host domain", and those settings include whether or not the "owner" of the conference requires an SSL based connection (not on by default), or on the "public" servers.
    
    Since WebEx enables full desktop sharing between participants (beyond just single file PowerPoint sharing), this could easily expose information that shouldn't be seen by others on a conference.
    
    I can tell you from experience that the incompetence is on the users, because I've often seen some stuff that people have unintentionally shared that they should not have...

     

    [ reply to this | link to this | view in thread ]

34.  

    

    Anonymous Coward, Aug 3rd, 2012 @ 7:19pm

    
    

    Re: Buffons...

    OMG! Racist!
    (j/k)

     

    [ reply to this | link to this | view in thread ]

35.  

    

    Anonymous Coward, Aug 3rd, 2012 @ 7:28pm

    
    

    Re:

    And supplying Mexican drug gangs with weaponry.

     

    [ reply to this | link to this | view in thread ]

36.  

    

    Anonymous Coward, Aug 4th, 2012 @ 7:59am

    
    

    I wish my employer would block Webex. It truly is amazing how bad it sucks, yet continues to survive in the marketplace.

     

    [ reply to this | link to this | view in thread ]

37.  

    

    Cliff Steinman, Dec 19th, 2012 @ 1:26pm

    
    

    Not so much

    It's not such a terrible idea. WebEx Meeting Center and WebEx remote control, to my knowledge can't be diferentiated. Therefore the only way to ensure people outside can't take control of inside computers with WebEx is to block the site. I'm dealing with this now at my company. Firewalls, proxys, dedicated content filtering, AppLocker, third-party software, we've called various companies and everything. Webex though is not quite as bad as LogMeIn which can allow remote unattended access. For the DOJ I think this makes sense.

     

    [ reply to this | link to this | view in thread ]

38.  

    

    Cliff Steinman, Dec 19th, 2012 @ 1:33pm

    
    

    Re: Not so much

    I'm partially not surprised to see all the backlash in these comments, however I'll always be amazed at how many people disagree or argue a point they haven't looked into or know anything about besides the paragraph they read. This is a no-brainer for me. If we had another delivery method for the WebEx meetings we have with federal auditors and core software training we would have it blocked. We'd like to allow meeting sessions but not remote control sessions. They both use the same DLLs for the most part and the same IPs. Cisco would have to make a fundamental change in the software to fix this dichotomy. SO, for now we're stuck with allowing all of WebEx instead of blocking it all, that's all you can do.

     

    [ reply to this | link to this | view in thread ]

Add Your Comment