Justice Department IT Staff So Incompetent They Block All Webex Conferences

from the the-software-may-suck,-but... dept

We’ve heard all sorts of random stories about over-aggressive IT staffs or filters that block random websites for no good reason, but sometimes the situations are truly bizarre. For example, a friend sent over an announcement concerning a webinar from the DC District Court about the Electronic Case Filing (ECF) system. Obviously this is a useful thing for lawyers and law enforcement to understand. So it struck us as interesting to see the following tidbit in the emailed announcement:

SPECIAL NOTE TO DEPARTMENT OF JUSTICE ATTORNEYS/STAFF:
The WebEx web conferencing website is not accessible to DOJ attorneys/staff due to internet blocks set in place by your IT department, therefore you are unable to register for a webinar training class or participate in the WebEx training room session itself. However, the option to participate in only the teleconference portion of the training class is available and will still prove useful.

Really, now? We’ve already had reasons to question the technical competence of the DOJ, but to do a complete block of all Webex webinars? Overkill much?

Filed Under: , , , , ,
Companies: webex

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Justice Department IT Staff So Incompetent They Block All Webex Conferences”

Subscribe: RSS Leave a comment
39 Comments
Anonymous Coward says:

Re: Re:

This, ever so hard. Being in IT, I have lost count of the amount of times where IT is blamed for a shit policy we all know is completely ass-backwards, but someone so high demanded it and no one between my level and the 5 levels up where it was demanded has a backbone enough to say, “no, that’s retarded,” that we have to do it.

harbingerofdoom (profile) says:

Re: Re: Re:

as far as an IT group goes, you would have to be a special kind of stupid to wind up blocking webex like that. i would say i agree and that it has got to be an upper management decision driving this… but sadly we are talking about the DOJ and its quite conceivable that we are talking about IT people that really *ARE* that special kinda stupid.

John says:

Java Maybe?

I’m a network administrator and I block a lot but I allow Webex.

“WebEx is the only on-demand online collaboration service provider to have earned both WebTrust and SAS70 certification, giving you the highest levels of security possible.”

If I had to guess I would say their IT doesn’t like the requirements – Java, cookies enabled or ActiveX.

Anonymous Coward says:

Re: Java Maybe?

I’m going to have to agree with John and the other IT staff who’ve responded here. When I’ve worked external / customer helpdesk in the past, I spoke to dozens of government workers who just couldn’t install plugins, or couldn’t open a port. A lot of applications (including MS terminal server / mstsc.exe) open a random port on the client, and assume that the client firewall allows the executable to do as such.

I doubt they blocked the webex site, I bet they just blocked technology that webex needs to function.

Joe (profile) says:

WebEx has issues

I’m an IT administrator, and I’m grumpy that joining a WebEx meeting with Internet Explorer downloads an insecure version of their recording format player, which I then have to remove after-the-fact with my administrative permissions. It would be easier to just block WebEx, of course, but I don’t want to interrupt the flow of work.

More details below, from Secunia.

Description:
Multiple vulnerabilities have been reported in WebEx Recording Format Player, which can be exploited by malicious people to compromise a user’s system.

1) An indexing error when storing certain data during the processing of WRF files can be exploited to corrupt memory.

2) An error when handling the length value of a Define Huffman Table (DHT) JPEG marker within a WRF file can be exploited to cause a stack-based buffer overflow.

3) An error when processing certain records within WRF files can be exploited to cause a heap-based buffer overflow.

4) A boundary error when processing WRF files can be exploited to cause a heap-based buffer overflow via a specially crafted Audio size value.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in the following versions:
* Client builds 28.0.0 (T28 L10N).
* Client builds 27.32.1 (T27 LD SP32 CP1) and prior.
* Client builds 27.25.10 (T27 LC SP25 EP10) and prior.
* Client builds 27.21.10 (T27 LB SP21 EP10) and prior.
* Client builds 27.11.26 (T27 L SP11 EP26) and prior.

Solution:
Update to a fixed client build (please see the vendor’s advisory for details).

Provided and/or discovered by:
1, 2, 4) Damian Put via iDefense.
3) An anonymous person via iDefense.

The vendor also credits Microsoft Vulnerability Research (MSVR).

Changelog:
2012-07-18: Updated vulnerabilities #1 through #4. Updated credits and added links.

Original Advisory:
Cisco:
http://tools.cisco.com/security/…dvisory/cisco-sa-20120627-webex

j paul armstrong (user link) says:

ECF training in 2012? DOJ 5-7 years late to the game

ECF widely implemented in Federal District Courts more than 5 in many districts over 10 years ago so pretty tragic if they are still in the training phase. Given the ham fisted firewall wardens perhaps they are just getting online? truly frightening thought…..this has to be just for recent hires to get up to speed

Jasmine Charter (user link) says:

Buffons...

It’s really simple… yes… there are some vulnerabilities… yes.. WebEx is useful…

Setup a conference room with a dedicated PC, off the main network… and allow webex’s from the PC. No critical or sensitive data on the PC… no chance for hacking into their system…

So simple… a caveman could do it.

If only cavemen were running the DoJ instead of monkeys…

Anonymous Coward says:

Webex is in fact a huge security hole. I would rather have the DOJ computers blocked from this and more. The OP’s knee-jerk reaction to having his freedom restricted by this indicates a lack of understanding about security, and I would not be surprised to see him turn around and ridicule some agency for having a breach.

Chris Estes says:

US Govt Systems often blocked due to sensitive data

Several government agencies block certain kinds of Internet access, especially those that allow for desktop sharing, because of the potential of accidentally leaking privacy information. Some agencies got funding to upgrade to modern systems, set up alternate safe computers for this, but we live in an age where denying any spending on government is all the rage and we blame government when their out-dated computer systems are unable to meet today’s standards. This is a more nuanced issue than the bumper-sticker sized treatment it’s getting. I remember when FBI agents had to have two computers, on for the network with their information, one to see the outside world. And the ATF — well, ask the NRA why they aren’t able to upgrade systems.

ZacWolf (profile) says:

WebEx allows desktop sharing

There are two valid reasons I can think of for this…

WebEx Conferencing is configured “per host domain”, and those settings include whether or not the “owner” of the conference requires an SSL based connection (not on by default), or on the “public” servers.

Since WebEx enables full desktop sharing between participants (beyond just single file PowerPoint sharing), this could easily expose information that shouldn’t be seen by others on a conference.

I can tell you from experience that the incompetence is on the users, because I’ve often seen some stuff that people have unintentionally shared that they should not have…

Cliff Steinman says:

Not so much

It’s not such a terrible idea. WebEx Meeting Center and WebEx remote control, to my knowledge can’t be diferentiated. Therefore the only way to ensure people outside can’t take control of inside computers with WebEx is to block the site. I’m dealing with this now at my company. Firewalls, proxys, dedicated content filtering, AppLocker, third-party software, we’ve called various companies and everything. Webex though is not quite as bad as LogMeIn which can allow remote unattended access. For the DOJ I think this makes sense.

Cliff Steinman says:

Not so much

I’m partially not surprised to see all the backlash in these comments, however I’ll always be amazed at how many people disagree or argue a point they haven’t looked into or know anything about besides the paragraph they read. This is a no-brainer for me. If we had another delivery method for the WebEx meetings we have with federal auditors and core software training we would have it blocked. We’d like to allow meeting sessions but not remote control sessions. They both use the same DLLs for the most part and the same IPs. Cisco would have to make a fundamental change in the software to fix this dichotomy. SO, for now we’re stuck with allowing all of WebEx instead of blocking it all, that’s all you can do.

none says:

Here is why its blocked

The reason why webex is blocked is due to the fact that they fail to make a proper installer. The software installs under the user’s profile EVEN WHEN INSTALLED WITH ADMIN RIGHTS. There is no option to install their software under program files or anywhere else. I know because I called them supposedly they are working on it.

So let me explain this to the non technical crowd. If setup properly you are not an administrator of your machine. This means you have no power to modify installed applications on your device. You do have the power to run them and also save documents, favorites and some other items as designed by your group policy administrator.

In response to the increased limited powers of the average end user, certain software makers have modified the installation of their software to areas that you are able to modify. This essentially allows for installation of software by non administrators, and here in lies the problem. In the case of gotomeeting/webex this is the only option to install it.

Scenario 1.

You get bored at work and like animals so you decide to surf seemingly harmless websites until you hit a browser exploit. This exploit then inserts code into your user profile in a randomly named folder next to the webex folder in your profile. Your antivirus fails to detect it. That code then systematically encrypts your files and then destroys your network shares. This has now compromised the security of your organization and cost thousands of dollars. You have just been owned by cryptolocker.
WebEx works fine though you can all have a meeting to discuss the damage.

Scenario 2.

You get bored at work and like animals so you decide to surf seemingly harmless websites until you hit a browser exploit. This exploit then inserts code into your user profile in a randomly named folder next to the webex folder in your profile. Your antivirus fails to detect it.

NOW HERE IS THE DIFFERENCE

The code attempts to run but is prohibited from execution via group policy software restriction via path rule. No code execution is allowed from your user profile. The threat that would have compromised your system has been stopped dead. A week or so later your antivirus finally catches up and it is deleted. Oh and gotomeeting/webex does not work.

If you appreciated this explanation

BTC 1N2NJyBKJEgu22htUhgtiaJcedUgLNHtQA

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...