Corporate Boardrooms Open To Eavesdropping - Slashdot

Slashdot

Corporate Boardrooms Open To Eavesdropping 120

Posted by Unknown Lamer on Wednesday January 25, @11:10AM
from the it's-a-feature-i-tell-ya dept.

cweditor writes "One afternoon this month, a hacker toured a dozen corporate conference rooms via equipment that most every company has in those rooms: videoconferencing. Rapid7 says they could 'easily read a six-digit password from a sticky note over 20 feet away from the camera' and 'clearly hear conversations down the hallway from the video conferencing system.' With some systems, they could even capture keystrokes being typed in the room. Teleconferencing vendors defended their security, saying the auto-answer feature that left those system vulnerable was an effort to strike the right balance between security and usability."

This discussion has been archived. No new comments can be posted.

Corporate Boardrooms Open To Eavesdropping

Search 120 Comments Log In/Create an Account

Comments Filter:

Re:You're going to be disappointed...and bored (Score:4, Interesting)

by vlm (69642) writes: on Wednesday January 25, @11:22AM (#38818287)

I can summarize that long post to nothing ever gets accomplished in meetings, non-criminal or criminal.
Maybe you'll get to stare at a hot intern. Speaking of which, your best hope is "attending" some all-male meetings (not hard to find in the STEM fields) and then hope to catch some higher up making a "questionable" joke. Another possibility is catching people making fun of others, customers, clients, competitors, etc.
A lot of meetings are about primate dominance rituals, a sociology student Might find them interesting, but otherwise... For example maybe two decades ago I had a completely non-technical female boss in a 99% male highly technical industry who felt extreme need to assert dominance, so once a week we sat down in front of the then new ISDN video conferencing system and blew hundreds of dollars on LD costs listening to her cross examine people far away talking about stuff no one cared about which she didn't understand anyway. This was back when LD was like ten cents per minute per channel, and we used something like 8 ISDN B channels over a PRI to videoconference, which works out to something like $48/hour... per site... in addition to the spectacular labor cost of shutting down the entire multi-site department for hours on end. I figured once that with overhead each meeting was well into the 4 figure cost range, yet nothing ever really happened.

Parent Share
twitter facebook
Re:You're going to be disappointed...and bored (Score:3, Interesting)

by Anonymous Coward writes: on Wednesday January 25, @11:36AM (#38818481)

I am low down on the corporate later, but even I am regularly in meetings where things like "here is our list of suppliers who haven't been officially announced" and "this supplier is going away in two months, but they don't know it yet" are regularly discussed.

Parent Share
twitter facebook
Why video conference? (Score:5, Interesting)

by Colonel Korn (1258968) writes: on Wednesday January 25, @11:36AM (#38818485)

My experience is as a scientist and probably is of limited value in other fields, but: I've seen places where the remote meeting culture centered on video conferencing and I've seen places where it instead centered on audio, with the video replaced by slides. The slides normally show useful experimental data or borderline useful financial data. The video normally shows bored people.
When an internal meeting has video it's generally a sign that the meeting doesn't actually need to happen - it's better done through a couple emails or a quick IRC-equivalent chat. Again, outside the world of a scientist I expect this to be different.

Share
twitter facebook
Glad ours isn't setup that way (Score:4, Interesting)

by afidel (530433) writes: on Wednesday January 25, @11:43AM (#38818559)

I'm glad that for political reasons we use a third party reflector to do our video conferencing. Basically one of our partners had a flaky video conferencing setup that their IT guys couldn't or wouldn't fix but were all too happy to blame us because we would host the conferences. We tried everything we could to insure things went smoothly but when we could find no faults with our setup (and many other sites around the world never dropped) we implemented a layer 8 solution and moved the hosting of the conference off our equipment and onto a third party reflector. The other party continued to drop until their management got so fed up with the obviousness that it was their fault that they hired someone to fix it. Since it works and protects us politically we've kept the system, guess there's a nice bonus out of it in that we have no open inbound ports for the video conferencing gear =)

Share
twitter facebook
Low-Tech Solution (Score:4, Interesting)

by SniperJoe (1984152) writes: on Wednesday January 25, @11:54AM (#38818683)

I go into a lot of boardrooms in my line of business and I was actually at a business a few weeks ago that was obviously concerned about this, so they used the low-tech solution of a cardboard box over the videoconferencing device.

On the box, in handwritten black magic marker, it said "Do not remove unless participating in a video conference!" Not exactly high-tech, but I suppose it was more effective than nothing.

Share
twitter facebook
Re:Not just Teleconferencing... (Score:4, Interesting)

by Bigbutt (65939) writes: on Wednesday January 25, @12:10PM (#38818871) Homepage Journal

It was a test. Did you mention it to them?
[John]

Parent Share
twitter facebook
Even the "experts" have problems (Score:5, Interesting)

by hawguy (1600213) writes: on Wednesday January 25, @12:24PM (#38819077)

When we bought our video conferencing system, the vendor that implemented gave us their VTC unit's number for testing. Their test VTC system is in their main conference room.
Well, one day we were demoing the unit to a group of people and we called the vendor's unit. They were in the middle of an intense meeting, the CTO of the company was nearly yelling at his staff about a missed sale - I guess he saw the camera swivel into position and yelled "Who turned that bloody thing on! Turn it off!"
Pretty funny from our point of view, and our sales rep called later to apologize.
So if the vendor that implements these for a living can't remember to turn off auto-answer when it's important, how can anyone else? I'm surprised at the number of companies that leave auto-answer turned on. (and am also surprised at the number of companies that re-use conference bridge numbers, I accidentally called into a conference bridge an hour early for a meeting, and got to listen to the vendor talking with a competitor about a new project).

Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

477 commentsYour Passwords Don't Suck — It's Your Policies
418 commentsFBI Says American Universities Infiltrated by Spies
392 commentsAdobe Introduces the Paid Security Fix
343 commentsSymantec: Religious Sites "Riskier Than Porn For Viruses"
333 commentsOsama Bin Laden Didn't Encrypt His Files

Drive defensively. Buy a tank.