15 comments

[ 4.5 ms ] story [ 39.4 ms ] thread
Given the appalling record of Cisco products for backdoors [0], and the allegation that Cisco willingly installed backdoors [1] on the orders of an agency known for espionage against the German government [2], is it a surprise that the Russians found a key under the flower-pot?

[0] https://www.tomshardware.com/news/cisco-backdoor-hardcoded-a...

[1] https://www.infoworld.com/article/2608141/snowden--the-nsa-p...

[2] https://www.spiegel.de/international/germany/cover-story-how...

(comment deleted)
I hold the wider Cisco org with as much contempt as any non-MBA technologist, but to be fair, the WebEx team appear to be doing some interesting things with zero trust [0], MLS [1], and watermarking [2].

A lot of mass market / SaaS comms tools are abysmal at best on the security front but it's nice to at least see some semblance of effort on a few layers of controls.

[0]: https://www.webex.com/content/dam/wbx/us/documents/pdf/Zero_...

[1]: https://messaginglayersecurity.rocks/

[2]: https://blog.webex.com/hybrid-work/webex-audio-watermarking/

And that's what happens if you demilitarize and then put all your cards on consulting companies. I wanna see the KPMG, McKinsey battalion defending the Eastern border against a Russian invasion.
Well aware that the big consulting firms work closely with western governments on certain subjects (public health, economy) but if they are providing military advice, that's news to me.
Me too. These guys are a net loss for the humanity at large. No one would miss them.
Seems unlikely related to the Webex platform itself - either a device or account breach or network if they were silly enough not to use the E2E encryption feature.
There is a bunch of speculation on German reddit as to what caused the leak. An interesting theory includes a Bluetooth headset getting hacked.
That would make a lot of sense given the absolute crapware that comes with them.
Could you kindly share a link?
I heard "dialed into the Webex call from Singapore over an unsecure phone line" one.
(comment deleted)