Cisco tells users to lock down WebEx to prevent snooping

A security researcher found potentially sensitive meetings open for anyone to join

Exclamation point on screen warning alert caution stop
Credit: Thinkstock

Cisco has warned customers to lock down WebEx after a security researcher and journalist found many big-name companies left some online meetings open for anyone to join.

Brian Krebs wrote on his blog that he found companies and organizations that failed to password protect WebEx meetings, which allowed "anyone to join daily meetings about apparently internal discussions and planning sessions."

Meeting schedules for organizations were available through WebEx's "Event Center," he wrote.

Cisco has a variety of options for WebEx that are intended to accommodate sensitive meetings and ones intended for the public.

For example, Cisco requires a password to be set by default for a meeting, but that option can be turned off, wrote Aaron Lewis, who works in global social media marketing, on a company blog.

"The most secure meetings will always be protected by a complex password," Lewis wrote.

Companies may publicly list a meeting for webinars that anyone can join, but "if your WebEx site administrator or IT department allows listed meetings, then we recommend listing your meeting only if there is a true business reason," Lewis wrote.

Another tip is to disable the option "join before host," which will then give the host visibility on who has joined. Also, setting the "host as presenter" prevents someone else form joining the meeting and sharing content, Lewis wrote.

Krebs wrote he found meetings not protected by a password from a host of companies and organizations, including Charles Schwab, CSC, CBS, CVS, The U.S. Department of Energy, Fannie Mae, Jones Day, Orbitz, Paychex Services and Union Pacific.

Send news tips and comments to Follow me on Twitter: @jeremy_kirk

The march toward exascale computers
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies