Submitted via IRC for TheMightyBuzzard
The Chrome browser extension for Cisco Systems WebEx communications and collaboration service was just updated to fix a vulnerability that leaves all 20 million users susceptible to drive-by attacks that can be carried out by just about any website they visit.
A combination of factors makes the vulnerabilities among the most severe in recent memory. First, WebEx is largely used in enterprise environments, which typically have the most to lose. Second, once a vulnerable user visits a site, it's trivial for anyone with control of it to execute malicious code with little sign anything is amiss. The vulnerability and the resulting patch were disclosed in a blog post published Monday by Tavis Ormandy, a researcher with Google's Project Zero security disclosure service.
Martijn Grooten, a security researcher for Virus Bulletin, told Ars:
If someone with malicious intentions (Tavis, as per Google's policy, disclosed this responsibly) had discovered this, it could have been a goldmine for exploit kits. Not only is 20 million users a large enough number to make it worthwhile in opportunistic attacks, I assume people running WebEx are more likely to be corporate users. Imagine combining this with ransomware!
(Score: 2) by dyingtolive on Thursday January 26 2017, @05:46PM
Guess I gotta disable that when I get home. I take meetings sometimes from my desktop. That's the last thing I need to deal with.
Don't blame me, I voted for moose wang!
(Score: 4, Funny) by DannyB on Thursday January 26 2017, @06:23PM
Agree, meetings are the last thing I need to deal with.
The lower I set my standards the more accomplishments I have.
(Score: 2) by ikanreed on Thursday January 26 2017, @06:43PM
Avoid all meetings. Especially meetings where you're "let go" for not attending enough meetings.
Solves so many problems.
(Score: 2) by DannyB on Thursday January 26 2017, @07:42PM
You know you're in the wrong place when there is a meeting to plan a meeting.
The lower I set my standards the more accomplishments I have.
(Score: 2) by dyingtolive on Thursday January 26 2017, @08:27PM
I actually worked in a group that slowly turned from a technical group into the guys who did that. Got the hell out of there ASAP.
Don't blame me, I voted for moose wang!
(Score: 2) by EvilSS on Friday January 27 2017, @02:56PM
(Score: 2) by dyingtolive on Friday January 27 2017, @03:42PM
I mean, I read the article, I saw that it was 'fixed'. I'm spooked because I don't know what else could be wrong with it, and people who let magic strings give you the key to the castle are not people who engender a good, healthy sense of trust.
I honestly never even gave it a thought that it could have been that insecure. I forgot I had it installed until the article even. The curse of too many 6 am meetings. I'll just dig my work laptop out and let it be their issue instead.
Don't blame me, I voted for moose wang!
(Score: 2) by EvilSS on Friday January 27 2017, @03:59PM