[cisco-voip] Your Associated Webex Sites

Mon Sep 9 10:59:37 EDT 2019

This would be a big change most likely on the Webex side.  They can't
authenticate until they know which site and manually entering site URL's is
probably a no-go for end users.  A bit similar to Zoom's issue trying to
focus more on faster join times/easier experience over security.

On Mon, Sep 9, 2019 at 10:01 AM Anthony Holloway <
avholloway+cisco-voip at gmail.com> wrote:

> Exactly!  Ok, so now you are seeing what I am seeing.  Just imagine if one
> were so inclined to use Fiddler to see what call the app was making to the
> cloud, and then use that knowledge in a python script to automate the
> scraping of this data.  Not that I did that.  Laughs in PSIRT.
>
> On Mon, Sep 9, 2019 at 8:56 AM Brian Meade <bmeade90 at vt.edu> wrote:
>
>> I just did some testing here.  I'm also seeing some Control Hub-only
>> customers in my list.  I'm set as a partner admin only for those accounts.
>>
>> On Mon, Sep 9, 2019 at 9:32 AM Matthew Loraditch <
>> MLoraditch at heliontechnologies.com> wrote:
>>
>>> Ohhhhh, Interesting. Everyone we have is on CI and Control Hub, so I
>>> don’t see other sites.
>>>
>>>
>>>
>>>
>>> Matthew Loraditch
>>> Sr. Network Engineer
>>> p: *443.541.1518* <443.541.1518>
>>> w: *www.heliontechnologies.com* <http://www.heliontechnologies.com/>  |
>>> e: *MLoraditch at heliontechnologies.com*
>>> <MLoraditch at heliontechnologies.com>
>>> [image: Helion Technologies] <http://www.heliontechnologies.com/>
>>> [image: Facebook] <https://facebook.com/heliontech>
>>> [image: Twitter] <https://twitter.com/heliontech>
>>> [image: LinkedIn] <https://www.linkedin.com/company/helion-technologies>
>>> *From:* Brian Meade <bmeade90 at vt.edu>
>>> *Sent:* Monday, September 9, 2019 9:25 AM
>>> *To:* Matthew Loraditch <MLoraditch at heliontechnologies.com>
>>> *Cc:* Anthony Holloway <avholloway+cisco-voip at gmail.com>; Charles
>>> Goldsmith <w at woka.us>; Cisco VoIP Group <cisco-voip at puck.nether.net>
>>> *Subject:* Re: [cisco-voip] Your Associated Webex Sites
>>>
>>>
>>>
>>> I think the issue he's talking about is when logging in to something
>>> such as the Webex Meetings App.  After entering your email address, you get
>>> a list of sites to choose from.  Technically you could enter anyone's email
>>> address and see what Webex sites they have an account on.
>>>
>>>
>>>
>>> This mostly seems to be Site Admin sites since you can't have the same
>>> email in 2 different control hub organizations.
>>>
>>>
>>>
>>> On Mon, Sep 9, 2019 at 8:15 AM Matthew Loraditch <
>>> MLoraditch at heliontechnologies.com> wrote:
>>>
>>> The only list I can think of is behind the sign in screen for webex
>>> admin and it only lists the accounts you have been given access to so I’m
>>> not sure how or why this would ever be a problem? It’s no different than
>>> looking at my deal list in CCW or say your accounting departments list of
>>> accounts? Unless I’m missing what you are thinking about?
>>>
>>>
>>>
>>>
>>>
>>> *Matthew Loraditch***
>>>
>>> *Sr. Network Engineer*
>>>
>>> p: *443.541.1518* <443.541.1518>
>>>
>>> w: *www.heliontechnologies.com* <http://www.heliontechnologies.com/>
>>>
>>>  |
>>>
>>> e: *MLoraditch at heliontechnologies.com*
>>> <MLoraditch at heliontechnologies.com>
>>>
>>> [image: Helion Technologies] <http://www.heliontechnologies.com/>
>>>
>>> [image: Facebook] <https://facebook.com/heliontech>
>>>
>>> [image: Twitter] <https://twitter.com/heliontech>
>>>
>>> [image: LinkedIn] <https://www.linkedin.com/company/helion-technologies>
>>>
>>> *From:* cisco-voip <cisco-voip-bounces at puck.nether.net> *On Behalf Of *Anthony
>>> Holloway
>>> *Sent:* Monday, September 9, 2019 8:11 AM
>>> *To:* Charles Goldsmith <w at woka.us>
>>> *Cc:* Cisco VoIP Group <cisco-voip at puck.nether.net>
>>> *Subject:* Re: [cisco-voip] Your Associated Webex Sites
>>>
>>>
>>>
>>> Correct, mostly for Partners, since:
>>>
>>>
>>>
>>> A) We have a higher quantity than end customers
>>>
>>> B) The list of sites acts like a list of customers we do business with
>>> (past, current and future)
>>>
>>> C) Lists off all end customer sites too (which, depending on how the
>>> site names are being used, could give insight into the business; E.g.,
>>> divisions, project names, future name changes indicating: splits, mergers,
>>> re-branding, etc.
>>>
>>>
>>>
>>> However, I would think it would apply to end customers themselves too.
>>> Not only for option C above, but I can also see a situation where if two
>>> customer names were put side-by-side on the same list, that could cause an
>>> issue.
>>>
>>>
>>>
>>> On Mon, Sep 9, 2019 at 1:04 AM Charles Goldsmith <w at woka.us> wrote:
>>>
>>> Lelio, I think this mainly applies to partners, since we can see our
>>> customer sites.
>>>
>>>
>>>
>>> Anthony, I don't think there is a public listing of your sites, not that
>>> I've seen anyway.
>>>
>>>
>>>
>>> On Mon, Sep 9, 2019 at 12:07 AM Lelio Fulgenzi <lelio at uoguelph.ca>
>>> wrote:
>>>
>>>
>>>
>>> I’m not quite sure I understand the question.
>>>
>>>
>>>
>>> Are you asking about a public index of sites?
>>>
>>>
>>>
>>> I know that configuration-wise, you can choose to list meetings on a
>>> site. We’ve chosen to not do that. So the worst that can happen is some
>>> gets to our WebEx landing page.
>>>
>>>
>>>
>>> I’m not sure what hiding a site helps with. Or helps deter.
>>>
>>>
>>>
>>> I mean, I’ve got our site listed on our service pages. They’re not
>>> restricted, so anyone can find it.
>>>
>>>
>>>
>>> Logins are protected by SSO, so we’ve got that going too.
>>> Protection-wise, I mean.
>>>
>>>
>>>
>>> Is there something I’m missing?
>>>
>>>
>>>
>>> Are you gonna make me loose sleep now!??? :)
>>>
>>>
>>>
>>> *-sent from mobile device-*
>>>
>>>
>>>
>>> *Lelio Fulgenzi, B.A.* | Senior Analyst
>>>
>>> Computing and Communications Services | University of Guelph
>>>
>>> Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON |
>>> N1G 2W1
>>>
>>> 519-824-4120 Ext. 56354 <519-824-4120;56354> | lelio at uoguelph.ca
>>>
>>>
>>>
>>> www.uoguelph.ca/ccs | @UofGCCS on Instagram, Twitter and Facebook
>>>
>>>
>>>
>>>
>>> On Sep 8, 2019, at 2:45 PM, Anthony Holloway <
>>> avholloway+cisco-voip at gmail.com> wrote:
>>>
>>> All,
>>>
>>>
>>>
>>> I want to take the pulse on a topic here, relating to your list of
>>> associated Webex sites, and whether or not they are private to you, or if
>>> they should be public information.
>>>
>>>
>>>
>>> I was talking with a colleague about this ever growing list of customers
>>> we work with being cataloged by Webex in the fact that we keep getting
>>> associated to more and more customers, and what potential issue this may
>>> cause if the site list were to be viewed by just anyone on the internet.
>>>
>>>
>>>
>>> Would you want your site list (whether end customer or partner admin)
>>> protected from view of others, or is it not that big of a deal?
>>>
>>>
>>>
>>> And I guess as a follow up, is this list protected today, or is there a
>>> means by which my list can be exposed to the public relatively easily?
>>>
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190909/3becd28b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 431 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190909/3becd28b/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 561 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190909/3becd28b/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 444 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190909/3becd28b/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 6884 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190909/3becd28b/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image354655.png
Type: image/png
Size: 9409 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190909/3becd28b/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image819158.png
Type: image/png
Size: 431 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190909/3becd28b/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image663219.png
Type: image/png
Size: 561 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190909/3becd28b/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003980.png
Type: image/png
Size: 444 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190909/3becd28b/attachment-0007.png>