[cisco-voip] Your Associated Webex Sites

Mon Sep 9 18:15:13 EDT 2019

Technically you can still be associated to multiple sites even with Control
Hub such as having a Meeting Center and Event Center license.

Most of it seems to be accounting for Site Administration use cases where
your email address could exist across multiple organizations.

This is an interesting thing along with how you found that each site you
are Partner Admin for allows you to have a PMR on their site.  It's mainly
just applicable to us Cisco partners.  I'd reach out to PSIRT about it and
see what they think.

I did test with Fiddler and that API request doesn't seem to be documented
anywhere which is interesting.

On Mon, Sep 9, 2019 at 1:21 PM Lelio Fulgenzi <lelio at uoguelph.ca> wrote:

> I think this is because in old site admin days, which still exist, your
> userID / password combo is (can be) stored with the site itself. So, in
> reality, you can have multiple (different) passwords.
>
> *-sent from mobile device-*
>
>
> *Lelio Fulgenzi, B.A.* | Senior Analyst
>
> Computing and Communications Services | University of Guelph
>
> Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON |
> N1G 2W1
>
> 519-824-4120 Ext. 56354 <519-824-4120;56354> | lelio at uoguelph.ca
>
>
>
> www.uoguelph.ca/ccs | @UofGCCS on Instagram, Twitter and Facebook
>
>
>
> [image: University of Guelph Cornerstone with Improve Life tagline]
>
> On Sep 9, 2019, at 1:03 PM, Anthony Holloway <
> avholloway+cisco-voip at gmail.com> wrote:
>
> I don't know Brian.  My work email is only associated to a single
> password, not multiple.  Ask me for my password, and then show me my list
> of sites.  Makes sense in my head.
>
> On Mon, Sep 9, 2019 at 9:59 AM Brian Meade <bmeade90 at vt.edu> wrote:
>
>> This would be a big change most likely on the Webex side.  They can't
>> authenticate until they know which site and manually entering site URL's is
>> probably a no-go for end users.  A bit similar to Zoom's issue trying to
>> focus more on faster join times/easier experience over security.
>>
>> On Mon, Sep 9, 2019 at 10:01 AM Anthony Holloway <
>> avholloway+cisco-voip at gmail.com> wrote:
>>
>>> Exactly!  Ok, so now you are seeing what I am seeing.  Just imagine if
>>> one were so inclined to use Fiddler to see what call the app was making to
>>> the cloud, and then use that knowledge in a python script to automate the
>>> scraping of this data.  Not that I did that.  Laughs in PSIRT.
>>>
>>> On Mon, Sep 9, 2019 at 8:56 AM Brian Meade <bmeade90 at vt.edu> wrote:
>>>
>>>> I just did some testing here.  I'm also seeing some Control Hub-only
>>>> customers in my list.  I'm set as a partner admin only for those accounts.
>>>>
>>>> On Mon, Sep 9, 2019 at 9:32 AM Matthew Loraditch <
>>>> MLoraditch at heliontechnologies.com> wrote:
>>>>
>>>>> Ohhhhh, Interesting. Everyone we have is on CI and Control Hub, so I
>>>>> don’t see other sites.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Matthew Loraditch
>>>>> Sr. Network Engineer
>>>>> p: *443.541.1518* <443.541.1518>
>>>>> w: *www.heliontechnologies.com* <http://www.heliontechnologies.com/>
>>>>>  |  e: *MLoraditch at heliontechnologies.com*
>>>>> <MLoraditch at heliontechnologies.com>
>>>>> [image: Helion Technologies] <http://www.heliontechnologies.com/>
>>>>> [image: Facebook] <https://facebook.com/heliontech>
>>>>> <image663219.png> <https://twitter.com/heliontech>
>>>>> <image003980.png>
>>>>> <https://www.linkedin.com/company/helion-technologies>
>>>>> *From:* Brian Meade <bmeade90 at vt.edu>
>>>>> *Sent:* Monday, September 9, 2019 9:25 AM
>>>>> *To:* Matthew Loraditch <MLoraditch at heliontechnologies.com>
>>>>> *Cc:* Anthony Holloway <avholloway+cisco-voip at gmail.com>; Charles
>>>>> Goldsmith <w at woka.us>; Cisco VoIP Group <cisco-voip at puck.nether.net>
>>>>> *Subject:* Re: [cisco-voip] Your Associated Webex Sites
>>>>>
>>>>>
>>>>>
>>>>> I think the issue he's talking about is when logging in to something
>>>>> such as the Webex Meetings App.  After entering your email address, you get
>>>>> a list of sites to choose from.  Technically you could enter anyone's email
>>>>> address and see what Webex sites they have an account on.
>>>>>
>>>>>
>>>>>
>>>>> This mostly seems to be Site Admin sites since you can't have the same
>>>>> email in 2 different control hub organizations.
>>>>>
>>>>>
>>>>>
>>>>> On Mon, Sep 9, 2019 at 8:15 AM Matthew Loraditch <
>>>>> MLoraditch at heliontechnologies.com> wrote:
>>>>>
>>>>> The only list I can think of is behind the sign in screen for webex
>>>>> admin and it only lists the accounts you have been given access to so I’m
>>>>> not sure how or why this would ever be a problem? It’s no different than
>>>>> looking at my deal list in CCW or say your accounting departments list of
>>>>> accounts? Unless I’m missing what you are thinking about?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *Matthew Loraditch***
>>>>>
>>>>> *Sr. Network Engineer*
>>>>>
>>>>> p: *443.541.1518* <443.541.1518>
>>>>>
>>>>> w: *www.heliontechnologies.com* <http://www.heliontechnologies.com/>
>>>>>
>>>>>  |
>>>>>
>>>>> e: *MLoraditch at heliontechnologies.com*
>>>>> <MLoraditch at heliontechnologies.com>
>>>>>
>>>>> <image006.png> <http://www.heliontechnologies.com/>
>>>>>
>>>>> [image: Facebook] <https://facebook.com/heliontech>
>>>>>
>>>>> [image: Twitter] <https://twitter.com/heliontech>
>>>>>
>>>>> <image005.png> <https://www.linkedin.com/company/helion-technologies>
>>>>>
>>>>> *From:* cisco-voip <cisco-voip-bounces at puck.nether.net> *On Behalf Of
>>>>> *Anthony Holloway
>>>>> *Sent:* Monday, September 9, 2019 8:11 AM
>>>>> *To:* Charles Goldsmith <w at woka.us>
>>>>> *Cc:* Cisco VoIP Group <cisco-voip at puck.nether.net>
>>>>> *Subject:* Re: [cisco-voip] Your Associated Webex Sites
>>>>>
>>>>>
>>>>>
>>>>> Correct, mostly for Partners, since:
>>>>>
>>>>>
>>>>>
>>>>> A) We have a higher quantity than end customers
>>>>>
>>>>> B) The list of sites acts like a list of customers we do business with
>>>>> (past, current and future)
>>>>>
>>>>> C) Lists off all end customer sites too (which, depending on how the
>>>>> site names are being used, could give insight into the business; E.g.,
>>>>> divisions, project names, future name changes indicating: splits, mergers,
>>>>> re-branding, etc.
>>>>>
>>>>>
>>>>>
>>>>> However, I would think it would apply to end customers themselves
>>>>> too.  Not only for option C above, but I can also see a situation where if
>>>>> two customer names were put side-by-side on the same list, that could cause
>>>>> an issue.
>>>>>
>>>>>
>>>>>
>>>>> On Mon, Sep 9, 2019 at 1:04 AM Charles Goldsmith <w at woka.us> wrote:
>>>>>
>>>>> Lelio, I think this mainly applies to partners, since we can see our
>>>>> customer sites.
>>>>>
>>>>>
>>>>>
>>>>> Anthony, I don't think there is a public listing of your sites, not
>>>>> that I've seen anyway.
>>>>>
>>>>>
>>>>>
>>>>> On Mon, Sep 9, 2019 at 12:07 AM Lelio Fulgenzi <lelio at uoguelph.ca>
>>>>> wrote:
>>>>>
>>>>>
>>>>>
>>>>> I’m not quite sure I understand the question.
>>>>>
>>>>>
>>>>>
>>>>> Are you asking about a public index of sites?
>>>>>
>>>>>
>>>>>
>>>>> I know that configuration-wise, you can choose to list meetings on a
>>>>> site. We’ve chosen to not do that. So the worst that can happen is some
>>>>> gets to our WebEx landing page.
>>>>>
>>>>>
>>>>>
>>>>> I’m not sure what hiding a site helps with. Or helps deter.
>>>>>
>>>>>
>>>>>
>>>>> I mean, I’ve got our site listed on our service pages. They’re not
>>>>> restricted, so anyone can find it.
>>>>>
>>>>>
>>>>>
>>>>> Logins are protected by SSO, so we’ve got that going too.
>>>>> Protection-wise, I mean.
>>>>>
>>>>>
>>>>>
>>>>> Is there something I’m missing?
>>>>>
>>>>>
>>>>>
>>>>> Are you gonna make me loose sleep now!??? :)
>>>>>
>>>>>
>>>>>
>>>>> *-sent from mobile device-*
>>>>>
>>>>>
>>>>>
>>>>> *Lelio Fulgenzi, B.A.* | Senior Analyst
>>>>>
>>>>> Computing and Communications Services | University of Guelph
>>>>>
>>>>> Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON
>>>>> | N1G 2W1
>>>>>
>>>>> 519-824-4120 Ext. 56354 <519-824-4120;56354> | lelio at uoguelph.ca
>>>>>
>>>>>
>>>>>
>>>>> www.uoguelph.ca/ccs | @UofGCCS on Instagram, Twitter and Facebook
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Sep 8, 2019, at 2:45 PM, Anthony Holloway <
>>>>> avholloway+cisco-voip at gmail.com> wrote:
>>>>>
>>>>> All,
>>>>>
>>>>>
>>>>>
>>>>> I want to take the pulse on a topic here, relating to your list of
>>>>> associated Webex sites, and whether or not they are private to you, or if
>>>>> they should be public information.
>>>>>
>>>>>
>>>>>
>>>>> I was talking with a colleague about this ever growing list of
>>>>> customers we work with being cataloged by Webex in the fact that we keep
>>>>> getting associated to more and more customers, and what potential issue
>>>>> this may cause if the site list were to be viewed by just anyone on the
>>>>> internet.
>>>>>
>>>>>
>>>>>
>>>>> Would you want your site list (whether end customer or partner admin)
>>>>> protected from view of others, or is it not that big of a deal?
>>>>>
>>>>>
>>>>>
>>>>> And I guess as a follow up, is this list protected today, or is there
>>>>> a means by which my list can be exposed to the public relatively easily?
>>>>>
>>>>> _______________________________________________
>>>>> cisco-voip mailing list
>>>>> cisco-voip at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>>>
>>>>> _______________________________________________
>>>>> cisco-voip mailing list
>>>>> cisco-voip at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>>>
>>>>> _______________________________________________
>>>>> cisco-voip mailing list
>>>>> cisco-voip at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>>>
>>>>> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190909/94b9953a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 431 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190909/94b9953a/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 561 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190909/94b9953a/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image354655.png
Type: image/png
Size: 9409 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190909/94b9953a/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image819158.png
Type: image/png
Size: 431 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190909/94b9953a/attachment-0003.png>