back to article Hacker finds flaw in teleconference tool used by US Army, NASA and CERN

Sydney security tester Jamieson O'Reilly has reported a since-patched vulnerability in video platform Vidyo – used by the likes of the US Army, NASA and CERN – that could see videos leaked and systems compromised. O'Reilly, director of intelligence for consultancy Content Protection, says he picked up the bug during a client …

  1. Anonymous Coward
    Anonymous Coward

    What do you expect from a firm who calls it's product 'VidYo'

  2. Hstubbe
    Headmaster

    "There are a lot of publicly accessible Vidyo endpoints that a probably vulnerable that you can you can identify using Google."

    You what?

    1. Oor Nonny-Muss

      Once you know how the URL is constructed you can use Google (or another search engine) to search for the part of the URL that is unchanging between hosts - so if they were all at /etc/VidYo/VidYo.html - then you search for that and Google obediently tells you all of them that it can find... https://en.wikipedia.org/wiki/Google_hacking

      1. Anonymous Coward
        Anonymous Coward

        Indeed, that's how I used to find open video cameras way back in the early 2000's

      2. Hstubbe

        Look at the icon, i was lamenting the syntax errors in the sentence. I know how you search for vulnerable crap in the net using google :)

  3. Aodhhan

    On top of this...

    It's not unusual to find video, audio and text conferences going over the wire unencrypted. This includes some of the best and most popular solutions. In this case it isn't the vendors fault, it's a configuration problem by those using it.

    1. Hstubbe

      Re: On top of this...

      In fact, normal voip traffic, when encrypted, can easily be tapped as well without the need to decrypt the conversation: http://www.cs.unc.edu/~fabian/papers/foniks-oak11.pdf

  4. Vic

    For those who don't know...

    ... /etc/passwd doesn't contain any passwords.

    Its disclosure is certainly very embarrassing - and there might be some mileage elsewhere in this exploit - but it isn't the heinous problem that the article implies.

    Vic.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like