Nov. 26, 2013
1:01 p.m.
I don't normally post to this list, as it is more for the SP side of things. A few weeks back we had a publically exposed LifeSize video conference unit compromised. It was not installed particularly well, given the limitations to the administrative PIN code, but it has shell access enabled, and a flash portal which purportedly has rights execution issues. The vendor has a firewall device that would place these behind it on private space - was that in play where your units were attacked? We've since removed these until we can provide a full video call control infrastructure, to keep from exposing these appliances, but I figured it was the poor PIN code that was hit, not the device itself. Adam Pawlowski SUNYAB