As a security professional I am curious to know if anybody is aware of security issues with the open source web conferencing product BigBlueButton and/or Mconf?
Thanks
Ron
Asked
Active
Viewed 947 times
0
-
I'm not sure if this question fits the site rules. However I believe you want to target the IT professionals with this post - is there something you want to discuss? Post a suspicious code, make a question on that code, have community review it and provide an answer. This is basically what SO is about. Else, look for some technology forums as the question in its current state cannot be answered (or rather, most probably there exists someone who is aware - therefore, the answer to your question is "Yes, someone is probably aware of it". And? – AlexPawlak Sep 03 '14 at 14:13
2 Answers
0
I found this document: https://www.dropbox.com/s/jz7x1fglgawc8ef/BBB-MCONF-NOTES.pdf?dl=0 that describes what look to be some serious security problems. If this document is to be believed it might not be a good idea to use these applications.
0
According to this thread in which one of the core developers of BigBlueButton commented about security, https://groups.google.com/d/msg/bigbluebutton-dev/GzxfilVDpes/oCguFWyFEmUJ
He says:
"..there is no representation of security in BigBlueButton. None. We (the core developers) are not trying to build a secure web conferencing system." -Fred Dixon
Bob it appears that underlying intent & focus of BigBlueButton is not on security but rather capabilities. Perhaps there are ways to plumb in security aspects during or post-implementation efforts.
grateful
- 3
- 1