[council] ADOBE CONNECT – WHAT NEXT? - ICANN Blog By Ash Rangan

Sun Apr 22 17:25:15 UTC 2018

Ayden,

Not all vulnerabilities relate to exploitation of the conferencing system; it could be about the participants systems, like this recently released WebEx vulnerability:
http://threatbrief.com/cisco-plugs-critical-hole-webex-users-urged-upgrade-asap/ <http://threatbrief.com/cisco-plugs-critical-hole-webex-users-urged-upgrade-asap/>

If this is the case, then a total shutdown of the system is warranted (although curious that an also vulnerable platform was put in its place).

As for Adobe, it seems they have failed to disclose what ICANN uncovered, so far. It's quite possible that they issue a security advisory in the near future.

Rubens

> On 22 Apr 2018, at 09:08, Ayden Férdeline <icann at ferdeline.com> wrote:
> 
> I am still not entirely clear on what the issue was with Adobe Connect (it is described very vaguely), but I am inclined to think that the supposed issue has been overblown and the suspension of the platform probably unwarranted. I have been asking the Adobe Connect Support account on Twitter what has happened, and I have been told that they are not aware of any other organisation that has suspended their use of Adobe Connect. I have also continued to receive Adobe Connect invitations from other organisations for webinars.
> 
> I do not know why this vulnerability uniquely impacts ICANN, but I do hope we can return to Adobe Connect soon. If nothing else, having to use WebEx and Zoom has made me appreciate just how well Adobe Connect works.
> 
> I hope that we may be able to use Adobe Connect for our Council call this week. After all, our calls are public and recorded anyway, and there is no sensitive material being discussed. If the concern is that this vulnerability may allow for our private messages to be read, I think we can accept this risk, because we can exchange private messages in other applications.
> 
> Best wishes,
> 
> Ayden
> 
> 
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On 21 April 2018 10:52 AM, Michele Neylon - Blacknight <michele at blacknight.com> wrote:
> 
>> Thanks Nathalie
>> 
>> 
>> 
>> I’m not sure how others feel, but it looks to me like ICANN has taken all necessary steps to relaunch Adobe Connect securely, so I’d hope that we will be able to start using it again soon.
>> 
>> 
>> 
>> Regards
>> 
>> 
>> 
>> Michele
>> 
>> 
>> 
>> 
>> 
>> --
>> 
>> Mr Michele Neylon
>> 
>> Blacknight Solutions
>> 
>> Hosting, Colocation & Domains
>> 
>> https://www.blacknight.com/
>> 
>> https://blacknight.blog/ <https://blacknight.blog/>
>> https://ceo.hosting/ <https://ceo.hosting/>
>> Intl. +353 (0) 59  9183072
>> 
>> Direct Dial: +353 (0)59 9183090
>> 
>> -------------------------------
>> 
>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
>> 
>> Road,Graiguecullen,Carlow,R93 X265,
>> 
>> Ireland  Company No.: 370845
>> 
>> 
>> 
>> From: council <council-bounces at gnso.icann.org> on behalf of Nathalie Peregrine <nathalie.peregrine at icann.org>
>> Date: Friday 20 April 2018 at 21:13
>> To: "council at gnso.icann.org" <council at gnso.icann.org>
>> Subject: [council] ADOBE CONNECT – WHAT NEXT? - ICANN Blog By Ash Rangan
>> 
>> 
>> 
>> Dear all:
>> 
>> 
>> 
>> Please take a look at this blog on Adobe Connect.  And note the request:
>> 
>> 
>> 
>> Before we make these changes, we want to hear from you. What do you think? Please submit your thoughts on this contemplated move before May 2nd here: RP-tool at icann.org <mailto:RP-tool at icann.org>
>> 
>> 
>> Best regards,        David
>> 
>> 
>> 
>> 
>> 
>> https://www.icann.org/news/blog/adobe-connect-what-next <https://www.icann.org/news/blog/adobe-connect-what-next>
>> 
>> 
>> ADOBE CONNECT – WHAT NEXT?
>> 
>> As you know, the ICANN organization took down its Adobe Connect service midway through the ICANN61 meeting in response to reported issues <https://www.icann.org/news/blog/issues-with-adobe-connect-at-icann61> with this service. Concurrently, we began to conduct our own forensic analysis of the reported incident and began working with our Adobe cloud service provider, CoSo Cloud LLC, and through them with Adobe to learn more. Shortly thereafter, we rolled out instances of Zoom and WebEx for the community to support remote participation (RP) and collaboration. Here's where we are now:
>> 
>> 
>> 
>> The Forensics Investigation
>> 
>> With respect to our forensics work, we received application logfiles from CoSo Cloud, going back for a period of one year. ICANN Engineering and Security teams have examined these application log files and the results of our investigation clearly show "fingerprints of incursion" by the researcher who reported the issue. We were unable to find any other indication that anyone else either identified or exploited this issue. Thanks to the person who found the bug again.
>> 
>> Working closely with CoSo Cloud, we were able to recreate the reported issue, and understand the conditions required to trigger it. This information has been communicated to Adobe, and Adobe is working on a software fix to address the root cause of the issue.
>> 
>> We have also been working with CoSo on options to re-enable Adobe Connect in the shorter term. We have determined there are two viable paths to accomplish this goal. They are:
>> 
>> Deploy a hardened configuration to eliminate "man-in-the-middle" exploitations by encrypting relevant traffic, or
>> Implement a programmatic fix from CoSo Cloud to substantially reduce the window during which the issue can be exploited.
>> With respect to the first option, we attempted to hack the hardened configuration in a test environment last week, and were not able to do so over the course of 7 hours. Separately, CoSo Cloud and Adobe conducted similar tests and confirmed that this configuration is protected from exploitation of the issue.
>> 
>> 
>> 
>> Community Feedback and Next Steps
>> 
>> For the last three weeks, we have been gathering limited feedback regarding users' experiences with WebEx and Zoom. So far, we have input from about 200 people, including ICANN org meeting organizers and the ICANN community. Our analysis of this feedback indicates a desire to revert back to an Adobe Connect, providing the security of the service is ensured.
>> 
>> Accordingly, we would like to propose the following plan to the broader community for consideration:
>> 
>> We would like to restore Adobe Connect services with both the new hardened configuration and the programmatic fix discussed above. Our intent would be to restore service by 3 May. This would allow us to use Adobe Connect during several upcoming events including the Board Workshop, the GDD Industry Summit, and ICANN62.
>> Once Adobe releases a new version of the software with a fix for this issue from their perspective, and provides assurance the update has been adequately tested, we will move toward that release of Adobe Connect in a prudent manner, with the help of CoSo Cloud.
>> 
>> 
>> We believe that this approach will ensure the security of our content, and of our community interactions, while also enabling our community to use the collaboration tools of their choice.
>> 
>> 
>> 
>> Before we make these changes, we want to hear from you. What do you think? Please submit your thoughts on this contemplated move before May 2nd here: RP-tool at icann.org <mailto:RP-tool at icann.org>
>> 
>> 
>> Meanwhile, we will continue to offer WebEx and Zoom for RP and collaboration purposes. We will also continue to follow industry developments, including the research ALAC is doing on the RP and collaboration space, to ensure we are using secure and cost-effective tools that are appropriate for our needs.
>> 
>> 
>> 
>> I look forward to your comments!
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> David A. Olive
>> Senior Vice President
>> 
>> Policy Development Support
>> Internet Corporation for Assigned Names and Numbers (ICANN)
>> 
>> 
>> 
> 
> _______________________________________________
> council mailing list
> council at gnso.icann.org
> https://mm.icann.org/mailman/listinfo/council

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/council/attachments/20180422/889b7ae4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 529 bytes
Desc: Message signed with OpenPGP
URL: <http://mm.icann.org/pipermail/council/attachments/20180422/889b7ae4/signature-0001.asc>