BigBlueButton and/or Mconf Open Source Web Conferencing - bigbluebutton

As a security professional I am curious to know if anybody is aware of security issues with the open source web conferencing product BigBlueButton and/or Mconf?
Thanks
Ron

I found this document: https://www.dropbox.com/s/jz7x1fglgawc8ef/BBB-MCONF-NOTES.pdf?dl=0 that describes what look to be some serious security problems. If this document is to be believed it might not be a good idea to use these applications.

According to this thread in which one of the core developers of BigBlueButton commented about security, https://groups.google.com/d/msg/bigbluebutton-dev/GzxfilVDpes/oCguFWyFEmUJ
He says:
"..there is no representation of security in BigBlueButton. None. We (the core developers) are not trying to build a secure web conferencing system." -Fred Dixon
Bob it appears that underlying intent & focus of BigBlueButton is not on security but rather capabilities. Perhaps there are ways to plumb in security aspects during or post-implementation efforts.

Related

Crossrider Extensions - are they safe

I have started writing an extension using Crossrider, and really like it. But I have read some negative stuff about them being a browser hijacker - in particular search.crossrider.com
I am unsure if search.crossrider.com is a malicious extension built using Crossrider, or Crossrider itself. Among other places, this is a link which recommends you delete this.
http://forums.anvisoft.com/viewtopic-45-1190-0.html
Before I continue developing in this, I thought I would ask the experts.
Any comments, gratefully received.
Thanks
Crossrider is very safe to use!
We had some incidents in the past where developers had tried to write malicious extensions using our framework, but with our security co-operations with Google and Facebook we managed to mitigate them. (and the fact that we are a cloud-based solution allows us to remotely disable any malicious use that is against our T&C.)
Besides being very safe Crossrider is also a free and a must-have tool for any extension developers. (There are more than 20,000 developers the Crossrider community)
Crossrider not only provides the technical solution of building the API to support all major browsers including Chrome, Firefox, Internet Explorer and Safari, but also gives the developer further tools and features to solve and simplify all the heavy lifting tasks when it comes to developing and publishing browser extensions:
Full statistical dashboards with information on numbers of Installations, Active Users, Uninstalls which can be broken down to per-country and per-browser usage.
Crossrider provides an online IDE that developers can actually start coding extension online in matters of seconds. The developer doesn't need to download any development packages to their computer (unless they really want to), and as you develop, you see your code changes take affect in real-time on your browser.
Another feature is Crossrider's auto code update mechanism, where any code change (including new releases or bug fixes) is getting published to all existing users (and new obviously) in matter of hours. Regardless if you have several users or millions.
Crossrider also provides advances publishing tools such as embeddable installation widget for your website, direct download links and more.
One of those publishing tools is the Advanced Window Installer that can install your extension on all browsers automatically. This installer can be easily configured to the developers needs and we even supply with an automated Code Signing Service where developers can sign their installers in real-time.
24/7 Support - We are really keen about our support. We always strive to keep our response time to the minimum and we treat the smaller developer(s) as it was our most important client. We even try to help developers when it's not 100% Crossrider related questions as we also believe in good karma :)
Hope this helps your decision of working with Crossrider.
p.s Not sure 100% about the search.crossrider.com thread you have mentioned but as we do not have any affiliation with this subdomain (in fact, it does not even exists on our DNS records) you can rest assure this has nothing to do with Crossrider as a framework.
(Disclosure: I work for Crossrider)

How to develop single sign on framework

I work for a company which prohibits the use of open source and, for some reasons, I wouldn't be able to buy a single sign on solution from the market. Is there some tutorial which could explain what is envolving in developing a single sign on solution? This can be done in Java or Dot Net as long it is able to communicate with LDAP. Any idea will be appreciated.
On the wikipedia page List of single sign-on implementations you can find a list of SSO implementations, there is a column indicating the licence. Some of them are open-source, you should start a comparison of them to find which best suits your buisness requirements.
I can't recommand you to rewrite a SSO from scratch, it will cost you more time than choosing an existing free and open-source implementation, and your home-made implementation is subject to security issues if you don't have the right expert guy working on it.
I'd go with SAML.
It's an open standard used for sso solutions. In fact, i worked at a company where we built our own SSO around this.
And for LDAP integration, you can build something by yourself, or check Microsoft's Active Directory Federation Server, which I think is SAML-compatible

Any free online issue/feature tracking software for small scale independent dev?

I'm going to be creating a few small mobile applications and have managed to find a great online Git repo hosting services that is free. It even comes with online issue tracking software but appears to be mainly geared towards the development team. I was hoping it would also have an interface for end-users to log issues/features and allow them to vote on what they wanted but it does not have this. It does expose an RESTful API but I didn't want to go down that path and wanted something ready to go (once configured).
I don't think I need it to be integrated with the Git repo so having something that is purely standalone would be great but I would definitely want something that is online as I don't want to install software on my local PC.
In summary, my requirements are:
Free or very cheap
Simple end-user interface to allow users
to submit issues/features
Allow end-users to vote on their own or other users issues/features
Visible status of issues/features (i.e. whether they are pending, in progress, rejected, fixed etc)
A more advanced management system for me as a developer to manage the
issues
Some basic reports/charts/graphing would be great
Email/RSS notification of new issues/suggestions would be great too
Something that is ready to go after some configuration/settings.
Can anyone recommend something that would be suitable for this?
TIA
I based my question on a website I saw a while back but couldn't find it. Anyway, I've now found it again (it's called http://www.uservoice.com/). It's not really issue tracking but more of a way of letting end-users report features and allow them to vote on them. The important thing is that it is a very user friendly interface which is perfect for end-users. Obviously, I would then need to maintain issues/features in my own system (e.g. Mantis) and then manually sync features requested in uservoice to Mantis but that shouldn't be a big issue. Anyway, this perfectly meets my needs for my low volume applications at the moment.

Does an Alcatel Genesys simulator/emulator exist?

Me and my team were tasked to integrate our application with Alcatel Genesys call center, but we don't have access to a proper instalation nor equipment (like, for instance, phones).
Is there some kind of software I can use to simulate such environment to test our application? And where should I begin researching how to do this integration?
(PS: I posted this same question on https://serverfault.com/questions/308381 - I didn't exactly know which of the sites this really belongs to).
Doesn't look like there is a public one. You would probably have to go through one of their product managers.
The Genesys Platform SDK documentation appears to be public though:
http://docs.genesyslab.com/Documentation/PSDK
The good news - you do not need phones to test integration with Genesys. The bad news is that integrating requires quite a lot of components and is quite complicated so there is no simulator or mock interface you could use. One of the best ways would be to get in contact with Genesys tech support who are usually quite helpful or pre-sales and ask them about access to a virtual demo image you could use for integration.
Also a great resource of information is their newly designed doc site:
http://docs.genesys.com/Documentation/OS
Also Alcatel has sold Genesys a while ago and they're independent now, just in case ;-)
Actually there is. Genesys Simulator Toolkit. It will enable to emulate an Avaya PBX or a Simple TDM scenario. Last version also includes as Genesys SIP Server emultaor.
You won't care too much about the PBX on the other side for basic integrations, your goal is to learn the SDK and the TEvents (TLib). You can achieve this with the Emulator. You need to ask it to a Genesys representative.

Are there any special server requirements for rendering a .mobi site?

I need to develop a mobi site for a client, do I need a specific server setup for this, or are there any additional server configurations that I need in order to render a mobi site or does it work the same as a normal website?
A .mobi domain is not different (in terms of setup/configuration) than a .com
Even from a technological point of view, you can develop a mobile oriented application using the web technology (Java, PHP, Python, PHP...) and hardware infrastructure you prefer.
From the developer perspective, there's good instructions for .mobi compliance here, and ready.mobi is a great and free testing tool to evaluate mobile-readiness using industry best practices & standards.
ready.mobi is a great tool for testing compliance for this. Also, there's good instructions for .mobi compliance here.
I believe that you should check the availability of Javascript in the target platforms.
Your server should be able to serve pages with the application/vnd.wap.xhtml+xml MIME type, otherwise some WAP browsers wil not render the page correctly (Nokia series 60).