From pmurphy at nrao.edu Tue Dec 1 12:14:02 2015 From: pmurphy at nrao.edu (Patrick P Murphy) Date: Tue, 1 Dec 2015 12:14:02 -0500 Subject: [Calendar] Confidential video conference information Message-ID: <22109.54618.451931.96821@ood.cv.nrao.edu> All, As many of you have noticed, we have seen a recent uptick in the number of interruptions ("spam" IP calls out of the blue from the internet) to ongoing video conference meetings. A quick google search reveals that there is information on publicly accessible NRAO web pages -- and other sites that have "harvested" those pages and republished them -- with detailed instructions on how to call in to our Polycom video conference systems and hubs. This is almost certainly where these interlopers are obtaining the information; the pattern of calls from these IP addresses is consistent with knowledge by the callers of that information. I have contacted some of the parties responsible for the currently publicly accessible video conference information on our own web servers, but I would ask that in future you apply the "principle of least privilege" when you encounter a need to share connection information for video based meetings. Please do not post such details on a public web page or wiki; instead, either use the NRAO staff wiki, a restricted access topic (page) on the NRAO public wiki, or a restricted topic on a JAO based wiki as appropriate for your audience. Also, do not include the details in an email message that is (a) archived, and (b) whose archives are publicly accessible. While the cat is most definitely out of the bag, we may be able to reduce the number of future interruptions in meetings by selective blocking[*], and ensuring known copies of this information are taken down or moved to restricted servers. Your cooperation with this effort will be greatly appreciated. - Pat [*] mariginally effective, but too much like "whack-a-mole". We already have hundreds of block rules in our router configurations. -- Patrick P. Murphy, Ph.D. https://www.nrao.edu/~pmurphy/ Info Services Site Manager NRAO Information Security Officer