Spying/eavesdropping on BBB? (rtmpdump etc..)
Hannu-Pekka
to capture video stream/chat messages from meeting, assuming that this
person knows ONLY domain where the BBB is installed?
Fred Dixon
Your question is another way of asking "Does BigBlueButton provide
secure collaboration?'
BigBlueButton does *not* provide secure collaboration.
The BigBlueButton API calls are made using a shared secret, but the
implementation of the API itself could be improved. See
http://code.google.com/p/bigbluebutton/issues/detail?id=994
The Ubutu server itself could certainly be hacked, although we don't
know of any obvious methods, it doesn't mean it can't be done. All
systems are hackable. Furthermore, the RTMP data streams are not sent
over a secure channel.
If we say BigBlueButton is now secure (like Microsoft would like you
to believe that Windows is secure), it take only *one* exploit to
negate that claim and all credibility associated with it. If your
looking for a secure means of collaboration, we recommend you look to
a commercial application.
Our focus is on making sure BigBlueButton offers remote students a
high-quality learning experience. Of course, we will continue to
improve the security over time (such as based on the feedback in
#994), but you'll never see us making a declaration that
"BigBlueButton is now secure". That would be stupid.
Regards,... Fred
--
http://code.google.com/p/bigbluebutton/wiki/FAQ#BigBlueButton_Committer
> --
> You received this message because you are subscribed to the Google Groups "BigBlueButton-Setup" group.
> To post to this group, send email to bigbluebu...@googlegroups.com.
> To unsubscribe from this group, send email to bigbluebutton-s...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/bigbluebutton-setup?hl=en.
>
>