1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Slack and Microsoft Teams have some rather worrying security flaw

    From TechnologyDaily@1337:1/100 to All on Mon Sep 26 17:30:04 2022
    Slack and Microsoft Teams have some rather worrying security flaws

    Date:
    Mon, 26 Sep 2022 16:06:50 +0000

    Description:
    Researchers say there is a major risk from third-party apps on Microsoft
    Teams and Slack.

    FULL STORY ======================================================================

    Slack and Microsoft Teams, arguably the two biggest communications and online collaboration platforms around today, allow for the inclusion of hundreds of third-party apps, and thats a security nightmare, experts have said.

    Researchers at the University of Wisconsin-Madison argue that third-party
    apps rarely have their code reviewed by programmers at Slack and Microsoft. Even those that do, undergo a relatively superficial analysis, in which the reviewers analyze if the app works as intended, if it encrypts data, and run an automated scan that looks for vulnerabilities.

    The rest just sits on the apps developers servers and freely integrates with Slack and Microsoft Teams . Major risks

    With these platforms becoming the defacto operating systems of corporate productivity, this is a major security risk, researchers claim.

    Slack and Teams are becoming clearinghouses of all of an organizations sensitive resources, Earlence Fernandes, one of the studys authors, and a professor of computer science at the University of California at San Diego, said. And yet, the apps running on them, which provide a lot of collaboration functionality, can violate any expectation of security and privacy users
    would have in such a platform.

    For the time being, Microsoft is keeping silent on the matter, until it is able to speak to the researchers more thoroughly. Read more

    Zoom's answer to Slack is getting a new name and some new tools


    Watch out, Zoom - Slack is here to eat your lunch


    Check out the best firewalls right now

    Slack, on the other hand, said it has a collection of approved apps that can be found in the Slack App Directory, and strongly recommends users install these apps, only, on their endpoints . These, the company added, receive security reviews before inclusion, and are monitored for suspicious behavior.

    Furthermore, Slack suggests IT admins configure their workspaces to allow users to install apps only with admin permission. "We take privacy and security very seriously and we work to ensure that the Slack platform is a trusted environment to build and distribute apps, and that those apps are enterprise-grade from day one, the company concluded. Here's our list of the best video conferencing apps right now

    Via: Wired



    ======================================================================
    Link to news story: https://www.techradar.com/news/slack-and-microsoft-teams-have-some-rather-worr ying-security-flaws/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)