[TriLUG] Zoom - conferencing

[Wes Garrison via TriLUG]

I think the security issues were largely that they didn't do enough to
prevent social engineering.

Most prominent is that Zoom was automatically converting network locations
to click-able links, and those links could include Windows credentials, so
unscrupulous malefactors (thanks Roger for today's word) were able to paste
links to phish credentials.

https://arstechnica.com/information-technology/2020/04/unpatched-zoom-bug-lets-attackers-steal-windows-credentials-with-no-warning/


They fixed the issue the same week, so at least they're taking it seriously.
_________________________________
Wesley S. Garrison
Network Engineer
Xitech Communications, Inc.
phone:  (919) 260-0803
fax:       (919) 932-5051
__________________________________
"Lead us not into temptation, but deliver us from email."


On Fri, Apr 24, 2020 at 4:22 PM Roger W. Broseus via TriLUG <
trilug at trilug.org> wrote:

> A few weeks ago I read the Zoom claimed to have end-to-end encryption but
> not
> true. And, they were scanning content as it passes thru their servers,
> passing
> on info to advertisers. I would not use Zoom for anything that I would not
> want to fall into the hands of unscrupulous malefactors. If you had
> hemorrhoids, would you want someone listening in to know about it to see
> Preparation H to you? It could be worse.
>
> I do agree that it appears that some measures have apparently been added
> to
> make it possible to protect a session - that is if the master of
> ceremonies is
> savvy enough to implement them.
>
> --
> Roger W. Broseus - Linux User
>      Email: RogerB at bronord.com
>      Web Site: www.bronord.com
>
> On 4/24/20 3:29 PM, Michael Rulison via TriLUG wrote:
> > Dear TriLUGers,
> >
> > I will stick my neck out and let you correct my understandings:
> >
> > Zoom insecurity and privacy issues has been overblown, IMO.
> >
> > Yes, some sessions were hacked into (AFAIK, using emails garnered/stolen
> > outside of Zoom).
> > Some of those sessions involved school kids and perhaps 'inappropriate'
> > visual and audio content; that was not nice or kind, but that is the
> world
> > we live in. Protections from crazies ARE needed.
> >
> > So, AFAIK Zoom allows
> >
> >  * meeting invitations to persons I select
> >      o along with a password specific to that meeting
> >  * a 'waiting room' from which the host may admit to the conference
> >    only those persons recognized as properly invited persons.
> >  * the host may mute all persons accepted into the meeting
> >  * the host may unmute/mute only those he/she chooses.
> >  * the host may enable/disable screen sharing for him/her self and any
> >    participant
> >
> > To me this seems to give adequate security for most
> meetings/conferences.
> > What have I missed?
> >
> > I have been in a score of Zoom meetings in the past several weeks, using
> > Firefox as my browser. There have been frequent problems of participants
> > unable to unmute themselves, or use their webcam, or share their screen,
> but
> > these have been lack of knowledge, not software problems.
> >
> > Some meetings have been from my free account with a limit of 40 minutes
> a
> > session, which Zoom has often graciously not enforced.
> >
> > I find it very satisfactory, though I want to check Discord and
> BigBlueButton.
> >
>
> --
> This message was sent to: Wes <wes at xitechusa.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> https://www.trilug.org/mailman/options/trilug/wes%40xitechusa.com
> Welcome to TriLUG: https://trilug.org/welcome