Zoom security issues

fieldgrade

fieldgrade

waiting...
2A Bourbon Hound 2024
2A Bourbon Hound OG
Charter Life Member
Benefactor
Supporting Member
Multi-Factor Enabled
Joined
Dec 16, 2016
Messages
29,176
Location
Wake/Harnett
Rating - 100%
14   0   0
Work uses it a lot (probably unwisely since they would be a prime target for Chinese industrial spies) but I don't have it on any of my personal devices. Nor do I use Webex or Skype or MS Teams personally. Closest I get is the builtin Apple Facetime with family, and I use Signal, which is end to end encrypted messaging and audio calls.
Most of those services have a web page version that you can use temporarily in a pinch without installing an app.
 
fieldgrade said:
During all this social distancing, a lot of school, work, and socializing is happening on Zoom, but I’m not liking what I’m reading here, and I’m running a Mac.

https://appleinsider.com/articles/2...laws-surface-as-lawsuit-government-probe-loom
Click to expand...

I absolutely love Zoom. I have used WebEx for years, but Zoom is more intuitive and has a better screen layout. Features that are spread over three different tools in WebEx are all under the one Zoom Meetings environment.

If you publicly share the address of your Zoom meeting, do not require a password, and enable anyone and everyone to screen share and annotate, uninvited guests may show up and write on your walls. Surprise!

Many schools do not allow Zoom for the same reason they forbid teachers texting with students: it is not under central IT's scrutiny and control, unlike Google Classroom and Google Meet.
 
Jake said:
I absolutely love Zoom. I have used WebEx for years, but Zoom is more intuitive and has a better screen layout. Features that are spread over three different tools in WebEx are all under the one Zoom Meetings environment.

If you publicly share the address of your Zoom meeting, do not require a password, and enable anyone and everyone to screen share and annotate, uninvited guests may show up and write on your walls. Surprise!

Many schools do not allow Zoom for the same reason they forbid teachers texting with students: it is not under central IT's scrutiny and control, unlike Google Classroom and Google Meet.
Click to expand...
Did you read the link I posted? Not trying to be a wiseacre. I get that it is wildly popular, and I’m not an IT guy. What about the shady crap they are doing with downloads onto Macs?
 
Last edited:
fieldgrade said:
Did you read the link I posted? Not trying to be a wiseacre. I get that it is wildly popular, and I’m not an IT guy. What about the shady crap they are doing with downloads onto Macs?
Click to expand...

Yes, I read the article and several others on Zoom security. And yes, the sudden intense scrutiny of the newly famous app has uncovered problems. They have wisely suspended all feature development for 90 days to focus on security.

As an IT guy, these flaws seem to be mostly accidental vulnerabilities of the sort that naturally creep into relatively young software, rather than insecurity by design that we see in some prominent platforms. The Mac downloads problem that you mention strikes me as an operating system flaw unveiled rather than caused by compromises of the Zoom installation mechanism.

Of course, anyone that hacks into my Zoom sessions only risks learning science, scripture, or dad jokes. I will admit to being biased toward the company by the lawsuits from the New York AG reported in this article. Given the AG's history of coming after the NRA and firearms manufacturers with any opportunity and every excuse, my default assumption is that any organization he is suing must be doing something good. I need to guard against my own biases.
 
Jake said:
Yes, I read the article and several others on Zoom security. And yes, the sudden intense scrutiny of the newly famous app has uncovered problems. They have wisely suspended all feature development for 90 days to focus on security.

As an IT guy, these flaws seem to be mostly accidental vulnerabilities of the sort that naturally creep into relatively young software, rather than insecurity by design that we see in some prominent platforms. The Mac downloads problem that you mention strikes me as an operating system flaw unveiled rather than caused by compromises of the Zoom installation mechanism.

Of course, anyone that hacks into my Zoom sessions only risks learning science, scripture, or dad jokes. I will admit to being biased toward the company by the lawsuits from the New York AG reported in this article. Given the AG's history of coming after the NRA and firearms manufacturers with any opportunity and every excuse, my default assumption is that any organization he is suing must be doing something good. I need to guard against my own biases.
Click to expand...
https://arstechnica.com/information...rs-steal-windows-credentials-with-no-warning/
 
Who are the jack wagons that hack into these apps? Are they just pathetic, bored, sociopaths living in their mom's basement or is it something more sinister?
 
fieldgrade said:
https://arstechnica.com/information...rs-steal-windows-credentials-with-no-warning/
Click to expand...

I owe fieldgrade an apology after reading more on this issue. In particular, sending information to Facebook and harvesting LinkedIn data are clearly intentional. The UNC flaw referenced in this link is quite worrisome. The good news is that Zoom just released an upgrade that fixed that one and supposedly addressed some other issues, too. Just installed the upgrade. Let's hope the rest get addressed quickly.

It is such a sweet application to use, but security is essential.

Once again, my apologies. You were obviously way ahead of me.
 
Jake said:
I owe fieldgrade an apology after reading more on this issue. In particular, sending information to Facebook and harvesting LinkedIn data are clearly intentional. The UNC flaw referenced in this link is quite worrisome. The good news is that Zoom just released an upgrade that fixed that one and supposedly addressed some other issues, too. Just installed the upgrade. Let's hope the rest get addressed quickly.

It is such a sweet application to use, but security is essential.

Once again, my apologies. You were obviously way ahead of me.
Click to expand...
Thanks. I am but a new user that got spooked.
 
My son the computer geek says Zoom is likely in a fair amount of trouble for claiming they had "end to end encryption" when Zoom's service did not comply with the industry standard definition. No "mistake" was made. Zoom over-represented what they were offering and what they were capable of.
 
Last edited:
Even with everything that's been said about it I can't understand WHY I'm not supposed to use it. I think it's pretty damned awesome.

'There's a security issue'
Well you're going to have to be a bit more specific before I buy into that.

'Zoombombing'
Put a password on your meeting. done.

'Muh user data'
yeah yeah privacy died 20 years ago. BFD.

The vague nature of the complaints and the disconnect between the stories and my experience make me think I'm being manipulated.
 
Catfish said:
Even with everything that's been said about it I can't understand WHY I'm not supposed to use it. I think it's pretty damned awesome.

'There's a security issue'
Well you're going to have to be a bit more specific before I buy into that.

'Zoombombing'
Put a password on your meeting. done.

'Muh user data'
yeah yeah privacy died 20 years ago. BFD.

The vague nature of the complaints and the disconnect between the stories and my experience make me think I'm being manipulated.
Click to expand...
I posted links up thread. It downloads shit onto your computer and harvests stuff they were sending to others.
Among other things.
NYC schools stopped using it also.
I don’t give a flip if you use it or not.
I just asked the question and then started posting links to answer my own question.

I don’t think Cisco will use it in house anymore either.
 
Last edited:
Just so everyone is clear. I posted this thread for my own edification regarding the use of Zoom. Nobody had anything bad to say about it and everyone thinks it’s great, except the US Senate, Google, NYC public schools, and now Cisco IIRC.

I merely posted links that appear on-line every few days that suggest I won’t be downloading it to my computer.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom