Zoom Client Leaks Windows Login

Lectori Salutem,

The privacy dangers using a tool like Zoom. FBI warns users.

Read: https://www.bleepingcomputer.com/news/security/zoom-client-leaks-windows-login-credentials-to-attackers/
The developers thereof even thought of a new definition to what E2E encryption means as they see it:
https://www.theregister.co.uk/2020/04/01/zoom_spotlight/

Certainly not a tool when you wanna keep information from others, again perfect tool when you wanna leak info to the world.
Re: https://support.zoom.us/hc/en-us/articles/115004055706-Managing-Contacts
and recently this:
https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account

FBI warning against Zoom-bombing: https://techcrunch.com/2020/03/17/zoombombing/
Security advice: https://www.csuci.edu/news/releases/zoom-bombers-2020.htm

Privacy friendly alternatives working from your home used by Tor Project developers?

  1. Riseup Pads notifier: https://pad.riseup.net/
  2. Productivity Platform NextCloud: https://nextcloud.com/
  3. One-on-one chat-app Signal: https://www.signal.org/
  4. Zoom alternative: JitsiMeet: http://meet.jit.si/
  5. Sharing app = OnionShare: http://onionshare.org/
  6. Sharing app for non-critical data: http://share.riseup.net/
    1-6 all courtesy of Tor Project developers mentioned as tools they use at home to communicate (more) safely and securely.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Zoom Meetings Aren’t End-to-End Encrypted, Despite Misleading Marketing
https://theintercept.com/2020/03/31/zoom-meeting-encryption/

PS: More here https://www.heise.de/security/meldung/Videokonferenz-Software-Ist-Zoom-ein-Sicherheitsalptraum-4695000.html (German)

Nasa & SpaceX ban the use of zoom over security concerns.
https://www.jpost.com/International/Elon-Musks-SpaceX-bans-Zoom-over-privacy-concerns-623307

All of a sudden they wanna work on these issues: https://blog.zoom.us/wordpress/2020/04/01/facts-around-zoom-encryption-for-meetings-webinars/ But can we trust them as they apologize? https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/

See it happen first to really believe it, every corporation online is out there to grab your data
an make a sell-out to the highest bidder. :o

polonus

Update to the latest version.

https://screencast-o-matic.com/screenshots/u/Lh/1585839359788-57409.png

New problems found: https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/

polonus

ZOOM should not be used if the meeting discusses any kind of secrets until they fix their security issues.
There certainly isn’t any reason not to use this product for anything that isn’t of a confidential mature.

Hi bob3160,

Agree with that, but “zoom bombing” is going on around us and your FBI warns you that to do so is an offence:
https://www.justice.gov/usao-edmi/pr/federal-state-and-local-law-enforcement-warn-against-teleconferencing-hacking-during

So be aware you should never share such links (zoom-ids) to any third party and/or do not share on social media.
Put a password to secure the waiting room is a good advice.

On a side-line, remember Zoom’s CEO had links to Shandong in Mainland China (he was born there in 1969/70),
and he had his USA-visa refused eight times in the past.

polonus

ZOOM Booming has already been addressed and they are working on the other items.

Zoom will enable waiting rooms by default to stop Zoombombing
https://techcrunch.com/2020/04/03/zoom-waiting-rooms-default/

Hi Asyn,

New York bans zoom for use by city-schools. All pupils now have a Microsoft Team account:
https://www.nbcnewyork.com/news/local/new-york-city-schools-call-for-end-to-zoom-calls-amid-security-concerns/2360279/

polonus

EFF instructs how to better make use of Zoom.
Disable chat auto saving; also disable “Attention Tracking”.
Keep your meeting IDs to yourself and install a password.

Zoom should not be used where any confidentiality comes involved.
Read: https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/:

  1. The claimed AES-256 encryption seems only to be AES-128. Not to big of a problem.
    However using AES in ECB mode (see figure 5 in mentioned link);
  2. All participants make use of one and the same key, occasionally also shared with some server in Mainland China. ::slight_smile:

Read https://www.theregister.co.uk/2020/04/03/dont_use_zoom_if_privacy/ & https://www.metzdowd.com/pipermail/cryptography/2020-April/035887.html.

All updates are not being installed automatically,
re: https://www.metzdowd.com/pipermail/cryptography/2020-April/035890.html.

Info credits go out to Erik van Straten.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

https://screencast-o-matic.com/screenshots/u/Lh/1586173783825-24283.png

https://tidbits.com/2020/04/03/every-zoom-security-and-privacy-flaw-so-far-and-what-you-can-do-to-protect-yourself/

polonus

Google Told Its Workers That They Can’t Use Zoom On Their Laptops Anymore
https://www.buzzfeednews.com/article/pranavdixit/google-bans-zoom

Considering that Google wants you to use their own product, this was expected. :slight_smile:
For those using ZOOM, there was another update yesterday.

Is Zoom secure enough for my happy hour?
https://blog.avast.com/security-tips-for-zoom-social-hours-avast

It is not only Google to ban Zoom, also governments like Taiwan, Germany and American senators:
https://www.ft.com/content/dac7d60b-54fa-402b-8469-70f85aaace76

Encryption keys of non-Chinese user have been sent to Chinese servers. Do we want that?
Using Chinese made devices you do that everyday, remember.

My only hope is that China stays part of our Globe and they will send us loads of good “chi”.

polonus

To read the article, you need to sign up. Not about to happen any time soon. :slight_smile:

https://screencast-o-matic.com/screenshots/u/Lh/1586521106038-99277.png

Over 500,000 Zoom accounts sold on hacker forums, the dark web
https://www.bleepingcomputer.com/news/security/over-500-000-zoom-accounts-sold-on-hacker-forums-the-dark-web/

Why do we have so many topics with the same information?
It makes replying extremely difficult and confusing.