[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

[LUG] zoom not fit for purpose

To: "list@xxxxxxxxxxxxx" <list@xxxxxxxxxxxxx>
Subject: [LUG] zoom not fit for purpose
From: comrade meowski <mr.meowski@xxxxxxxx>
Date: Wed, 1 Apr 2020 22:33:35 +0100
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=live.com; dmarc=pass action=none header.from=live.com; dkim=pass header.d=live.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G+lq9ETyXLK2OuCgytEP6qclDrA6lBegXRllUquwIHg=; b=FnouXhW4deJ7ABbAfj9EKCD+RLK7j0Zp5tngC+KsunTny5kbD7W91CnPJSp1czsz5pT/erP5d+usfLe9dF+SsLWKZmoaDvYCozyAukXJOiwutnPsQQG8ZzvtzcpN+3B6kED5J8LJW3v+/MxV6XYjHLs0Ero5+7Yjx7JFuDfUMbmA1BLxDU0BUAHk2NpL3tT9K8YCjfxpNYlgm/L5kJBSF8I7qoYoQOwCnmnoA2tTkPnL6lriwSRVS3HFx+2kTHJQFw27io8ioZlUfaSVIw0xuuOdwrKcN4rM0KtxuQb0schcJP9cYRfC+kPkHxLZ5leBdrAyAi46VTwO4o02V+09xA==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SV/ADFLfZoHUvvNr6CQgHsHb3lLSdnjsxQJ3m8W313poFndZ05DECT42EmwTUYAZJ4Pu78TI51OR0buYNfHvmiQ8dKrnEXLdf4wQJTwCqrvsvwPpunnTqA4vW4eCVXBQU6nX8RhnLbRgSGOJsXUKT30/CjOf2gjuEMtRAH7H+gmO3UMf1in9dPkeat2QH4WhvPKYVluW/1fzC5DFH8C7O6DcabQ432VVBTNwT6dXin9+NSHnGOQmj7g2HDt6bmZA3n/NMhkrvnvFOmjcVWBTxSQ+oPiKrERuJHkvRubOo0C7a5o7FRAhDxufqz4Y+sU/z4TPE03Q5cTjBoEVc6EFpQ==
Content-language: en-GB
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1570611962; h=Sender:Content-Type: Content-Transfer-Encoding:Reply-To:List-Subscribe:List-Help:List-Post: List-Unsubscribe:List-Id:Subject:MIME-Version:Date:Message-ID:From:To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner: List-Archive; bh=hH3gAk8np6uU+Q8f0uyKOwDAtSmKT9TCQA8Tq8ofLLY=; b=XNj0sPqCmzPC pqwYMG2S0Ct0j8ufGUnYAPJWwE7yZzQ8mgp47ockn5Gd8ya29mPMtZUNMfT6DX5uSi0RpVUJYuJ/Q 3GVhV4KyHQWPPbnyulBIHRnbCoaELnFObY8kY2iyzLQG9HoZDP2WEtQqK5ablDvk5szQ+kCfiO272 in1W4=;
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=live.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G+lq9ETyXLK2OuCgytEP6qclDrA6lBegXRllUquwIHg=; b=O4bvzTtM+YvNphKSvQzVm7GNOG473zX6ZGRWJO9vkM8BewvkbntSMctgruLE2X1ZEABWGpSn9xMdt6Bz+nS9s3M8F+P2Wq+sFQd3Dj5jJXI3Bq3jlBXrBXf4QQoBiTUApgn5tSL0l0lwWJz8xS5v1hr2a0WUqdZU6y+ffYnQVGN3YP5+yFfslvN66/31cHR0qN50YL+8SLo/5MsWMsZxXYGOPXNFp7ZELOkUyyGNczeniLTbOTszcHnyiCGpW09SzupjdN4NhqbilllCjly0gKNtH4J2D9TfGkVvYGNh16ipZYKmBWN7F3E+QsdxiWpbKMyLyIspPkQ4gV700wIAGQ==

I was already sceptical of Zoom even before Covid-19 catapulted it intothe limelight but as it came up here just recently and people werealready using it, here's a (shamelessly cribbed from someone elseonline) list of the unforgivable crap they've been caught at recently:

- installing a hidden web server on macOS clients that persists evenafter uninstalling Zoom (https://www.theverge.com/2019/7/10/2068 ...nerability)- claiming to have end-to-end enryption while actually only deliveringendpoint-to-server encryption (https://www.google.com/url?sa=t&rct=j&q... Leug4pNcUP)- leaking information to Facebook(https://www.bloomberg.com/news/articles ... sonal-data)- leaking information to other customers who happen to share a domain(https://www.vice.com/en_us/article/k7e9 ... ses-photos1)- actively evading installer security checks on macOS(https://twitter.com/c1truz_/status/12447376729308241932)- leaking credentials due to a very ill-advised 'feature'(https://www.bleepingcomputer.com/news/s ... attackers/)- using easily guessable meeting id numbers that allow random people onthe internet to join (zoombombing)(https://mobile.twitter.com/dhh/status/1 ... 74885836813)


And today's new addition:

- Zoom Lets Attackers Steal Windows Credentials via UNC Links
(https://www.bleepingcomputer.com/news/security/zoom-lets-attackers-steal-windows-credentials-via-unc-links/)

Seriously what the hell are these people doing?

Conclusion: only use it if forced to at gun point by whoever is payingyour salary. If you're a sysadmin put your foot down and overrule yourpointy haired boss and ban it at the network edge already.

Microsoft Skype or even Facebook Messenger would be a less terriblechoice at this point. _Not communicating_ would be a better choice thanusing Zoom at this stage.


--
The Mailing List for the Devon & Cornwall LUG
https://mailman.dcglug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Follow-up: Re: [LUG] zoom not fit for purpose
- From: Neil
Follow-up: Re: [LUG] zoom not fit for purpose
- From: comrade meowski

Prev by Date: [LUG] kernel 5.6 + virtualisation
Next by Date: Re: [LUG] Use Jitsi for video conferencing was Re: Skype
Previous by thread: [LUG] kernel 5.6 + virtualisation
Next by thread: Re: [LUG] zoom not fit for purpose
Index(es):
- Date
- Thread