[Ssr2-review] SSR2 and Zoom Vulnerablilites
aalain at trstech.net
Fri Jul 19 10:09:58 UTC 2019
> On 16 Jul 2019, at 19:49, Russ Housley <housley at vigilsec.com> wrote:
> The correct URL is (no period):
> https://www.icann.org/news/blog/known-zoom-vulnerabilities <https://www.icann.org/news/blog/known-zoom-vulnerabilities>
> I will not be using Zoom. This was not a security flaw that resulted from a programming mistake. Storing an application with access to the camera and microphone in a hidden directory is a violation of trust. To make matters worse, the hidden application kept running even after the Zoom session ended.
I share your concerns, especially after reading the confession below:
To Our Valued Customers:
Earlier this week, a security researcher published a blog highlighting concerns with aspects of the Zoom platform. In engaging this researcher over the past 90 days, we misjudged the situation and did not respond quickly enough — and that’s on us. We take full ownership and we’ve learned a great deal. What I can tell you is that we take user security incredibly seriously and we are wholeheartedly committed to doing right by our users.
The ICANN blog said Engineering and IT quality this as moderate and even invoke low risk. May be we should heard more from them.
>> On Jul 16, 2019, at 2:52 PM, MSSI Secretariat <mssi-secretariat at icann.org> wrote:
>> Hello SSR2 Review Team,
>> As mentioned on last week’s plenary regarding the Zoom issue for Mac devices, please view the following post; https://www.icann.org/news/blog/known-zoom-vulnerabilities. <https://www.icann.org/news/blog/known-zoom-vulnerabilities.>
>> With kind regards,
>> Brenda Brewer, Projects & Operations Assistant
>> Multistakeholder Strategy & Strategic Initiatives (MSSI)
>> Internet Corporation for Assigned Names and Numbers (ICANN)
>> Skype: brenda.brewer.icann
> Ssr2-review mailing list
> Ssr2-review at icann.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ssr2-review