[Ssr2-review] SSR2 and Zoom Vulnerablilites

ALAIN AINA aalain at trstech.net
Fri Jul 19 10:09:58 UTC 2019 

Russ,

> On 16 Jul 2019, at 19:49, Russ Housley <housley at vigilsec.com> wrote:
> 
> The correct URL is (no period):
> 
> 	https://www.icann.org/news/blog/known-zoom-vulnerabilities <https://www.icann.org/news/blog/known-zoom-vulnerabilities>
> 
> I will not be using Zoom.  This was not a security flaw that resulted from a programming mistake.  Storing an application with access to the camera and microphone in a hidden directory is a violation of trust.  To make matters worse, the hidden application kept running even after the Zoom session ended.


I share your concerns, especially after reading the confession below:

https://blog.zoom.us/wordpress/2019/07/10/security-update-and-our-ongoing-efforts/
------
To Our Valued Customers:
Earlier this week, a security researcher published a blog highlighting concerns with aspects of the Zoom platform. In engaging this researcher over the past 90 days, we misjudged the situation and did not respond quickly enough — and that’s on us.  We take full ownership and we’ve learned a great deal. What I can tell you is that we take user security incredibly seriously and we are wholeheartedly committed to doing right by our users.
——

The ICANN blog said  Engineering and IT quality this as moderate and even invoke low risk.  May be we should heard more from them.

Thanks

—Alain

 

> 
> Russ
> 
> 
>> On Jul 16, 2019, at 2:52 PM, MSSI Secretariat <mssi-secretariat at icann.org> wrote:
>> 
>> Hello SSR2 Review Team,
>>  
>> As mentioned on last week’s plenary regarding the Zoom issue for Mac devices, please view the following post;  https://www.icann.org/news/blog/known-zoom-vulnerabilities. <https://www.icann.org/news/blog/known-zoom-vulnerabilities.>
>>  
>> With kind regards,
>> Brenda
>> ---
>> Brenda Brewer, Projects & Operations Assistant
>> Multistakeholder Strategy & Strategic Initiatives (MSSI)
>> Internet Corporation for Assigned Names and Numbers (ICANN)
>> Skype:  brenda.brewer.icann
> _______________________________________________
> Ssr2-review mailing list
> Ssr2-review at icann.org
> https://mm.icann.org/mailman/listinfo/ssr2-review
> 
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ssr2-review/attachments/20190719/cec85b5e/attachment.html>

More information about the Ssr2-review mailing list