<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Russ,<br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 16 Jul 2019, at 19:49, Russ Housley <<a href="mailto:housley@vigilsec.com" class="">housley@vigilsec.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">The correct URL is (no period):<div class=""><br class=""></div><div class=""><span class="Apple-tab-span" style="white-space:pre">  </span><a href="https://www.icann.org/news/blog/known-zoom-vulnerabilities" class="">https://www.icann.org/news/blog/known-zoom-vulnerabilities</a><div class=""><br class=""></div><div class="">I will not be using Zoom.  This was not a security flaw that resulted from a programming mistake.  Storing an application with access to the camera and microphone in a hidden directory is a violation of trust.  To make matters worse, the hidden application kept running even after the Zoom session ended.</div></div></div></div></blockquote><div><br class=""></div><div><br class=""></div>I share your concerns, especially after reading the confession below:</div><div><br class=""></div><div><a href="https://blog.zoom.us/wordpress/2019/07/10/security-update-and-our-ongoing-efforts/" class="">https://blog.zoom.us/wordpress/2019/07/10/security-update-and-our-ongoing-efforts/</a></div><div>------</div><div><div style="box-sizing: border-box; margin: 0px; padding: 0px; border: 0px; font-size: 15.399999618530273px; vertical-align: baseline; caret-color: rgb(19, 35, 41); color: rgb(19, 35, 41); font-family: aktiv-grotesk, Helvetica, sans-serif;" class=""><span style="box-sizing: border-box; margin: 0px; padding: 0px; border: 0px; vertical-align: baseline;" class="">To Our Valued Customers:</span></div><p style="box-sizing: border-box; margin: 1em 0px 0px; padding: 0px; border: 0px; font-size: 15.399999618530273px; vertical-align: baseline; caret-color: rgb(19, 35, 41); color: rgb(19, 35, 41); font-family: aktiv-grotesk, Helvetica, sans-serif;" class=""><span style="box-sizing: border-box; margin: 0px; padding: 0px; border: 0px; vertical-align: baseline;" class="">Earlier this week, a security researcher published a blog highlighting concerns with aspects of the Zoom platform. In engaging this researcher over the past 90 days, we misjudged the situation and did not respond quickly enough — and that’s on us.  We take full ownership and we’ve learned a great deal. What I can tell you is that we take user security incredibly seriously and we are wholeheartedly committed to doing right by our users.</span></p><div class="">——</div><div class=""><br class=""></div><div class="">The ICANN blog said  Engineering and IT quality this as moderate and even invoke low risk.  May be we should heard more from them.</div><div class=""><br class=""></div><div class="">Thanks</div><div class=""><br class=""></div><div class="">—Alain</div><div class=""><br class=""></div><div class=""> </div><div class=""><br class=""></div><blockquote type="cite" class=""><div class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class=""><div class=""><br class=""></div><div class="">Russ</div><div class=""><br class=""><div class=""><br class=""><blockquote type="cite" class=""><div class="">On Jul 16, 2019, at 2:52 PM, MSSI Secretariat <<a href="mailto:mssi-secretariat@icann.org" class="">mssi-secretariat@icann.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="WordSection1" style="page: WordSection1; caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class="">Hello SSR2 Review Team,<o:p class=""></o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><o:p class=""> </o:p></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class="">As mentioned on last week’s plenary regarding the Zoom issue for Mac devices, please view the following post;<span style="font-size: 11pt;" class=""> <span class="Apple-converted-space"> </span></span><a href="https://www.icann.org/news/blog/known-zoom-vulnerabilities." style="color: rgb(149, 79, 114); text-decoration: underline;" class="">https://www.icann.org/news/blog/known-zoom-vulnerabilities.</a><span style="font-size: 13pt; font-family: Arial, sans-serif;" class=""><o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 13pt; font-family: Arial, sans-serif;" class=""><o:p class=""> </o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 10pt; font-family: Arial, sans-serif;" class="">With kind regards,<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 10pt; font-family: Arial, sans-serif;" class="">Brenda<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 10pt; font-family: Arial, sans-serif;" class="">---<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><b class=""><i class=""><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(19, 118, 211);" class="">Brenda Brewer, Projects & Operations Assistant</span></i></b><i class=""><span style="font-size: 10pt; font-family: Arial, sans-serif; color: rgb(19, 118, 211);" class=""><o:p class=""></o:p></span></i></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 10pt; font-family: Arial, sans-serif;" class="">Multistakeholder Strategy & Strategic Initiatives (MSSI)<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 10pt; font-family: Arial, sans-serif;" class="">Internet Corporation for Assigned Names and Numbers (ICANN)<o:p class=""></o:p></span></div><div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 10pt; font-family: Arial, sans-serif;" class="">Skype:  brenda.brewer.icann</span></div></div></div></blockquote></div></div></div></div>_______________________________________________<br class="">Ssr2-review mailing list<br class=""><a href="mailto:Ssr2-review@icann.org" class="">Ssr2-review@icann.org</a><br class="">https://mm.icann.org/mailman/listinfo/ssr2-review<br class=""><br class="">_______________________________________________<br class="">By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</div></blockquote></div><br class=""></body></html>