[technology taskforce] Zoom vulnerability discovered

Judith Hellerstein judith at jhellerstein.com
Mon Aug 5 21:43:57 UTC 2019


Hi All
This is old news and we have discussed this on the TTF and have addressed it on our zoom blog

Best,
Judith

Sent from my iPad 
judith at jhellerstein.com 
Skype ID:JudithHellerstein

> On Aug 5, 2019, at 5:08 PM, Remmy Nweke <remmyn at gmail.com> wrote:
> 
> HI all,
> I came across this from another platform and thought it should be of concern to us as we progress in the technology task force.
> 
> "Remember when ICANN switched everyone from Adobe over to Zoom as a way of enhancing information security and data privacy?
> 
> "A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission... This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user's permission. On top of this, this vulnerability would have allowed any webpage to DOS (Denial of Service) a Mac by repeatedly joining a user to an invalid call. Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day."
> 
> "Read more here: https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5"
> 
> Is there any thing we can do or suggest to our community of even enlighten our people?
> ____
> REMMY NWEKE, mNGE,  
> Lead Consulting Strategist/Group Executive Editor, 
> DigitalSENSE Africa Media [Multiple-award winning medium]
> (DigitalSENSE Business News; ITREALMS, NaijaAgroNet)
> Block F1, Shop 133 Moyosore Aboderin Plaza, Bolade Junction, Oshodi-Lagos
> M: 234-8033592762, 8023122558, 8051000475, T: @ITRealms
> Author: A Decade of ICT Reportage in Nigeria
> 
> 2020 Nigeria DigitalSENSE Forum on IG4D & Nigeria IPv6 Roundtable 
> JOIN us!!
> 
> *Vice President, African Civil Society on the Information Society (ACSIS)
> _________________________________________________________________
> *Confidentiality Notice:* The information in this document and attachments are confidential and may also be privileged information. It is intended only for the use of the named recipient. Remmy Nweke does not accept legal responsibility for the contents of this e-mail. If you are not the intended recipient, please notify me immediately, then delete this document and do not disclose the contents of this document to any other person, nor make any copies. Violators may face court persecution.
> 
> 
> 
>> On Mon, Aug 5, 2019 at 5:21 PM Evin Erdogdu <evin.erdogdu at icann.org> wrote:
>> Dear All,
>> 
>> 
>> You may find the action items from today's At-Large Technology Task Force call here: https://community.icann.org/x/bbOjBg
>> 
>> Please let staff know if corrections/adjustments should be made.
>> 
>> 
>> Thank you,
>> 
>> Evin
>> 
>> From: ICANN At-Large Staff
>> Sent: Monday, August 05, 2019 1:23 PM
>> To: ttf at atlarge-lists.icann.org; Mark Segall; Laura Bengford
>> Cc: ICANN At-Large Staff
>> Subject: REMINDER / Meeting Invitation: At-Large Technology Taskforce Call on Monday, 05 Aug 2019 at 15:00 UTC for 60 mins
>>  
>> Dear All,
>> 
>>  
>> 
>> The next At-Large Technology Taskforce Call is scheduled for Monday, 05 Aug 2019 at 15:00 UTC for 60 mins.
>> 
>>  
>> 
>> For other times: https://tinyurl.com/y2plx4bq
>> 
>>  
>> 
>> The agenda and call details can be found at: https://community.icann.org/x/3KujBg
>> 
>>  
>> 
>> Zoom Room: https://icann.zoom.us/j/186985691  Meeting ID: 186985691 
>> 
>>  
>> 
>> ADIGO Conference Bridge:
>> 
>> EN: 1638
>> 
>>  
>> 
>> Toll-free access number (US and Canada): 800 550 6865
>> 
>>  
>> 
>> Other toll-free numbers: https://www.adigo.com/icann
>> 
>>  
>> 
>> Main Wiki Space: https://community.icann.org/x/FpfbAQ
>> 
>>  
>> 
>> If you require a dial-out please contact At-Large staff at: staff at atlarge.icann.org
>> 
>>  
>> 
>>  
>> 
>> Thank you.
>> 
>> Kind regards,
>> 
>>  
>> 
>> At-Large Staff
>> 
>>  
>> 
>> ICANN Policy Staff in support of the At-Large Community
>> 
>> Website: atlarge.icann.org
>> 
>> Facebook: facebook.com/icannatlarge
>> 
>> Twitter: @ICANNAtLarge
>> 
>>  
>> 
>> _______________________________________________
>> ttf mailing list
>> ttf at atlarge-lists.icann.org
>> https://mm.icann.org/mailman/listinfo/ttf
>> 
>> _______________________________________________
>> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
> _______________________________________________
> ttf mailing list
> ttf at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/ttf
> 
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ttf/attachments/20190805/c53d0c74/attachment.html>


More information about the ttf mailing list