[technology taskforce] Zoom vulnerability discovered
ABDULKARIM AYOPO OLOYEDE
oloyede.aa at unilorin.edu.ng
Mon Aug 5 22:13:31 UTC 2019
Hi,
Thanks for sharing
We have discussed and addressed this.
Cheers
On Mon, 5 Aug 2019, 22:08 Remmy Nweke, <remmyn at gmail.com> wrote:
> HI all,
> I came across this from another platform and thought it should be of
> concern to us as we progress in the technology task force.
>
> "Remember when ICANN switched everyone from Adobe over to Zoom as a way of
> enhancing information security and data privacy?
>
> "A vulnerability in the Mac Zoom Client allows any malicious website to
> enable your camera without your permission... This vulnerability allows any
> website to forcibly join a user to a Zoom call, with their video camera
> activated, without the user's permission. On top of this, this
> vulnerability would have allowed any webpage to DOS (Denial of Service) a
> Mac by repeatedly joining a user to an invalid call. Additionally, if
> you’ve ever installed the Zoom client and then uninstalled it, you still
> have a localhost web server on your machine that will happily re-install
> the Zoom client for you, without requiring any user interaction on your
> behalf besides visiting a webpage. This re-install ‘feature’ continues to
> work to this day."
>
> "Read more here:
> https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
> "
>
> Is there any thing we can do or suggest to our community of even enlighten
> our people?
> ____
> REMMY NWEKE, mNGE,
> Lead Consulting Strategist/Group Executive Editor,
> DigitalSENSE Africa Media [*Multiple-award winning medium*]
> (DigitalSENSE Business News
> <http://www.digitalsenseafrica.com.ng/businessnews>; ITREALMS
> <http://www.itrealms.com.ng>, NaijaAgroNet
> <http://www.naijaagronet.com.ng>)
> Block F1, Shop 133 Moyosore Aboderin Plaza, Bolade Junction, Oshodi-Lagos
> M: 234-8033592762, 8023122558, 8051000475, T: @ITRealms
> <http://www.twitter.com/ITRealms>
> Author: A Decade of ICT Reportage in Nigeria
> <https://www.facebook.com/adecadeofictreportageinnigeria%E2%80%8E>
>
> *2020 Nigeria DigitalSENSE Forum on IG4D & Nigeria IPv6 Roundtable
> <http://www.digitalsenseafrica.com.ng>*
> JOIN us!!
>
> *Vice President, African Civil Society on the Information Society (ACSIS
> <http://www.acsis-scasi.org/en/>)
> _________________________________________________________________
> *Confidentiality Notice:* The information in this document and attachments
> are confidential and may also be privileged information. It is intended
> only for the use of the named recipient. Remmy Nweke does not accept legal
> responsibility for the contents of this e-mail. If you are not the intended
> recipient, please notify me immediately, then delete this document and do
> not disclose the contents of this document to any other person, nor make
> any copies. Violators may face court persecution.
>
>
>
> On Mon, Aug 5, 2019 at 5:21 PM Evin Erdogdu <evin.erdogdu at icann.org>
> wrote:
>
>> Dear All,
>>
>>
>> You may find the action items from today's At-Large Technology Task Force
>> call here: https://community.icann.org/x/bbOjBg
>>
>>
>> Please let staff know if corrections/adjustments should be made.
>>
>>
>> Thank you,
>>
>> Evin
>>
>>
>> ------------------------------
>> *From:* ICANN At-Large Staff
>> *Sent:* Monday, August 05, 2019 1:23 PM
>> *To:* ttf at atlarge-lists.icann.org; Mark Segall; Laura Bengford
>> *Cc:* ICANN At-Large Staff
>> *Subject:* REMINDER / Meeting Invitation: At-Large Technology Taskforce
>> Call on Monday, 05 Aug 2019 at 15:00 UTC for 60 mins
>>
>>
>> Dear All,
>>
>>
>>
>> The next *At-Large* *Technology Taskforce Call *is scheduled for *Monday,
>> 05 Aug 2019 at 15:00 UTC for 60 mins.*
>>
>>
>>
>> For other times: https://tinyurl.com/y2plx4bq
>>
>>
>>
>> The agenda and call details can be found at:
>> https://community.icann.org/x/3KujBg
>>
>>
>>
>> *Zoom Room: **https://icann.zoom.us/j/186985691
>> <https://icann.zoom.us/j/186985691> ** Meeting ID: **186985691
>> <https://icann.zoom.us/j/186985691> *
>>
>>
>>
>> ADIGO Conference Bridge:
>>
>> EN: 1638
>>
>>
>>
>> Toll-free access number (US and Canada): 800 550 6865
>>
>>
>>
>> Other toll-free numbers: *https://www.adigo.com/icann
>> <https://www.adigo.com/icann>*
>>
>>
>>
>> Main Wiki Space: *https://community.icann.org/x/FpfbAQ
>> <https://community.icann.org/x/FpfbAQ>*
>>
>>
>>
>> If you require a dial-out please contact At-Large staff at: *staff at atlarge.icann.org
>> <staff at atlarge.icann.org>*
>>
>>
>>
>>
>>
>> Thank you.
>>
>> Kind regards,
>>
>>
>>
>> At-Large Staff
>>
>>
>>
>> ICANN Policy Staff in support of the At-Large Community
>>
>> Website: atlarge.icann.org
>>
>> Facebook: facebook.com/icann <https://www.facebook.com/icannatlarge>
>> atlarge <https://www.facebook.com/icannatlarge>
>>
>> Twitter: @ <https://twitter.com/ICANNAtLarge>ICANNAtLarge
>> <https://twitter.com/ICANNAtLarge>
>>
>>
>> _______________________________________________
>> ttf mailing list
>> ttf at atlarge-lists.icann.org
>> https://mm.icann.org/mailman/listinfo/ttf
>>
>> _______________________________________________
>> By submitting your personal data, you consent to the processing of your
>> personal data for purposes of subscribing to this mailing list accordance
>> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
>> the website Terms of Service (https://www.icann.org/privacy/tos). You
>> can visit the Mailman link above to change your membership status or
>> configuration, including unsubscribing, setting digest-style delivery or
>> disabling delivery altogether (e.g., for a vacation), and so on.
>
> _______________________________________________
> ttf mailing list
> ttf at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/ttf
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
--
Website <http://www.unilorin.edu.ng>, Weekly Bulletin
<http://www.unilorin.edu.ng/index.php/bulletin> UGPortal
<http://uilugportal.unilorin.edu.ng/> PGPortal
<https://uilpgportal.unilorin.edu.ng/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ttf/attachments/20190805/b02fb045/attachment-0001.html>
More information about the ttf
mailing list