[technology taskforce] Zoom vulnerability discovered

Tracy F. Hackshaw @ Google tracyhackshaw at gmail.com
Mon Aug 5 23:04:52 UTC 2019 

https://icannatlarge.blog/2019/07/11/ensuring-that-zoom-doesnt-automatically-open-zoom-meeting-links/
<https://mailtrack.io/trace/link/a92b84a62c2615ef4e4594fa4fad982f6984cb45?url=https%3A%2F%2Ficannatlarge.blog%2F2019%2F07%2F11%2Fensuring-that-zoom-doesnt-automatically-open-zoom-meeting-links%2F&userId=796692&signature=af79e8a46c12514c>



On Mon, Aug 5, 2019 at 6:16 PM Remmy Nweke <remmyn at gmail.com> wrote:

> Thanks Judith for the update.
> Do you mind sharing the blog link?
> ____
> REMMY NWEKE, mNGE,
> Lead Consulting Strategist/Group Executive Editor,
> DigitalSENSE Africa Media [*Multiple-award winning medium*]
> (DigitalSENSE Business News
> <http://www.digitalsenseafrica.com.ng/businessnews>; ITREALMS
> <http://www.itrealms.com.ng>, NaijaAgroNet
> <http://www.naijaagronet.com.ng>)
> Block F1, Shop 133 Moyosore Aboderin Plaza, Bolade Junction, Oshodi-Lagos
> M: 234-8033592762, 8023122558, 8051000475, T: @ITRealms
> <http://www.twitter.com/ITRealms>
> Author: A Decade of ICT Reportage in Nigeria
> <https://www.facebook.com/adecadeofictreportageinnigeria%E2%80%8E>
>
> *2020 Nigeria DigitalSENSE Forum on IG4D & Nigeria IPv6 Roundtable
> <http://www.digitalsenseafrica.com.ng>*
> JOIN us!!
>
> *Vice President, African Civil Society on the Information Society (ACSIS
> <http://www.acsis-scasi.org/en/>)
> _________________________________________________________________
> *Confidentiality Notice:* The information in this document and attachments
> are confidential and may also be privileged information. It is intended
> only for the use of the named recipient. Remmy Nweke does not accept legal
> responsibility for the contents of this e-mail. If you are not the intended
> recipient, please notify me immediately, then delete this document and do
> not disclose the contents of this document to any other person, nor make
> any copies. Violators may face court persecution.
>
>
>
> On Mon, Aug 5, 2019 at 10:44 PM Judith Hellerstein <
> judith at jhellerstein.com> wrote:
>
>> Hi All
>> This is old news and we have discussed this on the TTF and have addressed
>> it on our zoom blog
>>
>> Best,
>> Judith
>>
>> Sent from my iPad
>> judith at jhellerstein.com
>> Skype ID:JudithHellerstein
>>
>> On Aug 5, 2019, at 5:08 PM, Remmy Nweke <remmyn at gmail.com> wrote:
>>
>> HI all,
>> I came across this from another platform and thought it should be of
>> concern to us as we progress in the technology task force.
>>
>> "Remember when ICANN switched everyone from Adobe over to Zoom as a way
>> of enhancing information security and data privacy?
>>
>> "A vulnerability in the Mac Zoom Client allows any malicious website to
>> enable your camera without your permission... This vulnerability allows any
>> website to forcibly join a user to a Zoom call, with their video camera
>> activated, without the user's permission. On top of this, this
>> vulnerability would have allowed any webpage to DOS (Denial of Service) a
>> Mac by repeatedly joining a user to an invalid call. Additionally, if
>> you’ve ever installed the Zoom client and then uninstalled it, you still
>> have a localhost web server on your machine that will happily re-install
>> the Zoom client for you, without requiring any user interaction on your
>> behalf besides visiting a webpage. This re-install ‘feature’ continues to
>> work to this day."
>>
>> "Read more here:
>> https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
>> "
>>
>> Is there any thing we can do or suggest to our community of even
>> enlighten our people?
>> ____
>> REMMY NWEKE, mNGE,
>> Lead Consulting Strategist/Group Executive Editor,
>> DigitalSENSE Africa Media [*Multiple-award winning medium*]
>> (DigitalSENSE Business News
>> <http://www.digitalsenseafrica.com.ng/businessnews>; ITREALMS
>> <http://www.itrealms.com.ng>, NaijaAgroNet
>> <http://www.naijaagronet.com.ng>)
>> Block F1, Shop 133 Moyosore Aboderin Plaza, Bolade Junction, Oshodi-Lagos
>> M: 234-8033592762, 8023122558, 8051000475, T: @ITRealms
>> <http://www.twitter.com/ITRealms>
>> Author: A Decade of ICT Reportage in Nigeria
>> <https://www.facebook.com/adecadeofictreportageinnigeria%E2%80%8E>
>>
>> *2020 Nigeria DigitalSENSE Forum on IG4D & Nigeria IPv6 Roundtable
>> <http://www.digitalsenseafrica.com.ng>*
>> JOIN us!!
>>
>> *Vice President, African Civil Society on the Information Society (ACSIS
>> <http://www.acsis-scasi.org/en/>)
>> _________________________________________________________________
>> *Confidentiality Notice:* The information in this document and
>> attachments are confidential and may also be privileged information. It is
>> intended only for the use of the named recipient. Remmy Nweke does not
>> accept legal responsibility for the contents of this e-mail. If you are not
>> the intended recipient, please notify me immediately, then delete this
>> document and do not disclose the contents of this document to any other
>> person, nor make any copies. Violators may face court persecution.
>>
>>
>>
>> On Mon, Aug 5, 2019 at 5:21 PM Evin Erdogdu <evin.erdogdu at icann.org>
>> wrote:
>>
>>> Dear All,
>>>
>>>
>>> You may find the action items from today's At-Large Technology Task
>>> Force call here: https://community.icann.org/x/bbOjBg
>>>
>>>
>>> Please let staff know if corrections/adjustments should be made.
>>>
>>>
>>> Thank you,
>>>
>>> Evin
>>>
>>>
>>> ------------------------------
>>> *From:* ICANN At-Large Staff
>>> *Sent:* Monday, August 05, 2019 1:23 PM
>>> *To:* ttf at atlarge-lists.icann.org; Mark Segall; Laura Bengford
>>> *Cc:* ICANN At-Large Staff
>>> *Subject:* REMINDER / Meeting Invitation: At-Large Technology Taskforce
>>> Call on Monday, 05 Aug 2019 at 15:00 UTC for 60 mins
>>>
>>>
>>> Dear All,
>>>
>>>
>>>
>>> The next *At-Large* *Technology Taskforce Call *is scheduled for *Monday,
>>> 05 Aug 2019 at 15:00 UTC for 60 mins.*
>>>
>>>
>>>
>>> For other times: https://tinyurl.com/y2plx4bq
>>>
>>>
>>>
>>> The agenda and call details can be found at:
>>> https://community.icann.org/x/3KujBg
>>>
>>>
>>>
>>> *Zoom Room: **https://icann.zoom.us/j/186985691
>>> <https://icann.zoom.us/j/186985691> ** Meeting ID: **186985691
>>> <https://icann.zoom.us/j/186985691> *
>>>
>>>
>>>
>>> ADIGO Conference Bridge:
>>>
>>> EN: 1638
>>>
>>>
>>>
>>> Toll-free access number (US and Canada): 800 550 6865
>>>
>>>
>>>
>>> Other toll-free numbers: *https://www.adigo.com/icann
>>> <https://www.adigo.com/icann>*
>>>
>>>
>>>
>>> Main Wiki Space: *https://community.icann.org/x/FpfbAQ
>>> <https://community.icann.org/x/FpfbAQ>*
>>>
>>>
>>>
>>> If you require a dial-out please contact At-Large staff at: *staff at atlarge.icann.org
>>> <staff at atlarge.icann.org>*
>>>
>>>
>>>
>>>
>>>
>>> Thank you.
>>>
>>> Kind regards,
>>>
>>>
>>>
>>> At-Large Staff
>>>
>>>
>>>
>>> ICANN Policy Staff in support of the At-Large Community
>>>
>>> Website: atlarge.icann.org
>>>
>>> Facebook: facebook.com/icann <https://www.facebook.com/icannatlarge>
>>> atlarge <https://www.facebook.com/icannatlarge>
>>>
>>> Twitter: @ <https://twitter.com/ICANNAtLarge>ICANNAtLarge
>>> <https://twitter.com/ICANNAtLarge>
>>>
>>>
>>> _______________________________________________
>>> ttf mailing list
>>> ttf at atlarge-lists.icann.org
>>> https://mm.icann.org/mailman/listinfo/ttf
>>>
>>> _______________________________________________
>>> By submitting your personal data, you consent to the processing of your
>>> personal data for purposes of subscribing to this mailing list accordance
>>> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy)
>>> and the website Terms of Service (https://www.icann.org/privacy/tos).
>>> You can visit the Mailman link above to change your membership status or
>>> configuration, including unsubscribing, setting digest-style delivery or
>>> disabling delivery altogether (e.g., for a vacation), and so on.
>>
>> _______________________________________________
>> ttf mailing list
>> ttf at atlarge-lists.icann.org
>> https://mm.icann.org/mailman/listinfo/ttf
>>
>> _______________________________________________
>> By submitting your personal data, you consent to the processing of your
>> personal data for purposes of subscribing to this mailing list accordance
>> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
>> the website Terms of Service (https://www.icann.org/privacy/tos). You
>> can visit the Mailman link above to change your membership status or
>> configuration, including unsubscribing, setting digest-style delivery or
>> disabling delivery altogether (e.g., for a vacation), and so on.
>>
>> _______________________________________________
> ttf mailing list
> ttf at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/ttf
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ttf/attachments/20190805/c5ed3085/attachment-0001.html>

More information about the ttf mailing list