[technology taskforce] Zoom vulnerability discovered

Abdeldjalil Bachar Bong abdeldjalil.bachar at gmail.com
Mon Aug 5 23:06:55 UTC 2019 

ICANN blog is here,
https://www.icann.org/news/blog/known-zoom-vulnerabilities

Dev's blog is here,
https://community.icann.org/display/atlarge/Zoom+conferencing+solution

Le mar. 6 août 2019 à 00:05, Tracy F. Hackshaw @ Google <
tracyhackshaw at gmail.com> a écrit :

>
> https://icannatlarge.blog/2019/07/11/ensuring-that-zoom-doesnt-automatically-open-zoom-meeting-links/
> <https://mailtrack.io/trace/link/a92b84a62c2615ef4e4594fa4fad982f6984cb45?url=https%3A%2F%2Ficannatlarge.blog%2F2019%2F07%2F11%2Fensuring-that-zoom-doesnt-automatically-open-zoom-meeting-links%2F&userId=796692&signature=af79e8a46c12514c>
>
>
>
> On Mon, Aug 5, 2019 at 6:16 PM Remmy Nweke <remmyn at gmail.com> wrote:
>
>> Thanks Judith for the update.
>> Do you mind sharing the blog link?
>> ____
>> REMMY NWEKE, mNGE,
>> Lead Consulting Strategist/Group Executive Editor,
>> DigitalSENSE Africa Media [*Multiple-award winning medium*]
>> (DigitalSENSE Business News
>> <http://www.digitalsenseafrica.com.ng/businessnews>; ITREALMS
>> <http://www.itrealms.com.ng>, NaijaAgroNet
>> <http://www.naijaagronet.com.ng>)
>> Block F1, Shop 133 Moyosore Aboderin Plaza, Bolade Junction, Oshodi-Lagos
>> M: 234-8033592762, 8023122558, 8051000475, T: @ITRealms
>> <http://www.twitter.com/ITRealms>
>> Author: A Decade of ICT Reportage in Nigeria
>> <https://www.facebook.com/adecadeofictreportageinnigeria%E2%80%8E>
>>
>> *2020 Nigeria DigitalSENSE Forum on IG4D & Nigeria IPv6 Roundtable
>> <http://www.digitalsenseafrica.com.ng>*
>> JOIN us!!
>>
>> *Vice President, African Civil Society on the Information Society (ACSIS
>> <http://www.acsis-scasi.org/en/>)
>> _________________________________________________________________
>> *Confidentiality Notice:* The information in this document and
>> attachments are confidential and may also be privileged information. It is
>> intended only for the use of the named recipient. Remmy Nweke does not
>> accept legal responsibility for the contents of this e-mail. If you are not
>> the intended recipient, please notify me immediately, then delete this
>> document and do not disclose the contents of this document to any other
>> person, nor make any copies. Violators may face court persecution.
>>
>>
>>
>> On Mon, Aug 5, 2019 at 10:44 PM Judith Hellerstein <
>> judith at jhellerstein.com> wrote:
>>
>>> Hi All
>>> This is old news and we have discussed this on the TTF and have
>>> addressed it on our zoom blog
>>>
>>> Best,
>>> Judith
>>>
>>> Sent from my iPad
>>> judith at jhellerstein.com
>>> Skype ID:JudithHellerstein
>>>
>>> On Aug 5, 2019, at 5:08 PM, Remmy Nweke <remmyn at gmail.com> wrote:
>>>
>>> HI all,
>>> I came across this from another platform and thought it should be of
>>> concern to us as we progress in the technology task force.
>>>
>>> "Remember when ICANN switched everyone from Adobe over to Zoom as a way
>>> of enhancing information security and data privacy?
>>>
>>> "A vulnerability in the Mac Zoom Client allows any malicious website to
>>> enable your camera without your permission... This vulnerability allows any
>>> website to forcibly join a user to a Zoom call, with their video camera
>>> activated, without the user's permission. On top of this, this
>>> vulnerability would have allowed any webpage to DOS (Denial of Service) a
>>> Mac by repeatedly joining a user to an invalid call. Additionally, if
>>> you’ve ever installed the Zoom client and then uninstalled it, you still
>>> have a localhost web server on your machine that will happily re-install
>>> the Zoom client for you, without requiring any user interaction on your
>>> behalf besides visiting a webpage. This re-install ‘feature’ continues to
>>> work to this day."
>>>
>>> "Read more here:
>>> https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
>>> "
>>>
>>> Is there any thing we can do or suggest to our community of even
>>> enlighten our people?
>>> ____
>>> REMMY NWEKE, mNGE,
>>> Lead Consulting Strategist/Group Executive Editor,
>>> DigitalSENSE Africa Media [*Multiple-award winning medium*]
>>> (DigitalSENSE Business News
>>> <http://www.digitalsenseafrica.com.ng/businessnews>; ITREALMS
>>> <http://www.itrealms.com.ng>, NaijaAgroNet
>>> <http://www.naijaagronet.com.ng>)
>>> Block F1, Shop 133 Moyosore Aboderin Plaza, Bolade Junction, Oshodi-Lagos
>>> M: 234-8033592762, 8023122558, 8051000475, T: @ITRealms
>>> <http://www.twitter.com/ITRealms>
>>> Author: A Decade of ICT Reportage in Nigeria
>>> <https://www.facebook.com/adecadeofictreportageinnigeria%E2%80%8E>
>>>
>>> *2020 Nigeria DigitalSENSE Forum on IG4D & Nigeria IPv6 Roundtable
>>> <http://www.digitalsenseafrica.com.ng>*
>>> JOIN us!!
>>>
>>> *Vice President, African Civil Society on the Information Society (ACSIS
>>> <http://www.acsis-scasi.org/en/>)
>>> _________________________________________________________________
>>> *Confidentiality Notice:* The information in this document and
>>> attachments are confidential and may also be privileged information. It is
>>> intended only for the use of the named recipient. Remmy Nweke does not
>>> accept legal responsibility for the contents of this e-mail. If you are not
>>> the intended recipient, please notify me immediately, then delete this
>>> document and do not disclose the contents of this document to any other
>>> person, nor make any copies. Violators may face court persecution.
>>>
>>>
>>>
>>> On Mon, Aug 5, 2019 at 5:21 PM Evin Erdogdu <evin.erdogdu at icann.org>
>>> wrote:
>>>
>>>> Dear All,
>>>>
>>>>
>>>> You may find the action items from today's At-Large Technology Task
>>>> Force call here: https://community.icann.org/x/bbOjBg
>>>>
>>>>
>>>> Please let staff know if corrections/adjustments should be made.
>>>>
>>>>
>>>> Thank you,
>>>>
>>>> Evin
>>>>
>>>>
>>>> ------------------------------
>>>> *From:* ICANN At-Large Staff
>>>> *Sent:* Monday, August 05, 2019 1:23 PM
>>>> *To:* ttf at atlarge-lists.icann.org; Mark Segall; Laura Bengford
>>>> *Cc:* ICANN At-Large Staff
>>>> *Subject:* REMINDER / Meeting Invitation: At-Large Technology
>>>> Taskforce Call on Monday, 05 Aug 2019 at 15:00 UTC for 60 mins
>>>>
>>>>
>>>> Dear All,
>>>>
>>>>
>>>>
>>>> The next *At-Large* *Technology Taskforce Call *is scheduled for *Monday,
>>>> 05 Aug 2019 at 15:00 UTC for 60 mins.*
>>>>
>>>>
>>>>
>>>> For other times: https://tinyurl.com/y2plx4bq
>>>>
>>>>
>>>>
>>>> The agenda and call details can be found at:
>>>> https://community.icann.org/x/3KujBg
>>>>
>>>>
>>>>
>>>> *Zoom Room: **https://icann.zoom.us/j/186985691
>>>> <https://icann.zoom.us/j/186985691> ** Meeting ID: **186985691
>>>> <https://icann.zoom.us/j/186985691> *
>>>>
>>>>
>>>>
>>>> ADIGO Conference Bridge:
>>>>
>>>> EN: 1638
>>>>
>>>>
>>>>
>>>> Toll-free access number (US and Canada): 800 550 6865
>>>>
>>>>
>>>>
>>>> Other toll-free numbers: *https://www.adigo.com/icann
>>>> <https://www.adigo.com/icann>*
>>>>
>>>>
>>>>
>>>> Main Wiki Space: *https://community.icann.org/x/FpfbAQ
>>>> <https://community.icann.org/x/FpfbAQ>*
>>>>
>>>>
>>>>
>>>> If you require a dial-out please contact At-Large staff at: *staff at atlarge.icann.org
>>>> <staff at atlarge.icann.org>*
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Thank you.
>>>>
>>>> Kind regards,
>>>>
>>>>
>>>>
>>>> At-Large Staff
>>>>
>>>>
>>>>
>>>> ICANN Policy Staff in support of the At-Large Community
>>>>
>>>> Website: atlarge.icann.org
>>>>
>>>> Facebook: facebook.com/icann <https://www.facebook.com/icannatlarge>
>>>> atlarge <https://www.facebook.com/icannatlarge>
>>>>
>>>> Twitter: @ <https://twitter.com/ICANNAtLarge>ICANNAtLarge
>>>> <https://twitter.com/ICANNAtLarge>
>>>>
>>>>
>>>> _______________________________________________
>>>> ttf mailing list
>>>> ttf at atlarge-lists.icann.org
>>>> https://mm.icann.org/mailman/listinfo/ttf
>>>>
>>>> _______________________________________________
>>>> By submitting your personal data, you consent to the processing of your
>>>> personal data for purposes of subscribing to this mailing list accordance
>>>> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy)
>>>> and the website Terms of Service (https://www.icann.org/privacy/tos).
>>>> You can visit the Mailman link above to change your membership status or
>>>> configuration, including unsubscribing, setting digest-style delivery or
>>>> disabling delivery altogether (e.g., for a vacation), and so on.
>>>
>>> _______________________________________________
>>> ttf mailing list
>>> ttf at atlarge-lists.icann.org
>>> https://mm.icann.org/mailman/listinfo/ttf
>>>
>>> _______________________________________________
>>> By submitting your personal data, you consent to the processing of your
>>> personal data for purposes of subscribing to this mailing list accordance
>>> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy)
>>> and the website Terms of Service (https://www.icann.org/privacy/tos).
>>> You can visit the Mailman link above to change your membership status or
>>> configuration, including unsubscribing, setting digest-style delivery or
>>> disabling delivery altogether (e.g., for a vacation), and so on.
>>>
>>> _______________________________________________
>> ttf mailing list
>> ttf at atlarge-lists.icann.org
>> https://mm.icann.org/mailman/listinfo/ttf
>>
>> _______________________________________________
>> By submitting your personal data, you consent to the processing of your
>> personal data for purposes of subscribing to this mailing list accordance
>> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
>> the website Terms of Service (https://www.icann.org/privacy/tos). You
>> can visit the Mailman link above to change your membership status or
>> configuration, including unsubscribing, setting digest-style delivery or
>> disabling delivery altogether (e.g., for a vacation), and so on.
>
> _______________________________________________
> ttf mailing list
> ttf at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/ttf
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ttf/attachments/20190806/52439dd3/attachment-0001.html>

More information about the ttf mailing list