[technology taskforce] Zoom vulnerability discovered

Remmy Nweke remmyn at gmail.com
Mon Aug 5 23:08:57 UTC 2019


Thanks all for the link.
Regards
____
REMMY NWEKE, mNGE,
Lead Consulting Strategist/Group Executive Editor,
DigitalSENSE Africa Media [*Multiple-award winning medium*]
(DigitalSENSE Business News
<http://www.digitalsenseafrica.com.ng/businessnews>; ITREALMS
<http://www.itrealms.com.ng>, NaijaAgroNet <http://www.naijaagronet.com.ng>)
Block F1, Shop 133 Moyosore Aboderin Plaza, Bolade Junction, Oshodi-Lagos
M: 234-8033592762, 8023122558, 8051000475, T: @ITRealms
<http://www.twitter.com/ITRealms>
Author: A Decade of ICT Reportage in Nigeria
<https://www.facebook.com/adecadeofictreportageinnigeria%E2%80%8E>

*2020 Nigeria DigitalSENSE Forum on IG4D & Nigeria IPv6 Roundtable
<http://www.digitalsenseafrica.com.ng>*
JOIN us!!

*Vice President, African Civil Society on the Information Society (ACSIS
<http://www.acsis-scasi.org/en/>)
_________________________________________________________________
*Confidentiality Notice:* The information in this document and attachments
are confidential and may also be privileged information. It is intended
only for the use of the named recipient. Remmy Nweke does not accept legal
responsibility for the contents of this e-mail. If you are not the intended
recipient, please notify me immediately, then delete this document and do
not disclose the contents of this document to any other person, nor make
any copies. Violators may face court persecution.



On Tue, Aug 6, 2019 at 12:05 AM Tracy F. Hackshaw @ Google <
tracyhackshaw at gmail.com> wrote:

>
> https://icannatlarge.blog/2019/07/11/ensuring-that-zoom-doesnt-automatically-open-zoom-meeting-links/
> <https://mailtrack.io/trace/link/a92b84a62c2615ef4e4594fa4fad982f6984cb45?url=https%3A%2F%2Ficannatlarge.blog%2F2019%2F07%2F11%2Fensuring-that-zoom-doesnt-automatically-open-zoom-meeting-links%2F&userId=796692&signature=af79e8a46c12514c>
>
>
>
> On Mon, Aug 5, 2019 at 6:16 PM Remmy Nweke <remmyn at gmail.com> wrote:
>
>> Thanks Judith for the update.
>> Do you mind sharing the blog link?
>> ____
>> REMMY NWEKE, mNGE,
>> Lead Consulting Strategist/Group Executive Editor,
>> DigitalSENSE Africa Media [*Multiple-award winning medium*]
>> (DigitalSENSE Business News
>> <http://www.digitalsenseafrica.com.ng/businessnews>; ITREALMS
>> <http://www.itrealms.com.ng>, NaijaAgroNet
>> <http://www.naijaagronet.com.ng>)
>> Block F1, Shop 133 Moyosore Aboderin Plaza, Bolade Junction, Oshodi-Lagos
>> M: 234-8033592762, 8023122558, 8051000475, T: @ITRealms
>> <http://www.twitter.com/ITRealms>
>> Author: A Decade of ICT Reportage in Nigeria
>> <https://www.facebook.com/adecadeofictreportageinnigeria%E2%80%8E>
>>
>> *2020 Nigeria DigitalSENSE Forum on IG4D & Nigeria IPv6 Roundtable
>> <http://www.digitalsenseafrica.com.ng>*
>> JOIN us!!
>>
>> *Vice President, African Civil Society on the Information Society (ACSIS
>> <http://www.acsis-scasi.org/en/>)
>> _________________________________________________________________
>> *Confidentiality Notice:* The information in this document and
>> attachments are confidential and may also be privileged information. It is
>> intended only for the use of the named recipient. Remmy Nweke does not
>> accept legal responsibility for the contents of this e-mail. If you are not
>> the intended recipient, please notify me immediately, then delete this
>> document and do not disclose the contents of this document to any other
>> person, nor make any copies. Violators may face court persecution.
>>
>>
>>
>> On Mon, Aug 5, 2019 at 10:44 PM Judith Hellerstein <
>> judith at jhellerstein.com> wrote:
>>
>>> Hi All
>>> This is old news and we have discussed this on the TTF and have
>>> addressed it on our zoom blog
>>>
>>> Best,
>>> Judith
>>>
>>> Sent from my iPad
>>> judith at jhellerstein.com
>>> Skype ID:JudithHellerstein
>>>
>>> On Aug 5, 2019, at 5:08 PM, Remmy Nweke <remmyn at gmail.com> wrote:
>>>
>>> HI all,
>>> I came across this from another platform and thought it should be of
>>> concern to us as we progress in the technology task force.
>>>
>>> "Remember when ICANN switched everyone from Adobe over to Zoom as a way
>>> of enhancing information security and data privacy?
>>>
>>> "A vulnerability in the Mac Zoom Client allows any malicious website to
>>> enable your camera without your permission... This vulnerability allows any
>>> website to forcibly join a user to a Zoom call, with their video camera
>>> activated, without the user's permission. On top of this, this
>>> vulnerability would have allowed any webpage to DOS (Denial of Service) a
>>> Mac by repeatedly joining a user to an invalid call. Additionally, if
>>> you’ve ever installed the Zoom client and then uninstalled it, you still
>>> have a localhost web server on your machine that will happily re-install
>>> the Zoom client for you, without requiring any user interaction on your
>>> behalf besides visiting a webpage. This re-install ‘feature’ continues to
>>> work to this day."
>>>
>>> "Read more here:
>>> https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5
>>> "
>>>
>>> Is there any thing we can do or suggest to our community of even
>>> enlighten our people?
>>> ____
>>> REMMY NWEKE, mNGE,
>>> Lead Consulting Strategist/Group Executive Editor,
>>> DigitalSENSE Africa Media [*Multiple-award winning medium*]
>>> (DigitalSENSE Business News
>>> <http://www.digitalsenseafrica.com.ng/businessnews>; ITREALMS
>>> <http://www.itrealms.com.ng>, NaijaAgroNet
>>> <http://www.naijaagronet.com.ng>)
>>> Block F1, Shop 133 Moyosore Aboderin Plaza, Bolade Junction, Oshodi-Lagos
>>> M: 234-8033592762, 8023122558, 8051000475, T: @ITRealms
>>> <http://www.twitter.com/ITRealms>
>>> Author: A Decade of ICT Reportage in Nigeria
>>> <https://www.facebook.com/adecadeofictreportageinnigeria%E2%80%8E>
>>>
>>> *2020 Nigeria DigitalSENSE Forum on IG4D & Nigeria IPv6 Roundtable
>>> <http://www.digitalsenseafrica.com.ng>*
>>> JOIN us!!
>>>
>>> *Vice President, African Civil Society on the Information Society (ACSIS
>>> <http://www.acsis-scasi.org/en/>)
>>> _________________________________________________________________
>>> *Confidentiality Notice:* The information in this document and
>>> attachments are confidential and may also be privileged information. It is
>>> intended only for the use of the named recipient. Remmy Nweke does not
>>> accept legal responsibility for the contents of this e-mail. If you are not
>>> the intended recipient, please notify me immediately, then delete this
>>> document and do not disclose the contents of this document to any other
>>> person, nor make any copies. Violators may face court persecution.
>>>
>>>
>>>
>>> On Mon, Aug 5, 2019 at 5:21 PM Evin Erdogdu <evin.erdogdu at icann.org>
>>> wrote:
>>>
>>>> Dear All,
>>>>
>>>>
>>>> You may find the action items from today's At-Large Technology Task
>>>> Force call here: https://community.icann.org/x/bbOjBg
>>>>
>>>>
>>>> Please let staff know if corrections/adjustments should be made.
>>>>
>>>>
>>>> Thank you,
>>>>
>>>> Evin
>>>>
>>>>
>>>> ------------------------------
>>>> *From:* ICANN At-Large Staff
>>>> *Sent:* Monday, August 05, 2019 1:23 PM
>>>> *To:* ttf at atlarge-lists.icann.org; Mark Segall; Laura Bengford
>>>> *Cc:* ICANN At-Large Staff
>>>> *Subject:* REMINDER / Meeting Invitation: At-Large Technology
>>>> Taskforce Call on Monday, 05 Aug 2019 at 15:00 UTC for 60 mins
>>>>
>>>>
>>>> Dear All,
>>>>
>>>>
>>>>
>>>> The next *At-Large* *Technology Taskforce Call *is scheduled for *Monday,
>>>> 05 Aug 2019 at 15:00 UTC for 60 mins.*
>>>>
>>>>
>>>>
>>>> For other times: https://tinyurl.com/y2plx4bq
>>>>
>>>>
>>>>
>>>> The agenda and call details can be found at:
>>>> https://community.icann.org/x/3KujBg
>>>>
>>>>
>>>>
>>>> *Zoom Room: **https://icann.zoom.us/j/186985691
>>>> <https://icann.zoom.us/j/186985691> ** Meeting ID: **186985691
>>>> <https://icann.zoom.us/j/186985691> *
>>>>
>>>>
>>>>
>>>> ADIGO Conference Bridge:
>>>>
>>>> EN: 1638
>>>>
>>>>
>>>>
>>>> Toll-free access number (US and Canada): 800 550 6865
>>>>
>>>>
>>>>
>>>> Other toll-free numbers: *https://www.adigo.com/icann
>>>> <https://www.adigo.com/icann>*
>>>>
>>>>
>>>>
>>>> Main Wiki Space: *https://community.icann.org/x/FpfbAQ
>>>> <https://community.icann.org/x/FpfbAQ>*
>>>>
>>>>
>>>>
>>>> If you require a dial-out please contact At-Large staff at: *staff at atlarge.icann.org
>>>> <staff at atlarge.icann.org>*
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Thank you.
>>>>
>>>> Kind regards,
>>>>
>>>>
>>>>
>>>> At-Large Staff
>>>>
>>>>
>>>>
>>>> ICANN Policy Staff in support of the At-Large Community
>>>>
>>>> Website: atlarge.icann.org
>>>>
>>>> Facebook: facebook.com/icann <https://www.facebook.com/icannatlarge>
>>>> atlarge <https://www.facebook.com/icannatlarge>
>>>>
>>>> Twitter: @ <https://twitter.com/ICANNAtLarge>ICANNAtLarge
>>>> <https://twitter.com/ICANNAtLarge>
>>>>
>>>>
>>>> _______________________________________________
>>>> ttf mailing list
>>>> ttf at atlarge-lists.icann.org
>>>> https://mm.icann.org/mailman/listinfo/ttf
>>>>
>>>> _______________________________________________
>>>> By submitting your personal data, you consent to the processing of your
>>>> personal data for purposes of subscribing to this mailing list accordance
>>>> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy)
>>>> and the website Terms of Service (https://www.icann.org/privacy/tos).
>>>> You can visit the Mailman link above to change your membership status or
>>>> configuration, including unsubscribing, setting digest-style delivery or
>>>> disabling delivery altogether (e.g., for a vacation), and so on.
>>>
>>> _______________________________________________
>>> ttf mailing list
>>> ttf at atlarge-lists.icann.org
>>> https://mm.icann.org/mailman/listinfo/ttf
>>>
>>> _______________________________________________
>>> By submitting your personal data, you consent to the processing of your
>>> personal data for purposes of subscribing to this mailing list accordance
>>> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy)
>>> and the website Terms of Service (https://www.icann.org/privacy/tos).
>>> You can visit the Mailman link above to change your membership status or
>>> configuration, including unsubscribing, setting digest-style delivery or
>>> disabling delivery altogether (e.g., for a vacation), and so on.
>>>
>>> _______________________________________________
>> ttf mailing list
>> ttf at atlarge-lists.icann.org
>> https://mm.icann.org/mailman/listinfo/ttf
>>
>> _______________________________________________
>> By submitting your personal data, you consent to the processing of your
>> personal data for purposes of subscribing to this mailing list accordance
>> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
>> the website Terms of Service (https://www.icann.org/privacy/tos). You
>> can visit the Mailman link above to change your membership status or
>> configuration, including unsubscribing, setting digest-style delivery or
>> disabling delivery altogether (e.g., for a vacation), and so on.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ttf/attachments/20190806/9e2d4636/attachment-0001.html>


More information about the ttf mailing list