<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Thanks Judith. You know, in these matters there is often some hype
that makes it bigger than what it actually is, so I'd rather receive
good, quality advice on this, rather than read the hyperbolic
debates on the Internet.<br>
Kindest regards,<br>
<br>
Olivier<br>
<br>
<div class="moz-cite-prefix">On 10/07/2019 20:26, Judith Hellerstein
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:a14197db-6dc7-08f6-bd7a-fb40f520d8fe@jhellerstein.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>HI Olivier,</p>
<p>OK will write a note to the Tech team and ask them to do
exactly that. People are just coming back from Vacations so it
is a bit slow. I know I just got last night</p>
<p>Best,</p>
<p>Judith<br>
</p>
<pre class="moz-signature" cols="80">_________________________________________________________________________
Judith Hellerstein, Founder & CEO
Hellerstein & Associates
3001 Veazey Terrace NW, Washington DC 20008
Phone: (202) 362-5139 Skype ID: judithhellerstein
Mobile/Whats app: +1202-333-6517
E-mail: <a class="moz-txt-link-abbreviated" href="mailto:Judith@jhellerstein.com" moz-do-not-send="true">Judith@jhellerstein.com</a> Website: <a class="moz-txt-link-abbreviated" href="http://www.jhellerstein.com" moz-do-not-send="true">www.jhellerstein.com</a>
Linked In: <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/jhellerstein/" moz-do-not-send="true">www.linkedin.com/in/jhellerstein/</a>
Opening Telecom & Technology Opportunities Worldwide
</pre>
<div class="moz-cite-prefix">On 7/10/2019 7:22 PM, Olivier MJ
Crépin-Leblond wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1ad8e95d-d7bc-e0b1-d89b-f43b41e458d0@gih.com">
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
Hello all,<br>
<br>
discussions are heating up on the topic of Zoom both in NCSG
mailing list, and on the EURALO discuss mailing list. Isn't this
issue more urgent than waiting for a future TTF call, the date
of which is, at present, not even set?<br>
At least a call from the TTF to ICANN Tech Team to write a Blog
of what their risk assessment is, with regards to this
conferencing technology? In the meantime, conversations about
this are springing up on several other mailing lists...<br>
Kindest regards,<br>
<br>
Olivier<br>
<div class="moz-forward-container"><br>
<br>
-------- Forwarded Message --------
<table class="moz-email-headers-table" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Subject:
</th>
<td>AW: [EURO-Discuss] Zoom Structural Vulnerability
Discovered</td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Date:
</th>
<td>Wed, 10 Jul 2019 14:12:57 +0000</td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">From:
</th>
<td>Mühlberg, Annette <a class="moz-txt-link-rfc2396E"
href="mailto:annette.muehlberg@verdi.de"
moz-do-not-send="true"><annette.muehlberg@verdi.de></a></td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">To:
</th>
<td>Jean-Jacques Subrenat <a
class="moz-txt-link-rfc2396E"
href="mailto:jjs@dyalog.net" moz-do-not-send="true"><jjs@dyalog.net></a>,
<a class="moz-txt-link-abbreviated"
href="mailto:ncsg-discuss@listserv.syr.edu"
moz-do-not-send="true">ncsg-discuss@listserv.syr.edu</a>
<a class="moz-txt-link-rfc2396E"
href="mailto:ncsg-discuss@listserv.syr.edu"
moz-do-not-send="true"><ncsg-discuss@listserv.syr.edu></a>,
Paul Rosenzweig <a class="moz-txt-link-rfc2396E"
href="mailto:paul.rosenzweig@redbranchconsulting.com"
moz-do-not-send="true"><paul.rosenzweig@redbranchconsulting.com></a>,
EURALO LIST <a class="moz-txt-link-rfc2396E"
href="mailto:euro-discuss@atlarge-lists.icann.org"
moz-do-not-send="true"><euro-discuss@atlarge-lists.icann.org></a>,
Olivier MJ Crepin-Leblond <a
class="moz-txt-link-rfc2396E"
href="mailto:ocl@gih.com" moz-do-not-send="true"><ocl@gih.com></a>,
<a class="moz-txt-link-abbreviated"
href="mailto:maureen.hilyard@gmail.com"
moz-do-not-send="true">maureen.hilyard@gmail.com</a>
<a class="moz-txt-link-rfc2396E"
href="mailto:maureen.hilyard@gmail.com"
moz-do-not-send="true"><maureen.hilyard@gmail.com></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.airmailon, li.airmailon, div.airmailon
{mso-style-name:airmail_on;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.E-MailFormatvorlage19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US">Dear All,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US">+1 for JJS: </span><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">set up a specifications sheet for a
desirable conferencing tool, based on needs expressed by
the multi-stakeholder community, and publish that as a
tender. Offers received could then be reviewed not only
by Staff, but in consultation with ACs and SOs.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US">Such needs include data privacy, technical
stability and preferably open standards.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US">Best regards<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US">Annette<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">***<o:p></o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">Annette
Mühlberg <o:p></o:p></span></b></p>
</div>
<p class="MsoNormal"><span
style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Von:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">
EURO-Discuss <a class="moz-txt-link-rfc2396E"
href="mailto:euro-discuss-bounces@atlarge-lists.icann.org"
moz-do-not-send="true"><euro-discuss-bounces@atlarge-lists.icann.org></a>
<b>Im Auftrag von </b>Jean-Jacques Subrenat<br>
<b>Gesendet:</b> Mittwoch, 10. Juli 2019 15:22<br>
<b>An:</b> <a class="moz-txt-link-abbreviated"
href="mailto:ncsg-discuss@listserv.syr.edu"
moz-do-not-send="true">ncsg-discuss@listserv.syr.edu</a>;
Paul Rosenzweig <a class="moz-txt-link-rfc2396E"
href="mailto:paul.rosenzweig@redbranchconsulting.com"
moz-do-not-send="true"><paul.rosenzweig@redbranchconsulting.com></a>;
EURALO LIST <a class="moz-txt-link-rfc2396E"
href="mailto:euro-discuss@atlarge-lists.icann.org"
moz-do-not-send="true"><euro-discuss@atlarge-lists.icann.org></a>;
Olivier MJ Crepin-Leblond <a
class="moz-txt-link-rfc2396E"
href="mailto:ocl@gih.com" moz-do-not-send="true"><ocl@gih.com></a>;
<a class="moz-txt-link-abbreviated"
href="mailto:maureen.hilyard@gmail.com"
moz-do-not-send="true">maureen.hilyard@gmail.com</a><br>
<b>Betreff:</b> Re: [EURO-Discuss] Zoom Structural
Vulnerability Discovered<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div id="bloop_customfont">
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif">First,
a remark: for Adobe, Zoom or other tool providers,
ICANN may not be the single largest client, but it is
certainly a significant one owing to its nature
(quasi-regulatory, multi-stakeholder, some parts
geared to non-commercial users).<o:p></o:p></span></p>
</div>
<div id="bloop_customfont">
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
<div id="bloop_customfont">
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Then,
a recommendation to Chairs of ACs and SOs: ICANN Board
and CEO could be requested to set up a specifications
sheet for a desirable conferencing tool, based on
needs expressed by the multi-stakeholder community,
and publish that as a tender. Offers received could
then be reviewed not only by Staff, but in
consultation with ACs and SOs.<o:p></o:p></span></p>
</div>
<div id="bloop_customfont">
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
<div id="bloop_customfont">
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif">This
would get us closer to what we, collectively, consider
as the appropriate tool for the numerous conference
calls held throughout ICANN.<o:p></o:p></span></p>
</div>
<div id="bloop_customfont">
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
<div id="bloop_customfont">
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Jean-Jacques
Subrenat.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
<p class="airmailon"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Le
10 juillet 2019 à 14:46:20, Paul Rosenzweig (<a
href="mailto:paul.rosenzweig@redbranchconsulting.com"
moz-do-not-send="true">paul.rosenzweig@redbranchconsulting.com</a>)
a écrit:<o:p></o:p></span></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">This is assuredly right. The
change from Adobe to Zoom may, or may not, have
been right for ICANN and for this group for any
number of reasons ranging from cost, to
security, to scalability and utility. But let’s
not romanticize Adobe. They are not a terribly
secure platform generically. As James said, the
Zoom response is poor – but we can’t hang that
around the neck of ICANN org. <o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">P<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Paul Rosenzweig<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"><a
href="mailto:paul.rosenzweig@redbranchconsulting.com"
moz-do-not-send="true"><span
style="color:#0563C1">paul.rosenzweig@redbranchconsulting.com</span></a><o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">O: +1 (202) 547-0660<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">M: +1 (202) 329-9650<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">VOIP: +1 (202) 738-1739<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"><a
href="https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fwww.redbranchconsulting.com&umid=c229a495-2a7d-4cae-9bf7-9903622d5c2e&auth=4e1e2e6e47336e7e6bbb545ae21187b18d0da0ad-0f83b2fc00a6214e49105ca52e5410a6110e8337"
moz-do-not-send="true"><span
style="color:#0563C1">www.redbranchconsulting.com</span></a><o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">My PGP Key: <a
href="https://keys.mailvelope.com/pks/lookup?op=get&search=0x9A830097CA066684"
moz-do-not-send="true"> <span
style="color:#0563C1">https://keys.mailvelope.com/pks/lookup?op=get&search=0x9A830097CA066684</span></a><o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> NCSG-Discuss <<a
href="mailto:NCSG-DISCUSS@LISTSERV.SYR.EDU"
moz-do-not-send="true">NCSG-DISCUSS@LISTSERV.SYR.EDU</a>>
<b>On Behalf Of </b>James Gannon<br>
<b>Sent:</b> Wednesday, July 10, 2019 12:52
AM<br>
<b>To:</b> <a
href="mailto:NCSG-DISCUSS@LISTSERV.SYR.EDU"
moz-do-not-send="true">NCSG-DISCUSS@LISTSERV.SYR.EDU</a><br>
<b>Subject:</b> Re: Zoom Structural
Vulnerability Discovered<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Just want to call out that Adobe
has likely the worst reputation in the entire
tech industry when it comes to security, I
really would not hold them out as either prompt
or without serious issues (I believe they still
hold the record for number of CVSS 9+ vulns).<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Zooms response is poor I agree, but
on a data driven comparison it is a far more
secure platform.<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-family:"Helvetica",sans-serif;color:black"
lang="EN-US">From: </span></b><span
style="font-family:"Helvetica",sans-serif;color:black"
lang="EN-US">NCSG-Discuss <<a
href="mailto:NCSG-DISCUSS@LISTSERV.SYR.EDU"
moz-do-not-send="true">NCSG-DISCUSS@LISTSERV.SYR.EDU</a>>
on behalf of Ayden Férdeline <<a
href="mailto:icann@FERDELINE.COM"
moz-do-not-send="true">icann@FERDELINE.COM</a>><br>
<b>Reply-To: </b>Ayden Férdeline <<a
href="mailto:icann@FERDELINE.COM"
moz-do-not-send="true">icann@FERDELINE.COM</a>><br>
<b>Date: </b>Tuesday, 9 July 2019 at 14:13<br>
<b>To: </b>"<a
href="mailto:NCSG-DISCUSS@LISTSERV.SYR.EDU"
moz-do-not-send="true">NCSG-DISCUSS@LISTSERV.SYR.EDU</a>"
<<a
href="mailto:NCSG-DISCUSS@LISTSERV.SYR.EDU"
moz-do-not-send="true">NCSG-DISCUSS@LISTSERV.SYR.EDU</a>><br>
<b>Subject: </b>Re: Zoom Structural
Vulnerability Discovered</span><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">That is true, but note that this
security researcher notified Zoom of the
exploit and they were in no rush to repair it.
Look at the timeline in the Medium post. They
only sought to fix it after the vulnerability
drew media attention. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Adobe Connect was not perfect but
it met our needs and the occasional security
issues that arose were promptly fixed by Adobe
and never as serious as this one!<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div id="protonmail_mobile_signature_block">
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Best wishes, Ayden<o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">On Tue, Jul 9, 2019 at 18:07, Adeel
Sadiq <<a
href="mailto:11beeasadiq@seecs.edu.pk"
moz-do-not-send="true">11beeasadiq@seecs.edu.pk</a>>
wrote: <o:p></o:p></span></p>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Speaking from a
technical perspective, no software is
perfect or bug-free. Its only a matter of
time a loophole is found and exploited and
eventually patched up. If you think Adobe
Connect or ezTalks were/are free of these
architectural issues, think again! That's
the way we technical community do things. <o:p></o:p></span></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Regards<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Adeel<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Pakistan<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">On Wed, Jul 10, 2019 at 1:37
AM Ayden Férdeline <<a
href="mailto:icann@ferdeline.com"
moz-do-not-send="true">icann@ferdeline.com</a>>
wrote:<o:p></o:p></span></p>
</div>
<blockquote style="border:none;border-left:solid
#CCCCCC 1.0pt;padding:0cm 0cm 0cm
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Unfortunately, uninstalling
the application does not rectify the
situation, due to poor architecture
(acknowledged by Zoom on their blog
today). They are working on a fix, now
that public scrutiny demands one. So
disappointing that ICANN has put us in
this terrible situation. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div
id="gmail-m_4892314735287444777protonmail_mobile_signature_block">
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Ayden<o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">On Tue, Jul 9, 2019 at 16:15,
Vaibhav Aggarwal, Catalyst & Group CEO
<<a href="mailto:va@BLADEBRAINS.COM"
moz-do-not-send="true">va@BLADEBRAINS.COM</a>>
wrote: <o:p></o:p></span></p>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Thanks for this. Till the
next Update, I have removed the Zoom For
Mac Client with immediate effect. <o:p></o:p></span></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Regards,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Vaibhav Aggarwal<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">New Delhi<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"><a
href="http://VaibhavAggarwal.com"
moz-do-not-send="true">VaibhavAggarwal.com</a> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">On Jul 10, 2019, at
12:30 AM, Michael Karanicolas
<<a
href="mailto:mkaranicolas@GMAIL.COM"
moz-do-not-send="true">mkaranicolas@GMAIL.COM</a>>
wrote:<o:p></o:p></span></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Hey - remember
when ICANN switched everyone
from Adobe over to Zoom as a
way of enhancing information
security and data privacy? <o:p></o:p></span></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">"A
vulnerability in the Mac
Zoom Client allows any
malicious website to enable
your camera without your
permission... This
vulnerability allows any
website to forcibly join a
user to a Zoom call, with
their video camera
activated, without the
user's permission. On top of
this, this vulnerability
would have allowed any
webpage to DOS (Denial of
Service) a Mac by repeatedly
joining a user to an invalid
call. Additionally, if
you’ve ever installed the
Zoom client and then
uninstalled it, you still
have a localhost web server
on your machine that will
happily re-install the Zoom
client for you, without
requiring any user
interaction on your behalf
besides visiting a webpage.
This re-install ‘feature’
continues to work to this
day."<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Read more
here: <a
href="https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5"
moz-do-not-send="true">https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5</a><o:p></o:p></span></p>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
</blockquote>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
</blockquote>
</div>
</blockquote>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
ttf mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ttf@atlarge-lists.icann.org" moz-do-not-send="true">ttf@atlarge-lists.icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/ttf" moz-do-not-send="true">https://mm.icann.org/mailman/listinfo/ttf</a>
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a class="moz-txt-link-freetext" href="https://www.icann.org/privacy/policy" moz-do-not-send="true">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a class="moz-txt-link-freetext" href="https://www.icann.org/privacy/tos" moz-do-not-send="true">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</pre>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
ttf mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ttf@atlarge-lists.icann.org">ttf@atlarge-lists.icann.org</a>
<a class="moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/ttf">https://mm.icann.org/mailman/listinfo/ttf</a>
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a class="moz-txt-link-freetext" href="https://www.icann.org/privacy/policy">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a class="moz-txt-link-freetext" href="https://www.icann.org/privacy/tos">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Olivier MJ Crépin-Leblond, PhD
<a class="moz-txt-link-freetext" href="http://www.gih.com/ocl.html">http://www.gih.com/ocl.html</a>
</pre>
</body>
</html>