<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hello all,<br>
<br>
discussions are heating up on the topic of Zoom both in NCSG mailing
list, and on the EURALO discuss mailing list. Isn't this issue more
urgent than waiting for a future TTF call, the date of which is, at
present, not even set?<br>
At least a call from the TTF to ICANN Tech Team to write a Blog of
what their risk assessment is, with regards to this conferencing
technology? In the meantime, conversations about this are springing
up on several other mailing lists...<br>
Kindest regards,<br>
<br>
Olivier<br>
<div class="moz-forward-container"><br>
<br>
-------- Forwarded Message --------
<table class="moz-email-headers-table" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Subject:
</th>
<td>AW: [EURO-Discuss] Zoom Structural Vulnerability
Discovered</td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Date: </th>
<td>Wed, 10 Jul 2019 14:12:57 +0000</td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">From: </th>
<td>Mühlberg, Annette <a class="moz-txt-link-rfc2396E" href="mailto:annette.muehlberg@verdi.de"><annette.muehlberg@verdi.de></a></td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">To: </th>
<td>Jean-Jacques Subrenat <a class="moz-txt-link-rfc2396E" href="mailto:jjs@dyalog.net"><jjs@dyalog.net></a>,
<a class="moz-txt-link-abbreviated" href="mailto:ncsg-discuss@listserv.syr.edu">ncsg-discuss@listserv.syr.edu</a>
<a class="moz-txt-link-rfc2396E" href="mailto:ncsg-discuss@listserv.syr.edu"><ncsg-discuss@listserv.syr.edu></a>, Paul Rosenzweig
<a class="moz-txt-link-rfc2396E" href="mailto:paul.rosenzweig@redbranchconsulting.com"><paul.rosenzweig@redbranchconsulting.com></a>, EURALO
LIST <a class="moz-txt-link-rfc2396E" href="mailto:euro-discuss@atlarge-lists.icann.org"><euro-discuss@atlarge-lists.icann.org></a>, Olivier
MJ Crepin-Leblond <a class="moz-txt-link-rfc2396E" href="mailto:ocl@gih.com"><ocl@gih.com></a>,
<a class="moz-txt-link-abbreviated" href="mailto:maureen.hilyard@gmail.com">maureen.hilyard@gmail.com</a>
<a class="moz-txt-link-rfc2396E" href="mailto:maureen.hilyard@gmail.com"><maureen.hilyard@gmail.com></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.airmailon, li.airmailon, div.airmailon
{mso-style-name:airmail_on;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.E-MailFormatvorlage19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US">Dear All,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US">+1 for JJS:
</span><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">set up a specifications sheet for a desirable
conferencing tool, based on needs expressed by the
multi-stakeholder community, and publish that as a tender.
Offers received could then be reviewed not only by Staff,
but in consultation with ACs and SOs.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US">Such needs include data privacy, technical
stability and preferably open standards.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US">Best regards<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US">Annette<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"
lang="EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">***<o:p></o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:black">Annette
Mühlberg
<o:p></o:p></span></b></p>
</div>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Von:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">
EURO-Discuss
<a class="moz-txt-link-rfc2396E" href="mailto:euro-discuss-bounces@atlarge-lists.icann.org"><euro-discuss-bounces@atlarge-lists.icann.org></a>
<b>Im Auftrag von </b>Jean-Jacques Subrenat<br>
<b>Gesendet:</b> Mittwoch, 10. Juli 2019 15:22<br>
<b>An:</b> <a class="moz-txt-link-abbreviated" href="mailto:ncsg-discuss@listserv.syr.edu">ncsg-discuss@listserv.syr.edu</a>; Paul
Rosenzweig
<a class="moz-txt-link-rfc2396E" href="mailto:paul.rosenzweig@redbranchconsulting.com"><paul.rosenzweig@redbranchconsulting.com></a>; EURALO
LIST <a class="moz-txt-link-rfc2396E" href="mailto:euro-discuss@atlarge-lists.icann.org"><euro-discuss@atlarge-lists.icann.org></a>;
Olivier MJ Crepin-Leblond <a class="moz-txt-link-rfc2396E" href="mailto:ocl@gih.com"><ocl@gih.com></a>;
<a class="moz-txt-link-abbreviated" href="mailto:maureen.hilyard@gmail.com">maureen.hilyard@gmail.com</a><br>
<b>Betreff:</b> Re: [EURO-Discuss] Zoom Structural
Vulnerability Discovered<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div id="bloop_customfont">
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif">First,
a remark: for Adobe, Zoom or other tool providers, ICANN
may not be the single largest client, but it is certainly
a significant one owing to its nature (quasi-regulatory,
multi-stakeholder, some parts geared to non-commercial
users).<o:p></o:p></span></p>
</div>
<div id="bloop_customfont">
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
<div id="bloop_customfont">
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Then,
a recommendation to Chairs of ACs and SOs: ICANN Board and
CEO could be requested to set up a specifications sheet
for a desirable conferencing tool, based on needs
expressed by the multi-stakeholder community, and publish
that as a tender. Offers received could then be reviewed
not only by Staff, but in consultation with ACs and SOs.<o:p></o:p></span></p>
</div>
<div id="bloop_customfont">
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
<div id="bloop_customfont">
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif">This
would get us closer to what we, collectively, consider as
the appropriate tool for the numerous conference calls
held throughout ICANN.<o:p></o:p></span></p>
</div>
<div id="bloop_customfont">
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
</div>
<div id="bloop_customfont">
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Jean-Jacques
Subrenat.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"><o:p> </o:p></span></p>
<p class="airmailon"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif">Le
10 juillet 2019 à 14:46:20, Paul Rosenzweig (<a
href="mailto:paul.rosenzweig@redbranchconsulting.com"
moz-do-not-send="true">paul.rosenzweig@redbranchconsulting.com</a>)
a écrit:<o:p></o:p></span></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">This is assuredly right. The change
from Adobe to Zoom may, or may not, have been right
for ICANN and for this group for any number of
reasons ranging from cost, to security, to
scalability and utility. But let’s not romanticize
Adobe. They are not a terribly secure platform
generically. As James said, the Zoom response is
poor – but we can’t hang that around the neck of
ICANN org. <o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">P<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Paul Rosenzweig<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"><a
href="mailto:paul.rosenzweig@redbranchconsulting.com"
moz-do-not-send="true"><span
style="color:#0563C1">paul.rosenzweig@redbranchconsulting.com</span></a><o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">O: +1 (202) 547-0660<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">M: +1 (202) 329-9650<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">VOIP: +1 (202) 738-1739<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"><a
href="https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fwww.redbranchconsulting.com&umid=c229a495-2a7d-4cae-9bf7-9903622d5c2e&auth=4e1e2e6e47336e7e6bbb545ae21187b18d0da0ad-0f83b2fc00a6214e49105ca52e5410a6110e8337"
moz-do-not-send="true"><span
style="color:#0563C1">www.redbranchconsulting.com</span></a><o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">My PGP Key:
<a
href="https://keys.mailvelope.com/pks/lookup?op=get&search=0x9A830097CA066684"
moz-do-not-send="true">
<span style="color:#0563C1">https://keys.mailvelope.com/pks/lookup?op=get&search=0x9A830097CA066684</span></a><o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">From:</span></b><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> NCSG-Discuss <<a
href="mailto:NCSG-DISCUSS@LISTSERV.SYR.EDU"
moz-do-not-send="true">NCSG-DISCUSS@LISTSERV.SYR.EDU</a>>
<b>On Behalf Of </b>James Gannon<br>
<b>Sent:</b> Wednesday, July 10, 2019 12:52 AM<br>
<b>To:</b> <a
href="mailto:NCSG-DISCUSS@LISTSERV.SYR.EDU"
moz-do-not-send="true">NCSG-DISCUSS@LISTSERV.SYR.EDU</a><br>
<b>Subject:</b> Re: Zoom Structural
Vulnerability Discovered<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Just want to call out that Adobe has
likely the worst reputation in the entire tech
industry when it comes to security, I really would
not hold them out as either prompt or without
serious issues (I believe they still hold the record
for number of CVSS 9+ vulns).<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Zooms response is poor I agree, but on
a data driven comparison it is a far more secure
platform.<o:p></o:p></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span
style="font-family:"Helvetica",sans-serif;color:black"
lang="EN-US">From:
</span></b><span
style="font-family:"Helvetica",sans-serif;color:black"
lang="EN-US">NCSG-Discuss <<a
href="mailto:NCSG-DISCUSS@LISTSERV.SYR.EDU"
moz-do-not-send="true">NCSG-DISCUSS@LISTSERV.SYR.EDU</a>>
on behalf of Ayden Férdeline <<a
href="mailto:icann@FERDELINE.COM"
moz-do-not-send="true">icann@FERDELINE.COM</a>><br>
<b>Reply-To: </b>Ayden Férdeline <<a
href="mailto:icann@FERDELINE.COM"
moz-do-not-send="true">icann@FERDELINE.COM</a>><br>
<b>Date: </b>Tuesday, 9 July 2019 at 14:13<br>
<b>To: </b>"<a
href="mailto:NCSG-DISCUSS@LISTSERV.SYR.EDU"
moz-do-not-send="true">NCSG-DISCUSS@LISTSERV.SYR.EDU</a>"
<<a href="mailto:NCSG-DISCUSS@LISTSERV.SYR.EDU"
moz-do-not-send="true">NCSG-DISCUSS@LISTSERV.SYR.EDU</a>><br>
<b>Subject: </b>Re: Zoom Structural Vulnerability
Discovered</span><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">That is true, but note that this
security researcher notified Zoom of the exploit
and they were in no rush to repair it. Look at the
timeline in the Medium post. They only sought to
fix it after the vulnerability drew media
attention. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Adobe Connect was not perfect but it
met our needs and the occasional security issues
that arose were promptly fixed by Adobe and never
as serious as this one!<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div id="protonmail_mobile_signature_block">
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Best wishes, Ayden<o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">On Tue, Jul 9, 2019 at 18:07, Adeel
Sadiq <<a href="mailto:11beeasadiq@seecs.edu.pk"
moz-do-not-send="true">11beeasadiq@seecs.edu.pk</a>>
wrote: <o:p></o:p></span></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Speaking from a
technical perspective, no software is perfect or
bug-free. Its only a matter of time a loophole
is found and exploited and eventually patched
up. If you think Adobe Connect or ezTalks
were/are free of these architectural issues,
think again! That's the way we technical
community do things.
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Regards<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Adeel<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Pakistan<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">On Wed, Jul 10, 2019 at 1:37 AM
Ayden Férdeline <<a
href="mailto:icann@ferdeline.com"
moz-do-not-send="true">icann@ferdeline.com</a>>
wrote:<o:p></o:p></span></p>
</div>
<blockquote style="border:none;border-left:solid
#CCCCCC 1.0pt;padding:0cm 0cm 0cm
6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Unfortunately, uninstalling the
application does not rectify the situation,
due to poor architecture (acknowledged by
Zoom on their blog today). They are working
on a fix, now that public scrutiny demands
one. So disappointing that ICANN has put us
in this terrible situation. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div
id="gmail-m_4892314735287444777protonmail_mobile_signature_block">
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Ayden<o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">On Tue, Jul 9, 2019 at 16:15,
Vaibhav Aggarwal, Catalyst & Group CEO
<<a href="mailto:va@BLADEBRAINS.COM"
moz-do-not-send="true">va@BLADEBRAINS.COM</a>>
wrote: <o:p></o:p></span></p>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Thanks for this. Till the next
Update, I have removed the Zoom For Mac
Client with immediate effect.
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Regards,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Vaibhav Aggarwal<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">New Delhi<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"><a
href="http://VaibhavAggarwal.com"
moz-do-not-send="true">VaibhavAggarwal.com</a> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
<blockquote
style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">On Jul 10, 2019, at
12:30 AM, Michael Karanicolas <<a
href="mailto:mkaranicolas@GMAIL.COM" moz-do-not-send="true">mkaranicolas@GMAIL.COM</a>>
wrote:<o:p></o:p></span></p>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
<div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Hey - remember when
ICANN switched everyone from Adobe
over to Zoom as a way of enhancing
information security and data
privacy? <o:p></o:p></span></p>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">"A vulnerability in
the Mac Zoom Client allows any
malicious website to enable your
camera without your
permission... This vulnerability
allows any website to forcibly
join a user to a Zoom call, with
their video camera activated,
without the user's permission.
On top of this, this
vulnerability would have allowed
any webpage to DOS (Denial of
Service) a Mac by repeatedly
joining a user to an invalid
call. Additionally, if you’ve
ever installed the Zoom client
and then uninstalled it, you
still have a localhost web
server on your machine that will
happily re-install the Zoom
client for you, without
requiring any user interaction
on your behalf besides visiting
a webpage. This re-install
‘feature’ continues to work to
this day."<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US">Read more here: <a
href="https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5"
moz-do-not-send="true">https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5</a><o:p></o:p></span></p>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
</blockquote>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
</blockquote>
</div>
</blockquote>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:10.0pt;font-family:"Helvetica",sans-serif"
lang="EN-US"> <o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</body>
</html>