<div dir="ltr"><div>Interestingly, Apple has pushed a MacOS update to remove the undocumented webserver installed by Zoom <br></div><div><a href="https://arstechnica.com/information-technology/2019/07/silent-mac-update-nukes-dangerous-webserver-installed-by-zoom/">https://arstechnica.com/information-technology/2019/07/silent-mac-update-nukes-dangerous-webserver-installed-by-zoom/</a></div><div><br></div><div><br></div><div>Dev Anand <br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jul 10, 2019 at 3:26 PM Dev Anand Teelucksingh <<a href="mailto:devtee@gmail.com">devtee@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div></div><div>Six Colors blog post "Zoom saved you a click—by giving you a security hole"
: <a href="https://sixcolors.com/post/2019/07/zoom/" target="_blank">https://sixcolors.com/post/2019/07/zoom/</a> <br></div><div>is an excellent short summary of what Zoom did and whether Zoom would learn from this. An excerpt :</div><div><br></div><div>"My guess is that Zoom’s original sin comes out of its corporate
culture, which is focused on competing in a pretty cutthroat industry
with demanding clients (IT managers) and not particularly technically
literate customers (the individual business users). There’s probably a
great fear of losing business to other businesses who can boast about
running video meetings with ever less friction to the user.
<p>And then Apple comes along and introduces a security feature to
Safari that requires a confirmation click when any link in a web browser
attempts to open an external app. Zoom, which likes to pass around web
links as a way of driving users into conference calls, didn’t look at
this security measure as something to help keep their customers
secure—it viewed it as an addition of friction by the platform owner.</p>
<p>Zoom’s response was to build a secret local web server, which allowed
Zoom to rewrite its hyperlinks to connect to a web server instead of an
app—so the web server could bypass Safari’s security and launch the app
without a second click.</p><p>
I use Zoom because it’s a superior product to Skype for the large-panel podcasting that I do,
but this issue gives me pause—and not because of the specific details
of this event. No, it’s for what this says about Zoom’s priorities as a
company. When the platform owner decides that web links shouldn’t open
other apps without an approval click—a pretty sensible security
measure—the corporate response shouldn’t be to bypass that click by
invisibly installing a hidden server that’s a potential security hole"
</p>Also, the blog post Zoom posted in response to the security disclosure (<a href="https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern/" target="_blank">https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern/</a>) was updated several times, in response to the outcry. The July 9 patch to the Zoom app on Mac devices is live at
<a href="https://zoom.us/download?zcid=1231" rel="noopener" target="_blank">zoom.us/download</a> which now removes the local web server entirely, once the Zoom client has been updated and there will be a further update to the Zoom client over the weekend regarding user's preference for video on by default.</div><div><br></div><div>Dev Anand<br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jul 10, 2019 at 2:32 PM Olivier MJ Crépin-Leblond <<a href="mailto:ocl@gih.com" target="_blank">ocl@gih.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
Thanks Judith. You know, in these matters there is often some hype
that makes it bigger than what it actually is, so I'd rather receive
good, quality advice on this, rather than read the hyperbolic
debates on the Internet.<br>
Kindest regards,<br>
<br>
Olivier<br>
<br>
<div class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-cite-prefix">On 10/07/2019 20:26, Judith Hellerstein
wrote:<br>
</div>
<blockquote type="cite">
<p>HI Olivier,</p>
<p>OK will write a note to the Tech team and ask them to do
exactly that. People are just coming back from Vacations so it
is a bit slow. I know I just got last night</p>
<p>Best,</p>
<p>Judith<br>
</p>
<pre class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-signature" cols="80">_________________________________________________________________________
Judith Hellerstein, Founder & CEO
Hellerstein & Associates
3001 Veazey Terrace NW, Washington DC 20008
Phone: (202) 362-5139 Skype ID: judithhellerstein
Mobile/Whats app: +1202-333-6517
E-mail: <a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-abbreviated" href="mailto:Judith@jhellerstein.com" target="_blank">Judith@jhellerstein.com</a> Website: <a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-abbreviated" href="http://www.jhellerstein.com" target="_blank">www.jhellerstein.com</a>
Linked In: <a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-abbreviated" href="http://www.linkedin.com/in/jhellerstein/" target="_blank">www.linkedin.com/in/jhellerstein/</a>
Opening Telecom & Technology Opportunities Worldwide
</pre>
<div class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-cite-prefix">On 7/10/2019 7:22 PM, Olivier MJ
Crépin-Leblond wrote:<br>
</div>
<blockquote type="cite">
Hello all,<br>
<br>
discussions are heating up on the topic of Zoom both in NCSG
mailing list, and on the EURALO discuss mailing list. Isn't this
issue more urgent than waiting for a future TTF call, the date
of which is, at present, not even set?<br>
At least a call from the TTF to ICANN Tech Team to write a Blog
of what their risk assessment is, with regards to this
conferencing technology? In the meantime, conversations about
this are springing up on several other mailing lists...<br>
Kindest regards,<br>
<br>
Olivier<br>
<div class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-forward-container"><br>
<br>
-------- Forwarded Message --------
<table class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-email-headers-table" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
<th valign="BASELINE" nowrap align="RIGHT">Subject:
</th>
<td>AW: [EURO-Discuss] Zoom Structural Vulnerability
Discovered</td>
</tr>
<tr>
<th valign="BASELINE" nowrap align="RIGHT">Date:
</th>
<td>Wed, 10 Jul 2019 14:12:57 +0000</td>
</tr>
<tr>
<th valign="BASELINE" nowrap align="RIGHT">From:
</th>
<td>Mühlberg, Annette <a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-rfc2396E" href="mailto:annette.muehlberg@verdi.de" target="_blank"><annette.muehlberg@verdi.de></a></td>
</tr>
<tr>
<th valign="BASELINE" nowrap align="RIGHT">To:
</th>
<td>Jean-Jacques Subrenat <a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-rfc2396E" href="mailto:jjs@dyalog.net" target="_blank"><jjs@dyalog.net></a>,
<a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-abbreviated" href="mailto:ncsg-discuss@listserv.syr.edu" target="_blank">ncsg-discuss@listserv.syr.edu</a>
<a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-rfc2396E" href="mailto:ncsg-discuss@listserv.syr.edu" target="_blank"><ncsg-discuss@listserv.syr.edu></a>,
Paul Rosenzweig <a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-rfc2396E" href="mailto:paul.rosenzweig@redbranchconsulting.com" target="_blank"><paul.rosenzweig@redbranchconsulting.com></a>,
EURALO LIST <a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-rfc2396E" href="mailto:euro-discuss@atlarge-lists.icann.org" target="_blank"><euro-discuss@atlarge-lists.icann.org></a>,
Olivier MJ Crepin-Leblond <a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-rfc2396E" href="mailto:ocl@gih.com" target="_blank"><ocl@gih.com></a>,
<a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-abbreviated" href="mailto:maureen.hilyard@gmail.com" target="_blank">maureen.hilyard@gmail.com</a>
<a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-rfc2396E" href="mailto:maureen.hilyard@gmail.com" target="_blank"><maureen.hilyard@gmail.com></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<div class="gmail-m_-9029796623803969138gmail-m_3506108938108417377WordSection1">
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif;color:rgb(31,73,125)" lang="EN-US">Dear All,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif;color:rgb(31,73,125)" lang="EN-US">+1 for JJS: </span><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">set up a specifications sheet for a
desirable conferencing tool, based on needs expressed by
the multi-stakeholder community, and publish that as a
tender. Offers received could then be reviewed not only
by Staff, but in consultation with ACs and SOs.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif;color:rgb(31,73,125)" lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif;color:rgb(31,73,125)" lang="EN-US">Such needs include data privacy, technical
stability and preferably open standards.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif;color:rgb(31,73,125)" lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif;color:rgb(31,73,125)" lang="EN-US">Best regards<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif;color:rgb(31,73,125)" lang="EN-US">Annette<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif;color:rgb(31,73,125)" lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11pt;font-family:"Calibri",sans-serif;color:rgb(31,73,125)" lang="EN-US"><u></u> <u></u></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Calibri",sans-serif;color:black">***<u></u><u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:10pt;font-family:"Calibri",sans-serif;color:black">Annette
Mühlberg <u></u><u></u></span></b></p>
</div>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<div>
<div style="border-color:rgb(225,225,225) currentcolor currentcolor;border-style:solid none none;border-width:1pt medium medium;padding:3pt 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:11pt;font-family:"Calibri",sans-serif">Von:</span></b><span style="font-size:11pt;font-family:"Calibri",sans-serif">
EURO-Discuss <a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-rfc2396E" href="mailto:euro-discuss-bounces@atlarge-lists.icann.org" target="_blank"><euro-discuss-bounces@atlarge-lists.icann.org></a>
<b>Im Auftrag von </b>Jean-Jacques Subrenat<br>
<b>Gesendet:</b> Mittwoch, 10. Juli 2019 15:22<br>
<b>An:</b> <a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-abbreviated" href="mailto:ncsg-discuss@listserv.syr.edu" target="_blank">ncsg-discuss@listserv.syr.edu</a>;
Paul Rosenzweig <a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-rfc2396E" href="mailto:paul.rosenzweig@redbranchconsulting.com" target="_blank"><paul.rosenzweig@redbranchconsulting.com></a>;
EURALO LIST <a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-rfc2396E" href="mailto:euro-discuss@atlarge-lists.icann.org" target="_blank"><euro-discuss@atlarge-lists.icann.org></a>;
Olivier MJ Crepin-Leblond <a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-rfc2396E" href="mailto:ocl@gih.com" target="_blank"><ocl@gih.com></a>;
<a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-abbreviated" href="mailto:maureen.hilyard@gmail.com" target="_blank">maureen.hilyard@gmail.com</a><br>
<b>Betreff:</b> Re: [EURO-Discuss] Zoom Structural
Vulnerability Discovered<u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div id="gmail-m_-9029796623803969138gmail-m_3506108938108417377bloop_customfont">
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif">First,
a remark: for Adobe, Zoom or other tool providers,
ICANN may not be the single largest client, but it is
certainly a significant one owing to its nature
(quasi-regulatory, multi-stakeholder, some parts
geared to non-commercial users).<u></u><u></u></span></p>
</div>
<div id="gmail-m_-9029796623803969138gmail-m_3506108938108417377bloop_customfont">
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif"><u></u> <u></u></span></p>
</div>
<div id="gmail-m_-9029796623803969138gmail-m_3506108938108417377bloop_customfont">
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif">Then,
a recommendation to Chairs of ACs and SOs: ICANN Board
and CEO could be requested to set up a specifications
sheet for a desirable conferencing tool, based on
needs expressed by the multi-stakeholder community,
and publish that as a tender. Offers received could
then be reviewed not only by Staff, but in
consultation with ACs and SOs.<u></u><u></u></span></p>
</div>
<div id="gmail-m_-9029796623803969138gmail-m_3506108938108417377bloop_customfont">
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif"><u></u> <u></u></span></p>
</div>
<div id="gmail-m_-9029796623803969138gmail-m_3506108938108417377bloop_customfont">
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif">This
would get us closer to what we, collectively, consider
as the appropriate tool for the numerous conference
calls held throughout ICANN.<u></u><u></u></span></p>
</div>
<div id="gmail-m_-9029796623803969138gmail-m_3506108938108417377bloop_customfont">
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif"><u></u> <u></u></span></p>
</div>
<div id="gmail-m_-9029796623803969138gmail-m_3506108938108417377bloop_customfont">
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif">Jean-Jacques
Subrenat.<u></u><u></u></span></p>
</div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif"><u></u> <u></u></span></p>
<p class="gmail-m_-9029796623803969138gmail-m_3506108938108417377airmailon"><span style="font-size:10pt;font-family:"Helvetica",sans-serif">Le
10 juillet 2019 à 14:46:20, Paul Rosenzweig (<a href="mailto:paul.rosenzweig@redbranchconsulting.com" target="_blank">paul.rosenzweig@redbranchconsulting.com</a>)
a écrit:<u></u><u></u></span></p>
<blockquote style="margin-top:5pt;margin-bottom:5pt">
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">This is assuredly right. The
change from Adobe to Zoom may, or may not, have
been right for ICANN and for this group for any
number of reasons ranging from cost, to
security, to scalability and utility. But let’s
not romanticize Adobe. They are not a terribly
secure platform generically. As James said, the
Zoom response is poor – but we can’t hang that
around the neck of ICANN org. <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">P<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">Paul Rosenzweig<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"><a href="mailto:paul.rosenzweig@redbranchconsulting.com" target="_blank"><span style="color:rgb(5,99,193)">paul.rosenzweig@redbranchconsulting.com</span></a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">O: +1 (202) 547-0660<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">M: +1 (202) 329-9650<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">VOIP: +1 (202) 738-1739<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"><a href="https://smex-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=http%3a%2f%2fwww.redbranchconsulting.com&umid=c229a495-2a7d-4cae-9bf7-9903622d5c2e&auth=4e1e2e6e47336e7e6bbb545ae21187b18d0da0ad-0f83b2fc00a6214e49105ca52e5410a6110e8337" target="_blank"><span style="color:rgb(5,99,193)">www.redbranchconsulting.com</span></a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">My PGP Key: <a href="https://keys.mailvelope.com/pks/lookup?op=get&search=0x9A830097CA066684" target="_blank"> <span style="color:rgb(5,99,193)">https://keys.mailvelope.com/pks/lookup?op=get&search=0x9A830097CA066684</span></a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
</div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
<div>
<div style="border-color:rgb(225,225,225) currentcolor currentcolor;border-style:solid none none;border-width:1pt medium medium;padding:3pt 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">From:</span></b><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> NCSG-Discuss <<a href="mailto:NCSG-DISCUSS@LISTSERV.SYR.EDU" target="_blank">NCSG-DISCUSS@LISTSERV.SYR.EDU</a>>
<b>On Behalf Of </b>James Gannon<br>
<b>Sent:</b> Wednesday, July 10, 2019 12:52
AM<br>
<b>To:</b> <a href="mailto:NCSG-DISCUSS@LISTSERV.SYR.EDU" target="_blank">NCSG-DISCUSS@LISTSERV.SYR.EDU</a><br>
<b>Subject:</b> Re: Zoom Structural
Vulnerability Discovered<u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">Just want to call out that Adobe
has likely the worst reputation in the entire
tech industry when it comes to security, I
really would not hold them out as either prompt
or without serious issues (I believe they still
hold the record for number of CVSS 9+ vulns).<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">Zooms response is poor I agree, but
on a data driven comparison it is a far more
secure platform.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
<div style="border-color:rgb(181,196,223) currentcolor currentcolor;border-style:solid none none;border-width:1pt medium medium;padding:3pt 0cm 0cm">
<p class="MsoNormal"><b><span style="font-family:"Helvetica",sans-serif;color:black" lang="EN-US">From: </span></b><span style="font-family:"Helvetica",sans-serif;color:black" lang="EN-US">NCSG-Discuss <<a href="mailto:NCSG-DISCUSS@LISTSERV.SYR.EDU" target="_blank">NCSG-DISCUSS@LISTSERV.SYR.EDU</a>>
on behalf of Ayden Férdeline <<a href="mailto:icann@FERDELINE.COM" target="_blank">icann@FERDELINE.COM</a>><br>
<b>Reply-To: </b>Ayden Férdeline <<a href="mailto:icann@FERDELINE.COM" target="_blank">icann@FERDELINE.COM</a>><br>
<b>Date: </b>Tuesday, 9 July 2019 at 14:13<br>
<b>To: </b>"<a href="mailto:NCSG-DISCUSS@LISTSERV.SYR.EDU" target="_blank">NCSG-DISCUSS@LISTSERV.SYR.EDU</a>"
<<a href="mailto:NCSG-DISCUSS@LISTSERV.SYR.EDU" target="_blank">NCSG-DISCUSS@LISTSERV.SYR.EDU</a>><br>
<b>Subject: </b>Re: Zoom Structural
Vulnerability Discovered</span><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"><u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">That is true, but note that this
security researcher notified Zoom of the
exploit and they were in no rush to repair it.
Look at the timeline in the Medium post. They
only sought to fix it after the vulnerability
drew media attention. <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">Adobe Connect was not perfect but
it met our needs and the occasional security
issues that arose were promptly fixed by Adobe
and never as serious as this one!<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
</div>
<div id="gmail-m_-9029796623803969138gmail-m_3506108938108417377protonmail_mobile_signature_block">
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">Best wishes, Ayden<u></u><u></u></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
</div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">On Tue, Jul 9, 2019 at 18:07, Adeel
Sadiq <<a href="mailto:11beeasadiq@seecs.edu.pk" target="_blank">11beeasadiq@seecs.edu.pk</a>>
wrote: <u></u><u></u></span></p>
<blockquote style="margin-top:5pt;margin-bottom:5pt">
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">Speaking from a
technical perspective, no software is
perfect or bug-free. Its only a matter of
time a loophole is found and exploited and
eventually patched up. If you think Adobe
Connect or ezTalks were/are free of these
architectural issues, think again! That's
the way we technical community do things. <u></u><u></u></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">Regards<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">Adeel<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">Pakistan<u></u><u></u></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">On Wed, Jul 10, 2019 at 1:37
AM Ayden Férdeline <<a href="mailto:icann@ferdeline.com" target="_blank">icann@ferdeline.com</a>>
wrote:<u></u><u></u></span></p>
</div>
<blockquote style="border-color:currentcolor currentcolor currentcolor rgb(204,204,204);border-style:none none none solid;border-width:medium medium medium 1pt;padding:0cm 0cm 0cm 6pt;margin:5pt 0cm 5pt 4.8pt">
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">Unfortunately, uninstalling
the application does not rectify the
situation, due to poor architecture
(acknowledged by Zoom on their blog
today). They are working on a fix, now
that public scrutiny demands one. So
disappointing that ICANN has put us in
this terrible situation. <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
</div>
<div id="gmail-m_-9029796623803969138gmail-m_3506108938108417377gmail-m_4892314735287444777protonmail_mobile_signature_block">
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">Ayden<u></u><u></u></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
</div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">On Tue, Jul 9, 2019 at 16:15,
Vaibhav Aggarwal, Catalyst & Group CEO
<<a href="mailto:va@BLADEBRAINS.COM" target="_blank">va@BLADEBRAINS.COM</a>>
wrote: <u></u><u></u></span></p>
<blockquote style="margin-top:5pt;margin-bottom:5pt">
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">Thanks for this. Till the
next Update, I have removed the Zoom For
Mac Client with immediate effect. <u></u><u></u></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">Regards,<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">Vaibhav Aggarwal<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">New Delhi<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"><a href="http://VaibhavAggarwal.com" target="_blank">VaibhavAggarwal.com</a> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
<div>
<p class="MsoNormal" style="margin-bottom:12pt"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
<blockquote style="margin-top:5pt;margin-bottom:5pt">
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">On Jul 10, 2019, at
12:30 AM, Michael Karanicolas
<<a href="mailto:mkaranicolas@GMAIL.COM" target="_blank">mkaranicolas@GMAIL.COM</a>>
wrote:<u></u><u></u></span></p>
</div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">Hey - remember
when ICANN switched everyone
from Adobe over to Zoom as a
way of enhancing information
security and data privacy? <u></u><u></u></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">"A
vulnerability in the Mac
Zoom Client allows any
malicious website to enable
your camera without your
permission... This
vulnerability allows any
website to forcibly join a
user to a Zoom call, with
their video camera
activated, without the
user's permission. On top of
this, this vulnerability
would have allowed any
webpage to DOS (Denial of
Service) a Mac by repeatedly
joining a user to an invalid
call. Additionally, if
you’ve ever installed the
Zoom client and then
uninstalled it, you still
have a localhost web server
on your machine that will
happily re-install the Zoom
client for you, without
requiring any user
interaction on your behalf
besides visiting a webpage.
This re-install ‘feature’
continues to work to this
day."<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US">Read more
here: <a href="https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5" target="_blank">https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5</a><u></u><u></u></span></p>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
</div>
</blockquote>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
</div>
</blockquote>
</div>
</blockquote>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Helvetica",sans-serif" lang="EN-US"> <u></u><u></u></span></p>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
<br>
<fieldset class="gmail-m_-9029796623803969138gmail-m_3506108938108417377mimeAttachmentHeader"></fieldset>
<pre class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-quote-pre">_______________________________________________
ttf mailing list
<a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-abbreviated" href="mailto:ttf@atlarge-lists.icann.org" target="_blank">ttf@atlarge-lists.icann.org</a>
<a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/ttf" target="_blank">https://mm.icann.org/mailman/listinfo/ttf</a>
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-freetext" href="https://www.icann.org/privacy/policy" target="_blank">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-freetext" href="https://www.icann.org/privacy/tos" target="_blank">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</pre>
</blockquote>
<br>
<fieldset class="gmail-m_-9029796623803969138gmail-m_3506108938108417377mimeAttachmentHeader"></fieldset>
<pre class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-quote-pre">_______________________________________________
ttf mailing list
<a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-abbreviated" href="mailto:ttf@atlarge-lists.icann.org" target="_blank">ttf@atlarge-lists.icann.org</a>
<a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-freetext" href="https://mm.icann.org/mailman/listinfo/ttf" target="_blank">https://mm.icann.org/mailman/listinfo/ttf</a>
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-freetext" href="https://www.icann.org/privacy/policy" target="_blank">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-freetext" href="https://www.icann.org/privacy/tos" target="_blank">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</pre>
</blockquote>
<br>
<pre class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-signature" cols="72">--
Olivier MJ Crépin-Leblond, PhD
<a class="gmail-m_-9029796623803969138gmail-m_3506108938108417377moz-txt-link-freetext" href="http://www.gih.com/ocl.html" target="_blank">http://www.gih.com/ocl.html</a>
</pre>
</div>
_______________________________________________<br>
ttf mailing list<br>
<a href="mailto:ttf@atlarge-lists.icann.org" target="_blank">ttf@atlarge-lists.icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/ttf" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/ttf</a><br>
<br>
_______________________________________________<br>
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://www.icann.org/privacy/policy" rel="noreferrer" target="_blank">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a href="https://www.icann.org/privacy/tos" rel="noreferrer" target="_blank">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</blockquote></div>
</blockquote></div>