[technology taskforce] [SPAM:1.4] Re: ZOOM 90-Day Security Plan Progress Report: April 15

Mon Apr 20 12:13:41 UTC 2020

Hi good morning.
I agree with most of the technical reports about Zoom, but we should agree
that growing 10x in a very short time is painful. In my daily job we still
support zoom even if that is for a school district, and try to get ahead of
possible problems.
One alternative that I've been looking at is to develop a very good product
called Jitsi, that is open source, and seems to be working very well
https://jitsi.org/ - but of course, I don't think ICANN at this point can
setup needed servers infrastructure to do video conferencing at the level
we need
Just my two cents. Stay healthy
Adrian

On Mon, Apr 20, 2020 at 3:00 AM Lutz Donnerhacke <lutz at donnerhacke.de>
wrote:

> Correct. Zoom is currently actively examined, other applications are still
> unknown. We all remember the security record of Adobe Flash (base of
> Connect). Yes, zoom is in bad standing right now, but they react in a
> senseful ways. Yes zoom did a bad job in updating their software, we do not
> know anything about alternatives.
>
>
>
> So I’m currently prefer to stick with Zoom for our purposes.
>
>
>
>
>
> *Von:* ttf <ttf-bounces at atlarge-lists.icann.org> *Im Auftrag von *Olivier
> MJ Crépin-Leblond
> *Gesendet:* Sonntag, 19. April 2020 00:54
> *An:* DANIEL NANGHAKA <dndannang at gmail.com>; Alfredo Calderon-Serrano <
> acalderon1 at me.com>
> *Cc:* Technology Taskforce WG <ttf at atlarge-lists.icann.org>
> *Betreff:* [SPAM:1.4] Re: [technology taskforce] ZOOM 90-Day Security
> Plan Progress Report: April 15
>
>
>
> Dear Daniel,
>
> in one week I have seen more security and feature updates in Zoom than in
> 3 years of prior utilisation. There are alternatives to Zoom, but most of
> them have the same faults and can be equally as easy to hack. Some
> alternatives might be better on security but are feature poor and bandwidth
> hungry. Some are worse than Zoom on security and have done nothing to
> address these points, and some alternatives are downright awful to use...
> or "work" only on a single platform.
> Kindest regards,
>
> Olivier
>
> On 18/04/2020 23:33, DANIEL NANGHAKA wrote:
>
> Are we still safe with zoom amidst all the flaws that have been
> identified?
>
>
>
> There was a time when a simple flaw was discover during an ICANN meeting,
> and Adobe Connect was shutdown. Is there an analysis of the effects.
>
> What is the security guarantee that we have on zoom?
>
>
>
> Daniel KN
>
> [image: Das Bild wurde vom Absender entfernt.]ᐧ
>
>
>
> On Sat, 18 Apr 2020 at 17:17, Alfredo Calderon-Serrano via ttf <
> ttf at atlarge-lists.icann.org> wrote:
>
>
> https://blog.zoom.us/wordpress/2020/04/15/90-day-security-plan-progress-report-april-15/
>
>
>
>
>
> The newly released Security icon
> <https://blog.zoom.us/wordpress/2020/04/08/zoom-product-updates-new-security-toolbar-icon-for-hosts-meeting-id-hidden/> in
> the toolbar provides Zoom Meetings hosts and co-hosts with one-click access
> to a number of existing Zoom security features, including Lock Meeting and
> Enable the Waiting Room.
>
> Changes to Zoom’s default settings
>
> We’ve made changes to Zoom’s default meeting settings to improve security
> before a meeting starts. Both meeting passwords and Waiting Rooms are
> enabled by default for our free Basic users and single Pro users, while
> those in our K-12 education program need a password to join a meeting.
> Waiting Rooms also are on by default for those K-12 users.
>
> Enhanced meeting password complexity
>
> Account owners and admins can now configure minimum meeting password
> requirements to include numbers, letters, and special characters, or allow
> only numeric passwords. Free Basic account users will now use alphanumeric
> passwords by default instead of numeric passwords.
>
> Changes to data center routing
>
> Starting April 18, account admins will have the ability to choose whether
> or not their data is routed through specific data center regions, giving
> users more control of their interactions with Zoom’s global network. Learn
> more about the process in our blog post
> <https://blog.zoom.us/wordpress/2020/04/13/coming-april-18-control-your-zoom-data-routing/>
> .
>
> Bug bounty program with Katie Moussouris of Luta Security
>
> Zoom will be working with Luta Security to reboot our bug bounty
> program. Luta Security was founded by Katie Moussouris, who created some of
> the most important vulnerability programs still running today. She started
> Microsoft Vulnerability Research and Symantec Vulnerability Research, and
> also started Microsoft’s and the Pentagon’s bug bounty programs. Luta
> Security will be assessing Zoom’s program holistically with a 90-day “get
> well” plan, which will cover all internal vulnerability handling processes.
> Read more in Katie’s blog post
> <https://www.lutasecurity.com/post/luta-security-and-zoom>.
>
>
>
> Alfredo Calderón
>
>
>
> Sent from my iPad
>
> _______________________________________________
> ttf mailing list
> ttf at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/ttf
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
>
>
>
> _______________________________________________
>
> ttf mailing list
>
> ttf at atlarge-lists.icann.org
>
> https://mm.icann.org/mailman/listinfo/ttf
>
>
>
> _______________________________________________
>
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
>
>
>
> --
>
> Olivier MJ Crépin-Leblond, PhD
>
> http://www.gih.com/ocl.html
>
> _______________________________________________
> ttf mailing list
> ttf at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/ttf
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ttf/attachments/20200420/db785dea/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ttf/attachments/20200420/db785dea/WRD000-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 157621 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ttf/attachments/20200420/db785dea/image001-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 105769 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ttf/attachments/20200420/db785dea/image002-0001.png>