[technology taskforce] [SPAM:1.4] Re: ZOOM 90-Day Security Plan Progress Report: April 15

Satish Babu sbabu at ieee.org
Mon Apr 20 12:18:18 UTC 2020 

Hi

On Mon, Apr 20, 2020 at 5:44 PM Adrian Schmidt <aschmi at gmail.com> wrote:

>
> I agree with most of the technical reports about Zoom, but we should agree
> that growing 10x in a very short time is painful. In my daily job we still
> support zoom even if that is for a school district, and try to get ahead of
> possible problems.
> One alternative that I've been looking at is to develop a very good
> product called Jitsi, that is open source, and seems to be working very
> well https://jitsi.org/ - but of course, I don't think ICANN at this
> point can setup needed servers infrastructure to do video conferencing at
> the level we need
>

Jitsi is indeed a promising alternative, but it doesn't appear to scale
well beyond about 30-35 users as of now. Personally, I'd choose an open
source application wherever possible, so I'm keenly awaiting further
development of this product.

With kind regards,





satish





> On Mon, Apr 20, 2020 at 3:00 AM Lutz Donnerhacke <lutz at donnerhacke.de>
> wrote:
>
>> Correct. Zoom is currently actively examined, other applications are
>> still unknown. We all remember the security record of Adobe Flash (base of
>> Connect). Yes, zoom is in bad standing right now, but they react in a
>> senseful ways. Yes zoom did a bad job in updating their software, we do not
>> know anything about alternatives.
>>
>>
>>
>> So I’m currently prefer to stick with Zoom for our purposes.
>>
>>
>>
>>
>>
>> *Von:* ttf <ttf-bounces at atlarge-lists.icann.org> *Im Auftrag von *Olivier
>> MJ Crépin-Leblond
>> *Gesendet:* Sonntag, 19. April 2020 00:54
>> *An:* DANIEL NANGHAKA <dndannang at gmail.com>; Alfredo Calderon-Serrano <
>> acalderon1 at me.com>
>> *Cc:* Technology Taskforce WG <ttf at atlarge-lists.icann.org>
>> *Betreff:* [SPAM:1.4] Re: [technology taskforce] ZOOM 90-Day Security
>> Plan Progress Report: April 15
>>
>>
>>
>> Dear Daniel,
>>
>> in one week I have seen more security and feature updates in Zoom than in
>> 3 years of prior utilisation. There are alternatives to Zoom, but most of
>> them have the same faults and can be equally as easy to hack. Some
>> alternatives might be better on security but are feature poor and bandwidth
>> hungry. Some are worse than Zoom on security and have done nothing to
>> address these points, and some alternatives are downright awful to use...
>> or "work" only on a single platform.
>> Kindest regards,
>>
>> Olivier
>>
>> On 18/04/2020 23:33, DANIEL NANGHAKA wrote:
>>
>> Are we still safe with zoom amidst all the flaws that have been
>> identified?
>>
>>
>>
>> There was a time when a simple flaw was discover during an ICANN meeting,
>> and Adobe Connect was shutdown. Is there an analysis of the effects.
>>
>> What is the security guarantee that we have on zoom?
>>
>>
>>
>> Daniel KN
>>
>> [image: Das Bild wurde vom Absender entfernt.]ᐧ
>>
>>
>>
>> On Sat, 18 Apr 2020 at 17:17, Alfredo Calderon-Serrano via ttf <
>> ttf at atlarge-lists.icann.org> wrote:
>>
>>
>> https://blog.zoom.us/wordpress/2020/04/15/90-day-security-plan-progress-report-april-15/
>>
>>
>>
>>
>>
>> The newly released Security icon
>> <https://blog.zoom.us/wordpress/2020/04/08/zoom-product-updates-new-security-toolbar-icon-for-hosts-meeting-id-hidden/> in
>> the toolbar provides Zoom Meetings hosts and co-hosts with one-click access
>> to a number of existing Zoom security features, including Lock Meeting and
>> Enable the Waiting Room.
>>
>> Changes to Zoom’s default settings
>>
>> We’ve made changes to Zoom’s default meeting settings to improve security
>> before a meeting starts. Both meeting passwords and Waiting Rooms are
>> enabled by default for our free Basic users and single Pro users, while
>> those in our K-12 education program need a password to join a meeting.
>> Waiting Rooms also are on by default for those K-12 users.
>>
>> Enhanced meeting password complexity
>>
>> Account owners and admins can now configure minimum meeting password
>> requirements to include numbers, letters, and special characters, or allow
>> only numeric passwords. Free Basic account users will now use alphanumeric
>> passwords by default instead of numeric passwords.
>>
>> Changes to data center routing
>>
>> Starting April 18, account admins will have the ability to choose whether
>> or not their data is routed through specific data center regions, giving
>> users more control of their interactions with Zoom’s global network. Learn
>> more about the process in our blog post
>> <https://blog.zoom.us/wordpress/2020/04/13/coming-april-18-control-your-zoom-data-routing/>
>> .
>>
>> Bug bounty program with Katie Moussouris of Luta Security
>>
>> Zoom will be working with Luta Security to reboot our bug bounty
>> program. Luta Security was founded by Katie Moussouris, who created some of
>> the most important vulnerability programs still running today. She started
>> Microsoft Vulnerability Research and Symantec Vulnerability Research, and
>> also started Microsoft’s and the Pentagon’s bug bounty programs. Luta
>> Security will be assessing Zoom’s program holistically with a 90-day “get
>> well” plan, which will cover all internal vulnerability handling processes.
>> Read more in Katie’s blog post
>> <https://www.lutasecurity.com/post/luta-security-and-zoom>.
>>
>>
>>
>> Alfredo Calderón
>>
>>
>>
>> Sent from my iPad
>>
>> _______________________________________________
>> ttf mailing list
>> ttf at atlarge-lists.icann.org
>> https://mm.icann.org/mailman/listinfo/ttf
>>
>> _______________________________________________
>> By submitting your personal data, you consent to the processing of your
>> personal data for purposes of subscribing to this mailing list accordance
>> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
>> the website Terms of Service (https://www.icann.org/privacy/tos). You
>> can visit the Mailman link above to change your membership status or
>> configuration, including unsubscribing, setting digest-style delivery or
>> disabling delivery altogether (e.g., for a vacation), and so on.
>>
>>
>>
>> _______________________________________________
>>
>> ttf mailing list
>>
>> ttf at atlarge-lists.icann.org
>>
>> https://mm.icann.org/mailman/listinfo/ttf
>>
>>
>>
>> _______________________________________________
>>
>> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
>>
>>
>>
>> --
>>
>> Olivier MJ Crépin-Leblond, PhD
>>
>> http://www.gih.com/ocl.html
>>
>> _______________________________________________
>> ttf mailing list
>> ttf at atlarge-lists.icann.org
>> https://mm.icann.org/mailman/listinfo/ttf
>>
>> _______________________________________________
>> By submitting your personal data, you consent to the processing of your
>> personal data for purposes of subscribing to this mailing list accordance
>> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
>> the website Terms of Service (https://www.icann.org/privacy/tos). You
>> can visit the Mailman link above to change your membership status or
>> configuration, including unsubscribing, setting digest-style delivery or
>> disabling delivery altogether (e.g., for a vacation), and so on.
>
> _______________________________________________
> ttf mailing list
> ttf at atlarge-lists.icann.org
> https://mm.icann.org/mailman/listinfo/ttf
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ttf/attachments/20200420/9bf6df9f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ttf/attachments/20200420/9bf6df9f/WRD000-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 157621 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ttf/attachments/20200420/9bf6df9f/image001-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 105769 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ttf/attachments/20200420/9bf6df9f/image002-0001.png>

More information about the ttf mailing list