.png "back to home page")
Zoom, the videoconferencing app, said today that it would turn off a data-mining feature that could be used to snoop on meeting participants after inquiries from The Times https://t.co/ekpJRXtExy
— NYT Business (@nytimesbusiness) April 2, 2020
Just when I thought it will very difficult for any company to beat the hockey stick growth of @uber but this is just bonkers and from an enterprise company at that https://t.co/foxmCregoz
— Ankit Agarwal (@Ankit_A) April 2, 2020
Hi @zoom_us & @NCSC - here is an example of exploiting the Zoom Windows client using UNC path injection to expose credentials for use in SMBRelay attacks. The screen shot below shows an example UNC path link and the credentials being exposed (redacted). pic.twitter.com/gjWXas7TMO
— Hacker Fantastic (@hackerfantastic) March 31, 2020
Until today, a feature on Zoom allowed some participants to access LinkedIn profile data about other users — without Zoom asking for their permission or even notifying them that someone else was snooping on them https://t.co/urH4nn7EFA
— The New York Times (@nytimes) April 2, 2020
Zoom's ability to scale on this level is unprecedented. https://t.co/rRhaokQNPQ
— Joshua Gans (@joshgans) April 2, 2020
Daily users before the pandemic:
— Derek Thompson (@DKThomp) April 2, 2020
Skype: 23 million
Zoom: 10 million
Daily users after the pandemic:
Skype: 40 million
Zoom: 200 million https://t.co/93m85MgPeJ
This is great to hear! Well done Zoom! Zoom announces 90-day feature freeze to fix privacy and security issues https://t.co/5hq0F2Pdw1 via @Verge
— Stephen L Rose (@stephenlrose) April 2, 2020
This is pretty good, tbh. They've addressed a number of key concerns. Committing to a transparency report & ending the sketchy "attention tracking" thing is big
— Evan Greer (@evan_greer) April 2, 2020
BUT: they need to implement end to end encryption for all meetings. without that, the service will never truly be safe https://t.co/mAjNNaeCsN
Pretty cool, clear, transparent and fast communication here from @ericsyuan about security at @zoom_us and managing its recent phenomenal growth. ??? https://t.co/UYQ37BZw2Y
— Peter Botting (@peterbotting) April 2, 2020
Pretty sure that if they were still at 10M DAUs, their repeated security failures would have made a lot of people switch to something else.
— Nicolas Magand (@nicolasmagand) April 2, 2020
Now with 200M+, it becomes harder to switch, as most of your contacts need to switch too.
Security failures probably won’t hurt them now. https://t.co/ormvBiGUAU
Good read and response from Zoom.
— Dave Kennedy (ReL1K) (@HackingDave) April 2, 2020
As mentioned earlier they are handling this the right way.
Zero day dropped March 30th - fixed April 1st. UNC issue fixed and more.
Impressive.
Lots of communication and clarity - that’s a good thing.https://t.co/Qo9NarzI9K
I was stunned Zoom’s servers hadn’t been crushed by increased traffic before this, but 20x growth in 3 months without the whole system exploding is amazing. This’ll be a case study in scaling for the ages. https://t.co/7aVCgO52S3
— Ellen Shapiro (@designatednerd) April 2, 2020
The good news is that flaw only impacts Mac users. The bad news is that this one impacts PC users: https://t.co/NgybYf637a
— Troy Hunt (@troyhunt) April 1, 2020
there's a lesson here… not sure what that lesson is yet, but there's a lesson -- "Privacy experts said the company seemed to value ease of use … over instituting default user protections." https://t.co/lZZutTsu5u
— Rogue P. Bigham (@jeffbigham) April 2, 2020
Zoom announces several changes, such as a "feature freeze" and moving all engineering resources to fixing privacy and security issues; enhancing its bug bounty program https://t.co/RpiyAbjSoA pic.twitter.com/ekr4XJYxOn
— Joseph Cox (@josephfcox) April 2, 2020
Nice pro-active response from Zoom about the security issues recently uncovered. Contrast this with how @Voatz responded recently when MIT researchers found issues with its mobile voting app and it went into attack mode against the researchers. https://t.co/DH78z0c9Rz
— Kim Zetter (@KimZetter) April 2, 2020
Zoom had 10M DAU in Dec compared to 200M DAU now. Wow. ? https://t.co/Orz9vXeWMq
— Darren Herman (@dherman76) April 2, 2020
"However, we recognize that we have fallen short of the community’s – and our own – privacy and security expectations. For that, I am deeply sorry, and I want to share what we are doing about it." - Eric S. Yuan Founder and CEO, Zoomhttps://t.co/K6YJEQTWp9
— Brian Lesser (@bdlesser) April 2, 2020
We appreciate the scrutiny and questions we have been getting – about how the service works, about our infrastructure and capacity, and about our privacy and security policies. These are the questions that will make Zoom better [Blog Post] https://t.co/tDcWxRIF2V by @ericsyuan
— Zoom (@zoom_us) April 2, 2020
#Zoom chat allows you to post links such as \\x.x.x.x\xyz to attempt to capture Net-NTLM hashes if clicked by other users.
— Mitch (@_g0dmode) March 23, 2020
Zoom: “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home...” https://t.co/IBuRfuM3mO
— Ryan Naraine (@ryanaraine) April 2, 2020
This is an appropriate response, and I love the @zoom_us product. But it is at least 100x harder to add security and privacy after the fact than building it in from the start. Should give everyone rapidly rolling out Covid19 response tech some pause. https://t.co/GRGvZYi86w
— James Monaghan (@james_monaghan) April 2, 2020
Zoom: [We are] “Enacting a feature freeze, effectively immediately, and shifting all our engineering resources to focus on our biggest trust, safety, and privacy issues.” https://t.co/ml3iNZgYZo
— John Wilander (@johnwilander) April 2, 2020
“While we never intended to deceive any of our customers, we recognize that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it”, you don’t say. I still am not clear what‘s up after reading this https://t.co/toqkZ157sd
— DHH (@dhh) April 2, 2020
New - Guess who spent over $1 million on Zoom tech in just a few days? CDC, FEMA and NIH. As in all the US gov bodies responding to the coronavirus crisis.
— Thomas Brewster (@iblametom) April 2, 2020
This is where Zoom security and privacy needs to be much better.https://t.co/C3X3hEvxaZ
I have questions. https://t.co/yOUmso41pY
— Rep. Mike Gallagher (@RepGallagher) April 2, 2020
Zoom has disabled a feature that was exposing users’ LinkedIn profiles https://t.co/x9tXKyq66b pic.twitter.com/eAqIild54c
— The Verge (@verge) April 2, 2020
They're working on it. All of it. https://t.co/4LdCvFy4eV
— FutureShift (@futureshift) April 2, 2020
Voila! Confirmation Zoom went from 10 million max daily users in Dec to 200 million in March. Phenomenal upscaling required. Has anything (high bandwidth) EVER grown so fast?
— Jerry Daykin (@jdaykin) April 2, 2020
Interesting article on how Zoom is responding to privacy & security challenges: https://t.co/ekbS0e2Chr
Zoom falls more than 12% as CEO apologizes for security lapses, says daily users spiked to 200 million in March https://t.co/aVNlPD4XCH
— CNBC Tech (@CNBCtech) April 2, 2020
Zoom vows to win back user trust with extensive security review https://t.co/baFjWBGR8O via @ric9871ric #retweet #pleaseretweet pic.twitter.com/6t2WZWDhAK
— Ric Olsen (@Ric9871Ric) April 2, 2020
A Zoom Meeting For Women Of Color Was Hijacked By Trolls Shouting The N-Word #SmartNews https://t.co/plHxm3CpaQ
— Queens Child Project Project Manager (@SoloChills) April 2, 2020
She was hosting a Zoom meeting for professional women of color, a way to connect and unwind during the pandemic.
— Salvador Hernandez (@SalHernandez) April 2, 2020
It got hijacked by trolls yelling the N-word at her https://t.co/NphcpyajNt
I’ve tweeted a lot of things about preventing online harassment. It’s as simple as asking “what’s the worst thing someone could do with this feature?” AND THEN FIXING IT. There is ZERO excuse for not anticipating this https://t.co/9jF3vqvh48
— Danielle Leong (@tsunamino) April 2, 2020
A Zoom Meeting For Women Of Color Was Hijacked By Trolls Shouting The N-Word https://t.co/Liv2KClDHd via @salhernandez
— David Mack (@davidmackau) April 2, 2020
A Zoom Meeting For Women Of Color Was Hijacked By Trolls Shouting The N-Word
— Hamza Shaban (@hshaban) April 2, 2020
Via @SalHernandez https://t.co/LEXa4KrhSI
Wow, now reading more. This is a real thing that is starting to happen more and more: https://t.co/cq2OPPzSU1
— Johanna Bozuwa (@johannabozuwa) April 2, 2020
$ZM (-5.1% pre) Intruders are hijacking Zoom calls with noise and gross images — here’s how to avoid becoming a victim of ‘zoombombing’ - CNBChttps://t.co/Cxehk9GIAe
— Open Outcrier (@OpenOutcrier) April 2, 2020
Tech companies take privacy "extremely seriously" ... once journalists reveal problematic aspects of products *working as they were designed*. Again. https://t.co/EstfCv6jyL
— John Keefe (@jkeefe) April 2, 2020
A Zoom feature “...allowed some participants to surreptitiously access LinkedIn profile data about other users — without Zoom asking for their permission during the meeting or even notifying them that someone else was snooping on them.” ? ht @joelwinston https://t.co/vvymGYWkzr
— All I don't wanna do is zoom-a-zoom-zoom-zoom (@hypervisible) April 2, 2020
Can't wait for Zoom to explain why it was doing "undisclosed data mining" all this time.https://t.co/HT4N5VgvH0
— Zack Whittaker (@zackwhittaker) April 2, 2020
A Feature on Zoom Secretly Displayed Data From People’s LinkedIn Profiles https://t.co/1A3IkHJJ12
— Mαtt Thomαs (@mattthomas) April 2, 2020
Oh hey look, Zoom is having to remove a data mining tool connected to LinkedIn it hadn't really revealed to most of its customers. Funny, that.https://t.co/phnf28wj1w
— Christopher S. Rice, Ph.D. (@refuturing) April 2, 2020
1/ In 2018, Zoom began allowing certain users to covertly access LinkedIn profile data about other meeting participants — without notifying them.
— Natasha Singer (@natashanyt) April 2, 2020
Even if a person used a pseudonym, the Zoom system could identify them and link them to their profile data.https://t.co/BUVtcDY5TM
6. 맥 해킹 https://t.co/Y05hOgIetl
— lunamoth (@lunamoth) April 2, 2020
7. 익명 유저 링크드인 확인 https://t.co/nkjpB9LHVX
“even when [signing] in to a Zoom meeting under [Anonymous,] the data-mining tool was able to instantly match him to his LinkedIn profile...[disclosing] the reporter’s real name to another user, overriding his efforts to keep it private.” https://t.co/skdCmpwA6E
— Kim Zetter (@KimZetter) April 2, 2020
Also, they stopped using the malware-like trick to avoid asking for permissions before installing the app on OSX. If they keep this up, and systemically remove all despicable features/tricks/deception, they will eventually uncover a usable service! https://t.co/4rcjxGexSg
— DHH (@dhh) April 2, 2020
Zoom is moving quickly to fix its “malware-like” macOS installer with a new update today. It comes just 2 days after the issues were highlighted on Twitter by @c1truz_ Details here: https://t.co/QdugjElfAp pic.twitter.com/Nxtsl2HyrJ
— Tom Warren (@tomwarren) April 2, 2020
Great leadership, on display, at @zoom_us - Now, set and keep the bar in the right place so this kind of thing is only a story to learn from in your history. https://t.co/XvNRiRYZoM
— John MacFarlane (@JohnLMacFarlane) April 2, 2020
Zoom quickly fixes "malware-like" macOS installer with new update https://t.co/6rhx9xvLMH pic.twitter.com/iHsQCYhvJG
— The Verge (@verge) April 2, 2020
Security woes, privacy controversies, and trolling incidents have marred Zoom's star turn during the coronavirus outbreak. https://t.co/PS1poVqWLh
— Axios (@axios) April 2, 2020
There have been multiple vulnerabilities found in #Zoom . I would recommend staying away from Zoom right now until they fix the issues. I would use an alternative such as #Google #Hangouts or #Skype. Don't let attackers sit in your meetings be #smart. https://t.co/jq7BnWh8Kz
— OpSec Monkey (@wtfopsecmonkey) April 2, 2020
Attackers can use Zoom to steal users’ Windows credentials with no warning https://t.co/2ywnKkNAt6
— Graham Cluley (@gcluley) April 1, 2020
today is a garbage fire for Zoom security.
— yan (@bcrypt) April 1, 2020
* MacOS root priv-esc & code injection to access mic/camera by @patrickwardle https://t.co/663AvVOZHc
* stealing Windows credentials https://t.co/eWyAqZ1tse @dangoodin001
* leaking emails/pics https://t.co/cISzZn77aO @josephfcox
Zoom for Windows converts network locations into clickable links. What could go wrong? Oh yeah... this:https://t.co/Mmy9OQiMQX
— Tom?\(^-^)/ (@TomLawrenceTech) April 1, 2020
also zoom has dangerous bugs like this https://t.co/QdSvejGGHd
— ??♀️ Chanda #COLA4ALL Prescod-Weinstein ??♀️ (@IBJIYONGI) April 2, 2020
Attackers can use Zoom to steal users’ Windows credentials with no warning | Ars Technica https://t.co/0BRW2vi6Fx
— Kristy Milland, MA (@TurkerNational) April 2, 2020
Series of Tubes: @SenBlumenthal Is Super Mad That Zoom Isn't Actually Offering The End To End Encryption His Law Will Outlaw https://t.co/3Fe8xtKAH5 via @Techdirt
— Kevin Carson (@KevinCarson1) April 2, 2020
Zoom Lets Attackers Steal Windows Credentials, Run Programs via UNC Links #informationtechnology #cyberwarfare #ethicalhacking #hacking #security #infosec #cybersecurity #informationsecurity #cyberattack #cloudsecurity #cyberdefense #cybercrime https://t.co/gdtI8BvP9w
— Dr.FarFar ???? (@3XS0) April 2, 2020
#Zoom Client Leaks #Windows Login Credentials to Attackers https://t.co/LjO0ECozCr pic.twitter.com/5Jf8j3WeG9
— TEAM CYMRU (@teamcymru) April 2, 2020
#Zoom Lets Attackers Steal Windows Credentials, Run Programs via UNC Links https://t.co/ozed1MIhkj pic.twitter.com/st7718mTM7
— BTshell (@BTshell) April 2, 2020
Zoom今すぐ消したいんだが
— をるふ@きむD (@wolf_cpp) April 2, 2020
オンライン飲み会やるとか言ってるけど消していいよね?だめ? https://t.co/mbXEn1ldUB
줌은 개인 정보 보호 및 보안 실수로 인해 '죄송합니다'. https://t.co/50YbDgT51J
— editoy (@editoy) April 3, 2020
Zoom has disabled a feature that was exposing users’ LinkedIn profiles https://t.co/ObtboWuuwy pic.twitter.com/3wmO2pDR5e
— The Verge (@verge) April 3, 2020
Zoom has disabled a feature that was exposing users’ LinkedIn profiles https://t.co/Vif09qOyA4
— Bryan Herbert ?? (@KE6ZGP) April 3, 2020
Zoom Removes Data-Mining LinkedIn Feature: https://t.co/tTE68G1EPa
— The Cyber Security Hub (@TheCyberSecHub) April 2, 2020
Zoomは広範なセキュリティレビューでユーザーの信頼を取り戻すと誓約https://t.co/64TmQQzXy2
— ポル之助のゲームニュース (@pornoski_news) April 3, 2020
OMG this happened to me, they just put our story @BuzzFeedNews https://t.co/bm7iT8k0rC so crazy and sorry this happened to you too ?
— Dr. Tiara Moore (@curly_scientist) April 2, 2020
"When people signed in to a meeting, @zoom_us’s software automatically sent names and email addresses to a system it used to match them with their @LinkedIn profiles..."
— Stiftung Datenschutz (@DS_Stiftung) April 3, 2020
- there seem to be some more issues to be clarified regarding #Zoom & #Privacy ...https://t.co/1dfG6fRZ4T
A Feature on Zoom Secretly Displayed Data From People's LinkedIn Profiles - The New York Times https://t.co/BExIiyDCKG
— Evan Kirstel #StayHome #RemoteWork (@evankirstel) April 3, 2020
LinkedIn too? I tried to warn you. A Feature on Zoom Secretly Displayed Data From People’s LinkedIn Profiles https://t.co/8bU8BxQWHs
— Lynn Shaw (@LynnShawProd) April 3, 2020
"when people signed in to a meeting, Zoom’s software automatically sent their names and email addresses to a company system it used to match them with their LinkedIn profiles."https://t.co/guWj7uAZUa
— hakan (@hatr) April 3, 2020
“A Feature on Zoom Secretly Displayed Data From People’s LinkedIn Profiles” https://t.co/YFckFwl43z
— Frederik Borgesius (@fborgesius) April 2, 2020
Zoom quickly fixes "malware-like" macOS installer with new update https://t.co/ysKpMNLMOC pic.twitter.com/uxCdRa5fKQ
— The Verge (@verge) April 3, 2020
Credit where credit is due: Zoom appears to have pushed an update this morning to change the macOS installer's malware-like behavior.
— Christopher S. Rice, Ph.D. (@refuturing) April 2, 2020
Well done. Now, please fix the Meeting ID issue with a more difficult to guess/hashed approach. https://t.co/TOuoAOlmPS
Attackers can use Zoom to steal users’ Windows credentials with no warning https://t.co/WST2HCJ77F
— Evan Kirstel #StayHome #RemoteWork (@evankirstel) April 1, 2020
#cybersecurity #zoom #securityrisk
— MJTechnologies LLC (@MJTechLLC) April 3, 2020
Ars Technica: Attackers can use Zoom to steal users’ Windows credentials with no warning. https://t.co/tfJwmQFry6
#zoom is #proprietarySoftware and mass #surveillance so avoid it like you avoid #gafam (Pentagon/PRISM) https://t.co/cnTkinTl3u
— Dr. Roy Schestowitz (罗伊) (@schestowitz) April 3, 2020
Zoom Lets Attackers Steal Windows Credentials, Run Programs via UNC Links https://t.co/SFIywyTg8H
— Ian Cook (@Secnewsbytes) April 2, 2020
Zoom Lets Attackers Steal Windows Credentials, Run Programs via UNC Links#informationtechnology #cyberwarfare #ethicalhacking #hacking #security #infosec #cybersecurity #informationsecurity #cyberattack #cloudsecurity #cyberdefense #cybercrime https://t.co/AJ2F7hGnay
— Ahmed Karam أحمد كرم (@AhmedKaram_t) April 2, 2020
Zoomで最近発見された脆弱性により、Windows資格情報が盗まれることがある。
— うんぱるんぱ (@ce_oompa_loompa) April 3, 2020
Zoom Lets Attackers Steal Windows Credentials, Run Programs via UNC Links https://t.co/ZkeAy483fT
Zoom Client Leaks Windows Login Credentials to Attackers #dynamicCISO #linux #girlswhocode #hacking #security #cybersecurirty #infosec @rneelmani @hacback17 https://t.co/YjhQbGoB2K
— DynamicCISO (@dynamicCISO) April 2, 2020