Looks like solid research by @citizenlab. If I'm reading it correctly, actors in China could have access to all the encryption keys needed to see calls. Keep this in mind when you chose to discuss sensitive info using #zoom. Obviously no mil/gov should talk classified on it. https://t.co/9PH5Qd9e9k
— Richard Bejtlich (@taosecurity) April 3, 2020
Oops. We didn’t know routing our overflow to China would compromise our InfoSec. ? https://t.co/K1AXgPDPL6
— Baksht.data™ ? (@jbaksht) April 4, 2020
This is great to hear! Well done Zoom! Zoom announces 90-day feature freeze to fix privacy and security issues https://t.co/5hq0F2Pdw1 via @Verge
— Stephen L Rose (@stephenlrose) April 2, 2020
I compiled a list of every known Zoom security exploit, software bug, privacy failure, and bad decision (many now remediated) and what you can do about each of them. I had to add six in the last two days while writing & editing it. @TidBITS https://t.co/SUDNrD889F
— Glenn Fleishman (@GlennF) April 3, 2020
A round-up from Bruce Schneier of the research showing how Zoom's "security" is a sick joke. If you have secrets to keep, don't go near this product. https://t.co/k7eSwWXwMw
— Dan Gillmor (@dangillmor) April 4, 2020
Zoom meetings are being hijacked by people yelling racist slurs and flooding calls with graphic contenthttps://t.co/So7ST3MuGm
— BuzzFeed News (@BuzzFeedNews) April 2, 2020
DoJ and State AGs note that warn "anyone who hacks into a teleconference can be charged with state or federal crimes." https://t.co/YKxFmQ6AF0
— Peter W. Singer (@peterwsinger) April 3, 2020
speaking as someone who does this for a living, routing doesnt "mistakenly" happen
— anime graf mays ?✈️ (@grafby) April 4, 2020
you have to pay *extra* to transit routes for your traffic to even hop to china at all https://t.co/FnDJlBPmFN
Zoom will require password and enable waiting rooms by default https://t.co/q8Y6WO7pr3 // This is not only good to see but ?? crisis leadership. Product choices that dramatically change behavior/introduce friction —> super tough. Prev wrote♻️https://t.co/XlPIzlBYEm
— Steven Sinofsky (@stevesi) April 4, 2020
People lost their minds when Zoom was sending small pieces of data to Facebook even when users weren't on FB.
— Thomas Brewster (@iblametom) April 3, 2020
Wonder how they'll react when they hear Zoom is sometimes handling encryption keys in Beijing, even when callers aren't in China...https://t.co/4NO4IeNpDy
Zoom had 10M DAU in Dec compared to 200M DAU now. Wow. ? https://t.co/Orz9vXeWMq
— Darren Herman (@dherman76) April 2, 2020
NEW: Zoom 'unsuitable' for government secrets, researchers say. New study from @citizenlab shows Zoom encryption is crackable and unsafe for high level meets. I understand gov is working on adapting other existing tools 'at pace' to deal with the current communications conundrum. https://t.co/EEXwR3gUhG
— Joe Tidy (@joetidy) April 3, 2020
A Quick Look at the Confidentiality of Zoom Meetings by the team at @CitizenLab.https://t.co/Y5l46UodWb
— Graham Cluley (@gcluley) April 3, 2020
(I wonder how much longer the UK Govt will be using it for cabinet meetings...) pic.twitter.com/k99KY62fsv
Check out this blog post if you want to learn more about the technical background of the Zoom issue and its implications.
— Felix (@c1truz_) April 1, 2020
Also, here is the full VMRay Analyzer report https://t.co/umACO7BpP7 ✌️ https://t.co/fq9AT7IuQ1
An analysis of Zoom by @billmarczak & @jsrailton reveals it *does not* use industry standard protocols for voice & video— encryption & decryption keys come from Chinese servers.
— Avi Asher-Schapiro (@AASchapiro) April 3, 2020
Their conclusion: it's fine for family chats, not for journalists & activists.https://t.co/4X2FqSC4hd
March 2020, when the internet was good again. It was fun while it lasted. https://t.co/89OLmkYINz
— Adam Satariano (@satariano) April 3, 2020
Building tools for business for most of Zoom's history, CEO @ericsyuan says he never anticipated hackers would want to join a run-of-the-mill staff check-in or weekly work review -- much less that hackers would someday want to disrupt virtual classrooms.https://t.co/O0mSLB9TGr pic.twitter.com/kdSTDND4ha
— Alex Konrad (@alexrkonrad) April 3, 2020
An important read for NGOs, #humanrights lawyers, activists and journalists using Zoom during the #COVID19 crisis. Surely this is a problem Zoom should be urgently fixing? #bizhumanrights https://t.co/xtKwZZ10Zx
— Anneke VanWoudenberg (@woudena) April 3, 2020
Zoom has become the go-to tool of the at-home era with 200 million daily users. It's also become a flashpoint of controversy after a series of security and privacy concerns.
— Alex Konrad (@alexrkonrad) April 3, 2020
I spoke to Zoom's CEO about it for this cover story in our next issue of @Forbeshttps://t.co/VCAvKn154G pic.twitter.com/zFgm8Cls6Q
Zoom is moving quickly to fix its “malware-like” macOS installer with a new update today. It comes just 2 days after the issues were highlighted on Twitter by @c1truz_ Details here: https://t.co/QdugjElfAp pic.twitter.com/Nxtsl2HyrJ
— Tom Warren (@tomwarren) April 2, 2020
Zoom has a lot of work to do if it wants to regain users' trust. In the meantime, if you continue using Zoom, consider these settings. https://t.co/qtai3oOrNj
— EFF (@EFF) April 3, 2020
An exhaustive account of all Zoom's privacy and security transgressions. When you see it all collected like this.. well, just, wow. https://t.co/jNUQs2zVwm
— DHH (@dhh) April 3, 2020
Despite the confusing back-and-forth messaging, it finally seems clear that, no, Zoom is indeed NOT end-to-end encrypted, as they were claiming for a long time. Unlike, say, Apple's FaceTime, which for up to 32 users, indeed IS e2e. https://t.co/UzkhQ6n7gt
— DHH (@dhh) April 3, 2020
I still remember Eric Yuan reaching out to video chat and I wondered which platform to chat on
— Jane Manchun Wong (@wongmjane) April 3, 2020
And he suggested Zoom. Eventually I realized he's actually the CEO of Zoom https://t.co/myd9WQgMOn
She was hosting a Zoom meeting for professional women of color, a way to connect and unwind during the pandemic.
— Salvador Hernandez (@SalHernandez) April 2, 2020
It got hijacked by trolls yelling the N-word at her https://t.co/NphcpyajNt
Zoom is 2020's version of Milkshake Duck https://t.co/XIDG1x0MnC
— David Dayen (@ddayen) April 3, 2020
Zoom’s actions today remind me of the 2002 feature freeze of Microsoft, which started their journey to better Windows security. ”When we face a choice between adding features and resolving security issues, we need to choose security”, said Bill Gates. https://t.co/nwLaRhJJGx
— ?mikko (@mikko) April 3, 2020
The choices Zoom has made on encryption are reasonable. But they really shouldn't claim it's end-to-end encrypted. And they should stop with the muddled blog posts too. @lilyhnewman digs in deep. cc @dhh https://t.co/TWf1G4jOvI
— nxthompson (@nxthompson) April 3, 2020
Separately - also staggering to see the tool that most of us are relying on wish to get back to selling b2b and give up their (90+%?) consumer marketshare that they’ve built over the last two months.
— Sriram Krishnan (@sriramk) April 3, 2020
New: Zoom now confirms that some calls were "mistakenly" routed through China, and has rolled out a fix to prevent it happening again. https://t.co/74Dcpt2eYd
— Zack Whittaker (@zackwhittaker) April 4, 2020
Good. It’d be better if it was encrypted as advertised (they say E2EE on website but it’s not) and some kind of written guarantee they won’t leak our data to third parties, eg Facebook, again. https://t.co/5M74CxswTE
— Belinda Barnet (@manjusrii) April 4, 2020
I get why they have to do this, but it's taking away from what makes Zoom great in the first place https://t.co/DuMQAJ447q
— Isaac Krasny (@isaackrasny) April 4, 2020
Credit where credit is due: Zoom appears to have pushed an update this morning to change the macOS installer's malware-like behavior.
— Christopher S. Rice, Ph.D. (@refuturing) April 2, 2020
Well done. Now, please fix the Meeting ID issue with a more difficult to guess/hashed approach. https://t.co/TOuoAOlmPS
Also worth noting: “For those using Zoom to keep in touch with friends, hold social events, or organize courses or lectures that they might otherwise hold in a public or semi-public venue, our findings should not necessarily be concerning.” https://t.co/a6hKqYJstX
— matthew braga (@mattbraga) April 3, 2020
Among other concerns including encryption & data being routed through China, "Zoom...appears to own three companies in China through which at least 700 employees are paid to develop Zoom’s software...this arrangement may make Zoom responsive to pressure from Chinese authorities" https://t.co/Q6TNgykDwh
— Mary Hui (@maryhui) April 3, 2020
Good read and response from Zoom.
— Dave Kennedy (ReL1K) (@HackingDave) April 2, 2020
As mentioned earlier they are handling this the right way.
Zero day dropped March 30th - fixed April 1st. UNC issue fixed and more.
Impressive.
Lots of communication and clarity - that’s a good thing.https://t.co/Qo9NarzI9K
I’ve been giving @zoom_us the benefit of the doubt, assuming that the privacy histeria was overblown. And that the extra scrutiny would make them 10X better than other video solutions not in the limelight. Now I’m starting to think that was wildly naive of me. Fool me once… https://t.co/BMnIdi0Nn1
— David Barnard (@drbarnard) April 4, 2020
Tech companies take privacy "extremely seriously" ... once journalists reveal problematic aspects of products *working as they were designed*. Again. https://t.co/EstfCv6jyL
— John Keefe (@jkeefe) April 2, 2020
Dear @zoom_us - as part of your focus on privacy and security over the next 90 days there is something we could critically use in education: the ability to record only the host side of a call. This will allow us to record and share classes without compromising student privacy. https://t.co/72mQeEytTz
— Ethan White (@ethanwhite) April 3, 2020
I have more years of experience in engineering than i like to mention.
— Andreas Klinger ✌️ (@andreasklinger) April 3, 2020
But this does not compute for me…
Keeping the infrastructure in check for a 20x on that scale is insanely impressive.
Hats off to the zoom eng + infrastructure team. https://t.co/a9qFm3EOeC
There are two things you should never do:
— Jeffrey Vagle (@jvagle) April 3, 2020
1. Get involved in a land war in Asia, and
2. Roll your own cryptohttps://t.co/5bIyf1oMLd
Using Zoom? Their video messaging does NOT use end-to-end encryption.
— Fight for the Future (@fightfortheftr) April 3, 2020
Sign the petition to tell @zoom_us to protect your sensitive personal and professional communications. ?https://t.co/G8ZCATcR3d
We appreciate the scrutiny and questions we have been getting – about how the service works, about our infrastructure and capacity, and about our privacy and security policies. These are the questions that will make Zoom better [Blog Post] https://t.co/tDcWxRIF2V by @ericsyuan
— Zoom (@zoom_us) April 2, 2020
“I told the team that with any crisis like this, let’s not leverage the opportunity for marketing or sales. Let’s focus on our customers,” Yuan says. “If you leverage this opportunity for money, I think that’s a horrible culture.” pic.twitter.com/rdlJyOLwbH
— Forbes (@Forbes) April 3, 2020
Attention Zoom users! A vulnerability has been identified that could allow an attacker to gain control of a system or collect your Windows credentials.
— U of G IT (@uofgccs) April 2, 2020
CCS strongly recommends updating your Zoom client immediately.@uofg @GuelphHumberUni
More info:https://t.co/l4guZwNojz pic.twitter.com/LPqbujxTM1
I was stunned Zoom’s servers hadn’t been crushed by increased traffic before this, but 20x growth in 3 months without the whole system exploding is amazing. This’ll be a case study in scaling for the ages. https://t.co/7aVCgO52S3
— Ellen Shapiro (@designatednerd) April 2, 2020
This is a very good and human-readable post by @matthew_d_green about how Zoom's encryption works, the good parts and the very bad parts, and how Zoom has a solid path forward to fix the most major problems https://t.co/KvtgooISoa
— Micah Lee (@micahflee) April 3, 2020
New report from @citizenlab on confidentiality and encryption of Zoom meetings: “Researchers conclude that Zoom uses non-industry-standard cryptographic techniques with identifiable weaknesses and is not suitable for sensitive communications.” https://t.co/2ha9WDYjEk
— Kate Allen (@katecallen) April 3, 2020
Nice pro-active response from Zoom about the security issues recently uncovered. Contrast this with how @Voatz responded recently when MIT researchers found issues with its mobile voting app and it went into attack mode against the researchers. https://t.co/DH78z0c9Rz
— Kim Zetter (@KimZetter) April 2, 2020
8/ Zoom "accidentally" routed calls through China https://t.co/gu9FhECZ6p
— Owen Williams ⚡ (@ow) April 4, 2020
Honest mistake, rogue engineer, who could have predicted, our users' security and privacy come first, here's a $100,000 check for Planned Parenthood, are you happy now?!
— Kontra (@counternotions) April 4, 2020
↓ https://t.co/gUcQp0MrQ0
The #Coronavirus outbreak has shown us how vital video teleconferencing is to keeping our economic system functioning in a crisis.
— Max Burns (@themaxburns) April 3, 2020
Congress must protect the security of teleconferencing - it's as critical to our national infrastructure as power plants. https://t.co/eipcQ5H6V7
Interesting research from Citizen Lab on Zoom - it raises concerns about Chinese end of the company - ‘during multiple test calls in North America, we observed keys for encrypting and decrypting meetings transmitted to servers in Beijing, China’ https://t.co/M2dAN9wnEn
— Gordon Corera (@gordoncorera) April 3, 2020
Thank you for this fair coverage of Zoom’s meteoric rise & the real challenges that Zoom has faced. I’m so proud & impressed with Eric & the Zoom team’s transparency & decisive actions to make Zoom even better. Your article is refreshing in a world of sensationalist journalism. https://t.co/9NgkneoPVM
— Jim Scheinman (@jimscheinman) April 3, 2020
When the first phase of this is over, we are going to wake up to the scale of the information security and privacy risks we have all been taking https://t.co/uaDrx4YPTQ
— Nicholas Dawes (@NicDawes) April 3, 2020
I wrote a non-technical post on the situation with Zoom and encryption. This mostly summarizes what we know from @citizenlab and Zoom itself: https://t.co/g6hFWjPwXT
— Matthew Green (@matthew_d_green) April 3, 2020
Glad Zoom is finally addressing the harassment of users on its platform, aka "Zoombombing." But a blog post won't cut it. They need to develop a plan to combat the targeted harassment of Black & brown users and engage meaningfully with organizers to do so. https://t.co/TRIP3k3pR7 https://t.co/HqimcuvL3F
— Rashad Robinson (@rashadrobinson) April 3, 2020
We spoke to @ericsyuan 3x in the past month for this story. Yesterday, he accepted full responsibility for Zoom's problems, and thanked journalists and researchers for pointing out mistakes and flaws.
— Alex Konrad (@alexrkonrad) April 3, 2020
Can he win back your trust? Thanks for reading ?https://t.co/kgMqzJgoMV pic.twitter.com/4PjtMM3shS
Zoom has seen a 535% rise in daily traffic in the past month, but security researchers say the app is a ‘privacy disaster’ https://t.co/FppFWofiwe
— ????? ??????? (@ayshardzn) April 4, 2020
“I feel like Zoom is not a part of Zoom anymore. Zoom belongs to the world now,” @ericsyuan told @alexrkonrad.
— Natalie Sportelli (@N_Sportelli) April 3, 2020
As the world moved online, @zoom_us became our connecting thread. With that surging demand came increased scrutiny.
Alex's new @Forbes cover.?https://t.co/MQFvbAtnLR
Experienced this recently first-hand, trolls flooded a zoom panel about queer memoir writing with images of graphic pornography. It was awful and saddening. I know friends who have been targeted with racist harassment. https://t.co/QQnXS8zakL
— Saeed Jones (@theferocity) April 4, 2020
Zoom's security just gets worse and worse. Broken encryption (ECB), 128-bit instead of quoted 256-bit, with keys issued by servers in Chinahttps://t.co/lbdDmXcaB1 @zoom_us pic.twitter.com/zYNCkG5xxn
— Mikel Bober-Irizar (@mikb0b) April 3, 2020
y i k e s https://t.co/de6zwV52pR
— lvl 45 covid potus (@thetomzone) April 3, 2020
“While we never intended to deceive any of our customers, we recognize that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it”, you don’t say. I still am not clear what‘s up after reading this https://t.co/toqkZ157sd
— DHH (@dhh) April 2, 2020
Zoom's response to this sudden unexpected surge has been phenomenal
— Anand Sanwal (@asanwal) April 4, 2020
It's a team and company that really appears to care about building great things and which responds to critical feedback in a constructive way
So impressivehttps://t.co/zocdKdhkeH
"An analysis by The New York Times found 153 Instagram accounts, dozens of Twitter accounts and private chats, and several active message boards on Reddit and 4Chan where thousands of people had gathered to organize Zoom harassment campaigns..." meetings.https://t.co/ON03AXDqXY
— Keith Plummer (@XianMind) April 4, 2020
How smart is SAM Please kneel https://t.co/sSB0HOrqb2
— sam (@smartertrader) April 3, 2020
Videoconferencing giant Zoom has suddenly found itself the center of global attention, for reasons both good and bad. This is a really terrific story from my @Forbes colleague @alexrkonrad, who digs into the opportunities and challenges it’s facing! https://t.co/hMLSPR2lTM
— Martin Giles (@martingiles) April 3, 2020
CEO @ericsyuan says that when Zoom froze new feature development on April 1, some were half finished, some nearly done.
— Alex Konrad (@alexrkonrad) April 3, 2020
Now he's looking to suspend all tracking on Zoom's sites, and would consider open-sourcing Zoom's code in the future. https://t.co/kgMqzJgoMV tip @techmeme pic.twitter.com/4TxAfhsVzO
#Zoom chat allows you to post links such as \\x.x.x.x\xyz to attempt to capture Net-NTLM hashes if clicked by other users.
— Mitch (@_g0dmode) March 23, 2020
Strikes me as "Facebook-like". Here's how it goes:
— Patrick Moorhead (@PatrickMoorhead) April 4, 2020
-trust us
-sorry, we made a mistake
-we'll do better next time
-fix problem
-trust us
-sorry, we made same mistake
TechCrunch: Zoom admits some calls were routed through China by mistake.https://t.co/sSjYiGRAzB
via @GoogleNews
Great story by @alexrkonrad—well worth the read. @ericsyuan’s leadership this week has been nothing but impressive. https://t.co/GDFSYgMCeG
— Maven Ventures (@mavenvc) April 3, 2020
A fantastic case study in how aggressively "making X easy" inevitably leads to "making X insecure."
— Susan Potter (@SusanPotter) April 3, 2020
If meeting confidentiality is not that important for your company then maybe the user exploit potential is note worthy. Zoom is a risky proposition for your employees to install. https://t.co/UksmizO58t
Well, if every societal institution had performed as well as Zoom's infrastructure team, we'd be OK. https://t.co/CKo4h6LZ5k
— Antonio García Martínez (@antoniogm) April 3, 2020
Zoom's scrutiny has come during a historic run of user growth that's made it tough for it to keep up. Here's a chart of Zoom mobile use alone. Overall Zoom says it went from 10M users at end of 2019 to 200M in March, a historic jump for any business tool.https://t.co/kgMqzJgoMV pic.twitter.com/e6DsMfIYn4
— Alex Konrad (@alexrkonrad) April 3, 2020
Zoom has made a lot of claims and used a lot of very specific phrases in describing its encryption protections for meetings. Let's hash it out, shall we? https://t.co/GkWG8ZrDHa
— Lily Hay Newman (@lilyhnewman) April 3, 2020
"Meetings on Zoom are encrypted using an algorithm with serious, well-known weaknesses, and sometimes using keys issued by servers in China, even when meeting participants are all in North America, according to researchers at the University of Toronto" https://t.co/rZRat8KMx0
— DHH (@dhh) April 3, 2020
This sounds great, but it’s hard to take too seriously when the stance is “actually we were already doing great and being very transparent but you just didn’t see it”. How you can say that while still lying about being end-to-end encrypted is something. https://t.co/1EKy7gwoxm
— DHH (@dhh) April 2, 2020
cc: UK government. https://t.co/n4CGe5pfji
— Martin SFP Bryant (@MartinSFP) April 3, 2020
Zoom is getting torn apart. That’s not a bad thing. Very very few enterprise tools get the attention of world-class researchers. Even premier applications by huge companies go unexamimed b/c difficulty of obtaining and installing them. Plenty of Tier0 stuff written in C in 2007.
— SwiftOnSecurity (@SwiftOnSecurity) April 2, 2020
Analysts see recent consumer hype around $ZM as a distraction. @AlexZukin at @rbccm says Zoom CEO Eric Yuan "is in an impossible situation" making everyone happy now, but that big customers are content with Zoom's security set-up.https://t.co/kgMqzJgoMV
— Alex Konrad (@alexrkonrad) April 3, 2020
cc @carlquintanilla pic.twitter.com/nIPdprRFuF
Internet routing is sub-optimal, but this is bullshit —> Zoom admits some calls were routed through China by mistake – TechCrunch https://t.co/fBd3ghXOgV
— mike d. kail (@mdkail) April 4, 2020
Zoom admits some calls were routed through China by mistakehttps://t.co/Cw4ATAtcTb
— Culttture (@culttture) April 4, 2020
Hours after security researchers at Citizen Lab reported that some #Zoom calls were routed through China, the video conferencing platform has offered an apology and a partial explanation.https://t.co/tWz7BVirK9
— ?⚔️?Kari {⭐️⭐️⭐️}?? (@kadajoza) April 4, 2020
This morning’s Zoom issue: Zoom admits some calls were routed through China by mistake | TechCrunch https://t.co/qSz3xfoOxW
— Chris Enns (@iChris) April 4, 2020
Strikes me as "Facebook-like". Here's how it goes:
— Patrick Moorhead (@PatrickMoorhead) April 4, 2020
-trust us
-sorry, we made a mistake
-we'll do better next time
-fix problem
-trust us
-sorry, we made same mistake
TechCrunch: Zoom admits some calls were routed through China by mistake.https://t.co/sSjYiGRAzB
via @GoogleNews
Zoom is a great example of why you should always give as much fake info to these apps as possible.
— Violet Blue® (@violetblue) April 3, 2020
Also, companies like Zoom need to know that hackers and researchers have a LOT of free time now, so they best get their shit together and quit faking it.https://t.co/ZCPr8H8bLO
Zoom will enable waiting rooms by default to stop Zoombombing: Zoom is making some drastic changes to prevent rampant abuse as trolls attack publicly-shared video calls. Starting April 5th, it will require passwords to enter calls via Meeting ID, since… https://t.co/yRTTgmkxfd pic.twitter.com/lzPELj6nSh
— Dave Michels (@DaveMichels) April 4, 2020
ちなみに4/5からのポリシー改訂により、Meeting IDからはパスワード無しで入室できなくなるようです。また、ホストが手作業で参加者を承認する「待合室」機能がデフォルトで有効化されるようです。Zoomはセキュリティー強化に徹していて、変更が多いので追うのも大変。https://t.co/C0aVFH3vtz
— Haruna.K (@haru__coscnt) April 4, 2020
Zoom is finally making drastic changes to prevent trolling. April 5th, waiting rooms default on for everyone & entry by meeting ID will require a password https://t.co/t8K6fSngvo
— Josh Constine (@JoshConstine) April 3, 2020
Heads up! Changes coming to when Zoom meetings require passwords to enter calls via Meeting ID, and virtual waiting rooms to be on by default. You may need to inform users and meeting leaders of the new user experience! #security #privacy https://t.co/3bQmd5G1lP
— Daniel Ayala (@buddhake) April 4, 2020
Zoom vows to spend next 90 days thinking hard about its security and privacy after rough week, meeting ID war-dialing tool emerges #CyberSec #Security #ThreatIntel #cybersecurity #dataprotection #privacy #cyberthreats #hackers #Hacking #digitalrisk https://t.co/41GlexfjKX
— Javier Carriazo (@javier_carriazo) April 3, 2020
Zoom vows to spend next 90 days thinking hard about its security and privacy after rough week, meeting ID war-dialing tool emerges https://t.co/oQKpCUdxgH
— Moix Security (@moixsec) April 4, 2020
DOJ says Zoom-bombing is a crime https://t.co/1rKjLAQmP1 by @campuscodi
— ZDNet (@ZDNet) April 4, 2020
DOJ officials say Zoom-bombing is a crime.
— Catalin Cimpanu (@campuscodi) April 4, 2020
Zoom raids could lead to arrests, fines, and even prison sentences.https://t.co/EW6OeZa8MC pic.twitter.com/JHqrJ9q6JH
#Justice #PSA
— ✖️AnonCassi ⭐️ ⭐️ ⭐️ (@AnonCassi) April 4, 2020
Federal, State & Local Law Enforcement Warn Against Teleconferencing HACKING During Coronavirus Pandemic
FBI REPORTS RISE IN VIDEO HACKING ACROSS THE US??
?️"Zoom-Bombing" #ZoomBombing#COVID19CRIME #CyberCrime@POTUS EDMI #Communicationshttps://t.co/9RorlivNAp pic.twitter.com/WZ1yFdEJR4
the whiplash in tone between the statements from the US attorneys for the Eastern and Western Districts of Michigan is just delightful https://t.co/uoTEpzC4Ow pic.twitter.com/V2K2LhqmQu
— Quinta Jurecic (@qjurecic) April 3, 2020
“You think Zoom bombing is funny? Let’s see how funny it is after you get arrested,” stated Matthew Schneider, United States Attorney for Eastern Michigan - https://t.co/u4HiugqUJY
— Dan Stoller (@realdanstoller) April 3, 2020
?“You think Zoom bombing is funny? Let’s see how funny it is after you get arrested,” stated Matthew Schneider, US Attorney.
— Lourdes M. Turrecha (@LourdesTurrecha) April 3, 2020
“If you interfere with a teleconference ... you could have federal, state, or local law enforcement knocking at your door.” https://t.co/4ovUo53COu
STOP USING FREE VTC - in doing so you’re unwittingly opening yourself, your employer to hackers jacking your PII
— File411 (@File411) April 3, 2020
Secure your shit & uninstall Zoom
Federal, State, and Local Law Enforcement Warn Against Teleconferencing Hacking During Coronavirus Pandemic https://t.co/xAAMWW5wAT
“You think Zoom bombing is funny? Let’s see how funny it is after you get arrested." h/t @aprilaser https://t.co/wAayis2fbH
— Jacob Ward (@byjacobward) April 3, 2020
"Zoombombing" is a federal offense that could result in imprisonment, prosecutors warn https://t.co/ZJW7HdsvFC pic.twitter.com/uKon1cNgki
— The Verge (@verge) April 4, 2020
“Zoombombing” is a federal offense that could result in imprisonment, prosecutors warn https://t.co/MbZCInZgTk via @Verge
— Robert Barnes (@Barnes_Law) April 4, 2020
“... prosecutors say they’ll pursue charges for Zoombombing, including “disrupting a public meeting, computer intrusion, using a computer to commit a crime, hate crimes, fraud, or transmitting threatening communications.” https://t.co/adHdcSi8mA
— All I don't wanna do is zoom-a-zoom-zoom-zoom (@hypervisible) April 4, 2020
‘Zoombombing’ is a federal offense that could result in imprisonment, prosecutors warn.
— Ian O'Byrne (@wiobyrne) April 4, 2020
If you or anyone you know becomes a victim of teleconference hacking, they can report it to the FBI’s Internet Crime Complaint Center. https://t.co/VhvRpD8AAJ
"Zoombombing" is a federal offense that could result in imprisonment, prosecutors warn https://t.co/23tTJLRtMg pic.twitter.com/wBhDoFobQA
— The Verge (@verge) April 3, 2020
‘Zoombombing’ is a federal offense that could result in imprisonment, prosecutors warn - The Verge https://t.co/cjRCCF4b6x
— Joe Sabado (@JoeSabado) April 3, 2020
I compiled a list of every known Zoom security exploit, software bug, privacy failure, and bad decision (many now remediated) and what you can do about each of them. I had to add six in the last two days while writing & editing it. @TidBITS https://t.co/SUDNrD889F
— Glenn Fleishman (@GlennF) April 3, 2020
@laurenduca Everything Zoom got wrong, what they fixed, where to worry, and what to do about the things you have power over when using it! https://t.co/SUDNrD889F
— Glenn Fleishman (@GlennF) April 3, 2020
Two U.S. state AGs seek info on Chinazi-owned Zoom's privacy practices - Reuters https://t.co/SdDNDlsEex
— BenTallmadge (@BenKTallmadge) April 4, 2020
Zoom’s call encryption is sub-standard and the service may rout calls via Chinese servers even if call participants are not located there, researchers from Citizen Lab find.
— Adrian Zenz (@adrianzenz) April 4, 2020
Zoom uses AES encryption with the flawed ECB padding scheme that...
https://t.co/j0sEAlwXSl by @micahflee
Zoom’s encryption is “not suited for secrets” and has surprising links to China, researchers discover https://t.co/TkRhhlu0yE by @micahflee
— Moshe Vardi (@vardi) April 4, 2020
Zoom’s Encryption Is “Not Suited for Secrets” and Has Surprising Links to China, Researchers Discover https://t.co/vzJqn5a7RF
— watchful one (@watchful1) April 4, 2020
Zoom’s Encryption Is “Not Suited for Secrets” and Has Surprising Links To China, Researchers Discover https://t.co/R6WaTMRBeo pic.twitter.com/fJoQRuPyaI
— Rich Tehrani (@rtehrani) April 4, 2020
Gotta love this. Claims AES-256. Uses AES-128. In ECB mode! (And sends copies of keys to servers in China.)
— Russ Cox (@_rsc) April 3, 2020
How do you “accidentally” use ECB mode in 2020!?https://t.co/SQc2v8ZZzV
❏Zoom’s Flawed Encryption Linked to China https://t.co/6spnPVrxCy
— まさお (@masaosaito) April 4, 2020
Zoomはいろいろセキュリティがヤバすぎて使ってないけど、こりゃ根本的にダメだ。暗号鍵の生成はサーバ側でしてるとな。しかもいまどき128bit鍵。サーバの一部は中国にあるとも。
Web参加でも使いたくない…。
Zoom’s encryption is “not suited for secrets” and has surprising links to #China, researchers discover https://t.co/VCHJg8cKZH
— Taha Siddiqui (@TahaSSiddiqui) April 4, 2020
Zoomの暗号の鍵生成はローカルではなくサーバーで行われる。ちなみのそのサーバーは中国に設置されているものも使われる。馬鹿じゃないのか。https://t.co/w5EfhBTOXm
— Ryou Ezoe(江添 亮) (@EzoeRyou) April 3, 2020
The latest on Zoom in this post by @micahflee summarizes @citizenlab research on some of its security flaws. https://t.co/bWZ8WahQyX 1/7
— Yael Grauer (@yaelwrites) April 3, 2020
Zoom’s encryption is “not suited for secrets” and has surprising links to China, researchers discover https://t.co/V68ZxYwvHq by @micahflee
— Jewhadi™ (@JewhadiTM) April 4, 2020
Zoom's encryption has some major flaws, is "not suited for secrets", and Zoom has servers in China generating meeting encryption keys for users in other countries, @citizenlab researchers @billmarczak & @jsrailton discover https://t.co/KLmTI2i8ar by me
— Micah Lee (@micahflee) April 3, 2020
Don't send Zoom DMs. They're pretty leaky. https://t.co/RhcwvK2pRx
— Input (@inputmag) April 4, 2020