cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Is Zoom conferencing safe to use or not?

Hi All

 

According to "The Intercept" Zoom has some issues, which can result in data leakage, privacy and apparently has encryption issues.

 

Does it have issues, during this crisis, as it is being actively used even by New Zealand Government agencies too for updates: 

 

https://theintercept.com/2020/03/31/zoom-meeting-encryption/

 

https://www.businessinsider.com.au/zoom-privacy-issues-fbi-facebook-data-sharing-2020-3?r=US&IR=T

 

https://arstechnica.com/tech-policy/2020/03/zooms-privacy-problems-are-growing-as-platform-explodes-...

 

Or does someone have an agenda against the company?

 

Regards

 

Caute_cautim

49 Replies
AppDefects
Community Champion

Will Alex Stamos save Zoom from imploding??? He will need an army to rewrite their code and security, well just about everything...

Caute_cautim
Community Champion

@AppDefectsHere is an update from Tomsguide:

 

https://www.tomsguide.com/news/zoom-security-privacy-woes

 

It certainly is a dynamic field at the moment, some for and some against.

 

Regards

 

Caute_cautim

Caute_cautim
Community Champion

@kpinkhamThere has to be some overlooking there or even corruption or 'oversight"?

 

What a categorical mistake to make?

 

Regards

 

Caute-cautim

 

 

Caute_cautim
Community Champion

@CraginSI think you are absolutely correct:  Look at this next issue:

 

https://news.sky.com/story/coronavirus-teachers-stopped-from-using-zoom-in-singapore-after-very-seri...

 

From Singapore, this is serious.

 

Regards

 

Caute_cautim

CraginS
Defender I


@rslade wrote:

Since it seems likely that China can surveil basically any Zoom meeting/call/chat, I think it would be a good idea, in national security terms, for everyone, as much as possible, to use Zoom for inconsequential family parties and so forth, so that important business and government meetings might get lost in the chaff ...


Once upon a time, Webex was an early contender in the group video meeting market. The US Department of Defense (DoD) was using them to test group communication services capabilities and procedures. Several large corporations, like Lockheed around the time they were developing the F-35, used them for remote communication. They were nominally a San Francisco company, but some careful study revealed that the company was owned in China, their San Francisco employees were primarily Chinese nationals, and most of the developer team, as well as primary servers, were in China. As the DoD moved forward to field a full communication service, Webex was not on the list of finalists, possibly because of the foreign ownership. 

 

A year or two later, DoD put out a request for proposals on a communication service, By that time Citrix had bought Webex, so Webex was allowed to participate, as a US owned company. However, much of the sales, support, and developer staff were the same folks as before; only the corporate ownership had changed.

 

Move forward many years. Eric Yuan was on the Webex team at Citrix. He saw an opportunity to build a better mousetrap for group communication, so he left Citrix and started Zoom. From my superficial reading of history own Yuan, Zoom, and Webex, I have not been able to tell if he was a pre-Citrix Webex employee. According to a Forbes bio article, he joined Webex in 1997, and Cisco acquired Webex in 2007. [edited 4/13/2020] I do find it interesting that he apparently was not bound by a no-compete contract at Webex/Citrix, allowing him to launch Zoom in direct competition with Webex.

 

Now we learn that Zoom has developers and servers in China, just as Webex did. And that occasionally encryption keys and communication streams get "accidentally" routed through China, even for US-to-US conversation sessions. (If you buy that story, I have a bridge for sale I want to talk about with you.)

 

Kinda makes you think, dunnit?

 

Craig

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
rslade
Influencer II


As professionals in the field of security and privacy, we have nothing to worry about. The public will stop using ZOOM just a quickly as they all jumped off of FaceBook once its perfidy was apparent.

You really have a nice turn in sarcasm ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
rslade
Influencer II

Yet another voice, and some new vulnerabilities.  (Even after the updates?)


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
CraginS
Defender I

Well, I cannot address the trust issues we may have, but the Electronic Frontier Foundation has published a protect yourself guide if you must use Zoom.

 

Craig

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Caute_cautim
Community Champion

Why are we not surprised?

 

https://www.cpomagazine.com/cyber-security/half-a-million-zoom-accounts-compromised-by-credential-st...

 

Anyone want some Zoom accounts?   They are cheap...

 

Regards

 

Caute_cautim

CraginS
Defender I


@Caute_cautim wrote:

Why are we not surprised?

 

https://www.cpomagazine.com/cyber-security/half-a-million-zoom-accounts-compromised-by-credential-st...

 

More and more evidence piles up that Zoom is not to be trusted. See

Move Fast and Roll Your Own Crypto
A Quick Look at the Confidentiality of Zoom Meetings
By Bill Marczak and John Scott-Railton April 3, 2020

 

To quote Wolfman Jack,

"And the hits just keep on coming!"

 

Craig

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts