Coronavirus home work: Zoom sued over security lapses as stock slides. An investor in Zoom has filed a class action lawsuit against the video-conferencing company, accusing it of fudging details about its encryption, hiding security flaws, and disclosing personal information to Facebook.
Zoom Visio-conférence Pour Les Juristes – DataRainbow. Regard Sur Les Nombreuses Considérations Avant L’utilisation D’un Mode De Visio-Conférence.
Analysons les principales conséquences juridiques liées à l’utilisation de l’application de vidéo-conférence gratuite Zoom devenue très populaire qui est passée de 20 à 200 millions d’utilisateurs en l’espace de quelques jours, propulsée par les besoins du confinement et télétravail imposés par la pandémique du Covid-19. Tout d’abord, de manière schématique, quatre catégories de données sont concernées avec partage plus ou moins volontaire : Les données des organisateurs, Les données des invités,Les données des tiers mentionnés durant la visio-conférence,Les données concernant les mineurs. Parmi elles, deux catégories de données : Les données personnelles répondent à la définition relativement large de l’art. 4 [_RGPD04_] Les données dites de catégorie spéciale ou données sensibles, qui en principe ne doivent pas être traitées sauf exception.
Données personnelles 1. New York Attorney General Looks Into Zoom’s Privacy Practices. Zoom, the videoconferencing app whose traffic has surged during the coronavirus pandemic, is under scrutiny by the office of New York’s attorney general, Letitia James, for its data privacy and security practices.
On Monday, the office sent Zoom a letter asking what, if any, new security measures the company has put in place to handle increased traffic on its network and to detect hackers, according to a copy reviewed by The New York Times. While the letter referred to Zoom as “an essential and valuable communications platform,” it outlined several concerns, noting that the company had been slow to address security flaws such as vulnerabilities “that could enable malicious third parties to, among other things, gain surreptitious access to consumer webcams.” With millions of Americans required to shelter at home because of the coronavirus, Zoom video meetings have quickly become a mainstay of communication for companies, public schools and families. In the letter, Ms. Hilfe…ist „Zoom“ etwa eine Datenschleuder? – Datenschutz-Guru. Vorwort: „Zoom“ steht aktuell erheblich im Hinblick auf „Datenschutz“ unter Kritik.
Ich persönlich finde die Kritik zu großen Teilen unberechtigt. Aber: Es ist nicht zu bestreiten, dass „Zoom“ einen Teil der Kritik zum Anlass genommen hat, besser zu werden. In diesem Beitrag geht es allein um rechtliche Erwägungen. Every Zoom Security and Privacy Flaw So Far, and What You Can Do to Protect Yourself - TidBITS. Of all the tech companies that have benefitted from the massive shift to telecommuting that the global pandemic has forced, Zoom stands at the top.
The company’s multi-platform videoconferencing software was well known before, being a frequently used, market-leading choice mentioned in the same breath as Adobe Connect, Cisco Webex, GoToMeeting, Microsoft Teams, and Skype. But now Zoom has become a verb among businesses, schools, and people making social connections. That’s partly because of the scope of Zoom’s free tier, which allows up to 100 streaming video participants, and the way it has focused its service on scheduling or creating “meetings” that people can join with just a URL, either downloading a simple app on any platform or using an in-browser alternative.
As the stock market has plummeted, Zoom’s share price has doubled—though that’s likely driven more by enthusiasm for the service rather than the ultimate size of the paid videoconferencing market. What is Zoom and how does it work? Plus tips and tricks. If you work from home, you've probably heard about Zoom, one of the leading video conferencing software apps on the market.
It allows you to virtually interact with co-workers or employers when in-person meetings aren't possible. This makes telecommuting seem much more human, as it helps you feel connected. Researchers see sharp rise in fake Zoom domains as hackers target remote workers. Security researchers at Check Point Software Technology Ltd. said today they’ve observed a sharp rise in the number of fake “Zoom” domains registered in the last week as more and more people switch to remote working during the global coronavirus pandemic.
The researchers found 1,700 new domain names containing the word “Zoom” since January with 25% of the domains registered in the last week. Seventy of the domain names were found to be suspicious. Fake sites impersonating the genuine Zoom domains led the pack, with hackers attempting to capture users’ personal details. How to keep your Virtual (Zoom) Meetings safe. Just recently, during one of my Daily Clarity Sessions”, 32 participants and I were the victims of a so-called Zoombomb.
Some random guy joined the meeting and spammed porn videos via screen sharing to all of us until I was able to shut down the meeting. I wasn't even aware of this phenomenon before. It was disgusting, scary, and confusing for me to witness this event in my virtual meeting. Of course, I tried to find out what happened, and I learned that this is a real thing. Does Zoom use end-to-end encryption? TL;DR: It’s complicated.
Yesterday Zoom (the videoconferencing company, not the defunct telecom) put out a clarification post describing their encryption practices. This is a nice example of a company making necessary technical clarifications during a difficult time, although it comes following widespread criticism the company received over their previous, and frankly slightly misleading, explanation.
Move Fast & Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings. This report examines the encryption that protects meetings in the popular Zoom teleconference app.
We find that Zoom has “rolled their own” encryption scheme, which has significant weaknesses. In addition, we identify potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys through China. Key Findings Zoom documentation claims that the app uses “AES-256” encryption for meetings where possible. How to keep your Virtual (Zoom) Meetings safe. Noyb report on privacy policies of video conferencing tools 2020 04 02 0. Zoom's Web Client is Down, Users Report 403 Forbidden Errors. Zoom users are currently reporting that they are unable to use the Zoom web client or start and attend webinars, with reports saying that the web client is throwing '403 Forbidden' errors. Other reports mention time out errors saying that "Your connection has timed out and you cannot join the meetings.
Securing Zoom – Peter Bassill. Zoom's Security and Privacy Woes Violated GDPR, Expert Says. Zoom Security Risks, Privacy and GDPR Compliance Home working and learning has led to a boom in videoconferencing, with Zoom a major beneficiary. But concerns over privacy and security raise important questions: is Zoom safe, and is it even GDPR compliant? Security concerns revolve around the recent discovery of several vulnerabilities taken with the length of time it has taken Zoom to fix earlier vulnerabilities. Privacy concerns focus on a lack of transparency around the user or meeting data retained by Zoom, and who else has access to it.
We will concentrate on the privacy issues in this article. Data retention and third-party access concerns are typified by the recent discovery that the Zoom iOS app had been passing data to Facebook even where the iOS user had no Facebook account. There are two concerns here: the lack of transparency and the distribution of information to a third party without user consent. This is an important aspect that might not be recognized by the hosts. Chicago Politicians’ Zoom Call Interrupted By Porn-Streaming Hijackers – Block Club Chicago. PILSEN — A virtual press conference hosted by Chicago politicians was cut short after someone hijacked the conference call and started streaming pornographic images. On Tuesday morning, Ald. Brian Hopkins (2nd), Ald. Byron Sigcho-Lopez (25th), and Illinois State Reps. Theresa Mah and Ann Williams held a private press conference with organizers, health officials and reporters on popular teleconferencing platform Zoom. The leaders aimed to call on Mayor Lori Lightfoot and Gov.
But 16 minutes into the Zoom chat, that push was interrupted by a person who said: “Yeah, I don’t care.” As confusion set in, a pornographic video that included images of a woman who was not fully clothed began playing on the video call. Zoom Lets Attackers Steal Windows Credentials, Run Programs via UNC Links. The Zoom Windows client is vulnerable to UNC path injection in the client's chat feature that could allow attackers to steal the Windows credentials of users who click on the link.
When using the Zoom client, meeting participants can communicate with each other by sending text messages through a chat interface. When sending a chat message, any URLs that are sent are converted into hyperlinks so that other members can click on them to open a web page in their default browser. The problem is that security researcher @_g0dmode discovered that the Zoom client will convert Windows networking UNC paths into a clickable link in the chat messages as well. As you can see from the chat messages above, a regular URL and the UNC path of \\evil.server.com\images\cat.jpg were both converted into a clickable link in the chat message.
Elon Musk's SpaceX bans Zoom over privacy concerns -memo. Trojanized Zoom Apps Target Remote Workers. Malicious, re-packaged versions of the Zoom video conferencing application are targeting work-from-home Android users with adware and Trojans, Bitdefender reports. Forced by the current COVID-19 pandemic to work from home, many are using Zoom to stay connected with co-workers and other people they work with, and cybercriminals are taking advantage of the situation to trick people into downloading their malicious programs. Zoom has become of increased interest over the past several weeks, not only due to the spike in usage, but also because of various security and privacy issues that impact it and its users. Despite that, millions are using it for video conferencing purposes, which cyber-criminals are seeing as an opportunity for performing malicious activities. Ex-NSA hacker drops new zero-day doom for Zoom. Zoom’s troubled year just got worse.
Now that a large portion of the world is working from home to ride out the coronavirus pandemic, Zoom’s popularity has rocketed, but also has led to an increased focus on the company’s security practices and privacy promises. Hot on the heels of two security researchers finding a Zoom bug that can be abused to steal Windows passwords, another security researcher found two new bugs that can be used to take over a Zoom user’s Mac, including tapping into the webcam and microphone. Patrick Wardle, a former NSA hacker and now principal security researcher at Jamf, dropped the two previously undisclosed flaws on his blog Wednesday, which he shared with TechCrunch. The two bugs, Wardle said, can be launched by a local attacker — that’s where someone has physical control of a vulnerable computer.
Once exploited, the attacker can gain and maintain persistent access to the innards of a victim’s computer, allowing them to install malware or spyware. Zoom lawsuit fb. Access Now urges transparency from Zoom on privacy and security. New York – As the world moves to working online to protect the health and safety of our communities and to stop the spread of the COVID-19 virus, companies such as Zoom have become our new workplaces. In an open letter to Zoom, Access Now urged the company to issue regular transparency reports, disclosing how the company responds to third-party requests for user data, as more people rely on their services. “Zoom is exactly the type of company that needs to issue a transparency report,” said Isedua Oribhabor, Access Now U.S. Policy Analyst. “Zoom sees into our bedrooms, offices, and living rooms.
They are the means through which we work, learn, and stay connected to our loved ones. “The growing demand for Zoom’s services makes it a target for third parties, from law enforcement to malicious hackers, seeking personal data and sensitive information,” said Peter Micek, Access Now’s General Counsel. Zoom is Leaking Peoples' Email Addresses and Photos to Strangers. Yeah, that Zoom app you're trusting with work chatter? It lives with 'vampires feeding on the blood of human data'
Updated As the global coronavirus pandemic pushes the popularity of videoconferencing app Zoom to new heights, one web veteran has sounded the alarm over its "creepily chummy" relationship with tracking-based advertisers. Doc Searls, co-author of the influential internet marketing book The Cluetrain Manifesto last century, today warned [cached] Zoom not only has the right to extract data from its users and their meetings, it can work with Google and other ad networks to turn this personal information into targeted ads that follow them across the web.
This personal info includes, and is not limited to, names, addresses and any other identifying data, job titles and employers, Facebook profiles, and device specifications. Zoom's end-to-end encryption isn't actually end-to-end at all. Good thing the PM isn't using it for Cabinet calls. Oh, for f... UK Prime Minister Boris Johnson sparked security concerns on Tuesday when he shared a screenshot of “the first ever digital Cabinet” on his Twitter feed.
LinkedIn. COVID-19 Hackers Exploit Chat Platform Zoom to Spread Malware. With the COVID-19 pandemic, organizations across the world restricted their employees to work from home as part of social distancing and to prevent the spread of the virus. On the flipside, opportunistic cybercriminals are taking advantage of the situation. Hackers have now set their sights on the global workforce working from home. Several industry experts stated that remote work increased the risks of cyberthreats like never before. We continue to see malware attacks, weaponized websites, and phishing attacks targeted to trick people into opening malicious links or attachments. With the majority of the employees working remotely, online communication platforms like Zoom saw a sudden increase in its popularity. Researchers see sharp rise in fake Zoom domains as hackers target remote workers.
The location data, which is being pooled from cell phones across the country, is analyzed and sent to federal, state, and local governments via the CDC. Mobile advertisers are actually reporting the data, rather than cell phone carriers themselves, the Wall Street Journal reports. The ostensible goal of this location-tracking is to assist officials in learning how the novel coronavirus is spreading across the country. But the project brings with it high risks and a low chance of reward. It’s a reactive measure rather than a proactive one; too little too late, given how far COVID-19 has already spread across the U.S. Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website! In discussing this vulnerability with both the Chromium and Mozilla Firefox security team they both said that they couldn’t do anything about this vulnerability. The Chromium team pointed me to CORS-RFC1918 which is a proposal that will require browser vendors to query users for permission before allowing sites to make requests against local resources like localhost and the 192.168.1.* address space.
Doc Searls Weblog · Zoom needs to clean up its privacy act. Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website! Apple has pushed a silent Mac update to remove hidden Zoom web server. Zoom Removes Its Facebook Data Sharing on iOS amid Possible GDPR Violations. Zoom Meetings Do Not Support End-to-End Encryption. New York Attorney General Looks Into Zoom’s Privacy Practices. Hey Zoom, don't send our data to Facebook without consent.
Naked man crashing school's video call is a privacy lesson for all. 'Zoombombers' disrupt online classes with racist, pornographic content. Beware of ‘ZoomBombing:’ screensharing filth to video calls. Zoom is watching you. Here’s what you can do about it - Decrypt. More doom from Zoom: "Upon downloading and opening the app, Zoom connects to Facebook's Graph API, according to Motherboard's analysis of the app's network activity. The Graph API is the main way developers get data in or out of Facebook."
Zoom iOS App Sends Data to Facebook Even if You Don’t Have a Facebook Account. More doom from Zoom: "Upon downloading and opening the app, Zoom connects to Facebook's Graph API, according to Motherboard's analysis of the app's network activity. The Graph API is the main way developers get data in or out of Facebook." Zoom Teleconferencing Service & Privacy.