[LINK] Just as everyone's hopping onto Zoom ...

Paul Brooks pbrooks-link at layer10.com.au
Thu Apr 2 15:51:16 AEDT 2020 

On 2/04/2020 3:12 pm, Marghanita da Cruz wrote:
> Just informed Inner West Council will be holding an extraordinary Council meeting
> next Tuesday via Zoom!
>
> Electronic meetings have been allowed due to COVID-19 (but webcasting is a
> requirement)
> https://www.olg.nsw.gov.au/programs-and-initiatives/olg-assists-councils-to-manage-covid-19/
>
> Any advice?
>
> Marghanita (Greens Councillor Inner West Council)

Advice: Advise everyone not to click on links appearing in the chat list.

More detail:

The videoconferencing part is OK.

As I read it, the vulnerability occurs if a malicious attacker sends a carefully
crafted clickable link onto the chat pane (so you would have to  have an unknown,
unidentified or masquerading attacker inside the zoom call).  If someone then clicks
on that link (to go to the website or open the document) then bad stuff happens.

For small closed-group Zoom conferences (say less than 15 - 20 people, where you can
identify all the participants as legit) its unlikely to be a problem.

For large webinar-style presentations, where the event is widely advertised and open
to many random Joe-and-Josephine-Publics, who then jump on the chat pane to say hi, it
could be a significant problem until they release an update.

if your Council meeting is open to the public, and you cannot vouch for everyone, then
disable the chat function, or do not click on any clickable link appearing in the chat
pane.

Paul.


>
>
> On 1/4/20 4:14 pm, Ambrose Andrews wrote:
>> And some dubious claims by zoom PR...
>>
>> https://theintercept.com/2020/03/31/zoom-meeting-encryption/
>>
>> """
>> Zoom, the video conferencing service whose use has spiked amid the
>> Covid-19 pandemic, claims to implement end-to-end encryption, widely
>> understood as the most private form of internet communication,
>> protecting conversations from all outside parties. In fact, Zoom is
>> using its own definition of the term, one that lets Zoom itself access
>> unencrypted video and audio from meetings.
>> """
>>
>> As I type, I am dutifully installing zoom to participate in remote
>> tutorials for COMP3310 Computer Networks at ANU.  Good case study.
>>
>>    -AA.
>>
>> On 1/4/20 3:27 pm, Roger Clarke wrote:
>>> Zoom for Windows leaks network credentials, runs code remotely
>>> Careful clicking on links starting with \\ in Zoom.
>>> Juha Saarinen
>>> itNews
>>> Apr 1 2020
>>> https://www.itnews.com.au/news/zoom-for-windows-leaks-network-credentials-runs-code-remotely-545883
>>>
>>>
>>>
>> _______________________________________________
>> Link mailing list
>> Link at mailman.anu.edu.au
>> http://mailman.anu.edu.au/mailman/listinfo/link
>

More information about the Link mailing list