Proprietary Stuff and Openwashing
-
Federal, State, and Local Law Enforcement Warn Against Teleconferencing [Cracking] During Coronavirus Pandemic
Western District of Michigan U.S. Attorney Andrew Birge advised video conference users: “Whether you run a business, a law enforcement meeting, a classroom or you just want to video chat with family, you need to be aware that your video conference may not be secure and information you share may be compromised. Be careful. If you do get [attacked], call us.”
-
Zoom CEO says company reached 200 million daily users in March
In order to address the company’s problems, Yuan detailed steps taken including removing Facebook’s software development kit to stop the collection of unnecessary user data, updating Zoom’s privacy policy to be more transparent, giving tips to users to prevent Zoom bombings and offering more specific programs for classes on Zoom.
-
Update: Zoom issues fix for UNC vulnerability that lets [attackers] steal Windows credentials via chat
All an attacker needs to do is to send a link to another user and convince them to click it, for the attack to commence. Though the Windows password is still encrypted, the hack claims it can be easily decrypted by third-party tools if the password is a weak one.
-
Thousands of Zoom recordings exposed because of the way Zoom names recordings
Thousands of Zoom cloud recordings have been exposed on the web because of the way Zoom names its recordings, according to a report by The Washington Post. The recordings are apparently named in “an identical way” and many have been posted onto unprotected Amazon Web Services (AWS) buckets, making it possible to find them through an online search.
One search engine that can look through cloud storage space turned up more than 15,000 Zoom recordings, according to The Washington Post. “Thousands” of clips have apparently also been uploaded to YouTube and Vimeo. The Washington Post said it was able to view recordings of therapy sessions, orientations, business meetings, elementary school classes, and more.
-
Move Fast & Roll Your Own Crypto
Zoom documentation claims that the app uses “AES-256” encryption for meetings where possible. However, we find that in each Zoom meeting, a single AES-128 key is used in ECB mode by all participants to encrypt and decrypt audio and video. The use of ECB mode is not recommended because patterns present in the plaintext are preserved during encryption.
The AES-128 keys, which we verified are sufficient to decrypt Zoom packets intercepted in Internet traffic, appear to be generated by Zoom servers, and in some cases, are delivered to participants in a Zoom meeting through servers in China, even when all meeting participants, and the Zoom subscriber’s company, are outside of China.
Zoom, a Silicon Valley-based company, appears to own three companies in China through which at least 700 employees are paid to develop Zoom’s software. This arrangement is ostensibly an effort at labor arbitrage: Zoom can avoid paying US wages while selling to US customers, thus increasing their profit margin. However, this arrangement may make Zoom responsive to pressure from Chinese authorities.
-
‘Zoombombing’ is a federal offense that could result in imprisonment, prosecutors warn
Federal prosecutors are now warning pranksters and [attackers] of the potential legal implications of “Zoombombing,” wherein someone successfully invades a public or sometimes even private meeting over the videoconferencing platform to broadcast shock videos, pornography, or other disruptive content.
The warning was posted as a press released to the Department of Justice’s website under the US Attorney’s office for the state’s Eastern district with support from the state attorney general and the FBI.
-
[Attackers] are targeting your kids to infect Android and Chromebook devices with malware
Hide your kids; hide your wives. Security investigators from Check Point Research discovered 56 malware-infected Google Play apps. Before Google had a chance to pull them down, users already downloaded the apps one million times; 24 of those apps, Check Point Research discovered, targeted children.
The study -- spearheaded by Israel Wernik, Danil Golubenko , Aviran Hazum -- found that the Google Play Store-based apps were poisoned with Tekya, which is a form of adware. The goal of Tekya, Hazum told Laptop Mag, is to commit mobile-ad fraud.
-
Apparently Microsoft’s Claim of 775 Percent Surge in Cloud Services Wasn’t Really Accurate
The company has now made a correction, saying that the 775 percent increase was experienced by Microsoft Teams, not all of the cloud offerings, which isn't as surprising since the video calling app generated over 900 million meeting and calling minutes daily in a one-week period alone.
As it turns out the figure also only came from Microsoft Teams' users in Italy, where millions of people were put under lockdown. The corrected statement now reads: [...]
-
Zoom isn’t actually end-to-end encrypted
Zoom does use TLS encryption, the same standard that web browsers use to secure HTTPS websites. In practice, that means that data is encrypted between you and Zoom’s servers, similar to Gmail or Facebook content. But the term end-to-end encryption typically refers to protecting content between the users entirely with no company access at all, similar to Signal or WhatsApp. Zoom does not offer that level of encryption, making the use of “end-to-end” highly misleading.
-
Zoom Calls Are Not End-to-End Encrypted Contrary to Claims
What this means it that Zoom can access the video feed of your meetings. The company did confirm that it does not “directly access, mine, or sell user data.”
Zoom offers an option where a meeting can only be hosted with mandatory encryption for third-party endpoints. However, when contacted, the company clarified that it is currently not possible to hold E2E video meetings using Zoom.
-
Zoom’s sudden spike in popularity is revealing its privacy (and porn) problems
With its vaguely worded privacy policies and misleading marketing materials, Zoom’s real overarching issue seems to be a lack of transparency. Combine that with an apparent lack of forethought about how video meetings with insufficient privacy protections — both on the back and the front end — could be exploited by [attackers] or trolls. This entire scenario becomes especially problematic considering the growing number of students that Zoom eagerly recruits for the platform. It all seems like a bad publicity time bomb that went off as soon as Zoom became an essential piece of pandemic software and people started really looking more closely at how the service worked.
-
Dark Sky Has a New Home
Android and Wear OS App
The app will no longer be available for download. Service to existing users and subscribers will continue until July 1, 2020, at which point the app will be shut down. Subscribers who are still active at that time will receive a refund.
Website
Weather forecasts, maps, and embeds will continue until July 1, 2020. The website will remain active beyond that time in support of API and iOS App customers.
-
Microsoft’s Skype struggles have created a Zoom moment
The transition lasted years, and resulted in calls, messages, and notifications repeating on multiple devices. Skype became unreliable, at a time when rivals were continuing to offer solid alternatives that incorporated messaging functionality that actually worked and synced across devices. Instead of quickly fixing the underlying issues, Microsoft spent years trying to redesign Skype. This led to a lethal combination of an unreliable product with a user experience that changed on a monthly basis.
-
‘War Dialing’ Tool Exposes Zoom’s Password Problems
Lo said a single instance of zWarDial can find approximately 100 meetings per hour, but that multiple instances of the tool running in parallel could probably discover most of the open Zoom meetings on any given day. Each instance, he said, has a success rate of approximately 14 percent, meaning for each random meeting number it tries, the program has a 14 percent chance of finding an open meeting.
Only meetings that are protected by a password are undetectable by zWarDial, Lo said.
-
Open Source Moves From Rebel to Mainstream
That shift has its critics. “The degree in which corporations knowingly and openly use open source has grown,” says Karl Fogel, a developer and open-source advocate. Still, some open-source developers feel that although these businesses build a lot of value on top of their work, they’re not seeing “enough of it flowing back to them,” Fogel says.
But the narrative of a noncommercial open source being colonized by the corporate world also has its flaws, cautions Fogel. Open source has always been commercial to a certain degree. Even in the more radical currents of the movement, where the term “free software” is preferred over open source, making money isn’t necessarily shunned. Richard Stallman, one of the movement’s pioneers, famously said that the “free” in “free software” should be taken as “free speech, not free beer.” All the talk about freedom and digital self-ownership doesn’t preclude making money.
-
HPE announces new open source programme to simplify 5G rollout
Hewlett Packard Enterprise (HPE) today announced the Open Distributed Infrastructure Management initiative, a new open source programme that will simplify the management of large-scale geographically distributed physical infrastructure deployments. In addition, HPE will introduce an enterprise offering, the HPE Open Distributed Infrastructure Management Resource Aggregator that is aligned with the initiative.
Open Distributed Infrastructure Management helps resolve the complexity that telcos face in rolling out 5G networks across thousands of sites equipped with IT infrastructure from multiple vendors and different generations of technology. This new initiative underlines HPE’s continued leadership in open 5G technologies and commitment to accelerating industry alignment through open source innovation.
- Login or register to post comments
- Printer-friendly version
- 2210 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago