Response to Video-On Concern - Zoom Blog


10 bookmarks. First posted by andydavies 8 days ago.


Setting aside the rank stupidity of the implementation, this is pretty much a textbook case of how not to respond to a security disclosure by a researcher.
Pitch-perfect: bungled response ("security guy is out, we'll let him know"), adversarial response to researcher, dissembling explanations (borderline ludicrous, frankly), bungled release, releasing a regression, tone-deaf and defensive public messaging, and advertising their commitment to hiding their security issues.
All of which is evidence that they didn't really have a response plan.

Fortunately they managed to avoid: threatening/initiating a lawsuit, typically a c/d, against the investigator and condemning the infosec community in general.
zoom  bad.security  privacy  infosec  security  bad.management 
6 days ago by po
Response to Video-On Concern - Zoom Blog A good example of a PR department writing on a technical topic.
from twitter
8 days ago by jtyost2
Yikes. Responding to a massive privacy vulnerability by downplaying its applicability (even though there's a demonstration link that anyone can click) and concluding that it's by-design that someone else can turn on your webcam and see your video feed without your interaction. And the key mitigation is... there's a checkbox somewhere that you can click with an explanation that no user will understand?
security  privacy  webcam  denialism  pr 
8 days ago by npdoty
Now why would Safari add that useless extra click? 🙃
from twitter_favs
8 days ago by hyperfekt
Now why would Safari add that useless extra click? 🙃
from twitter_favs
8 days ago by NeoNacho
. This is a workaround to a change introduced in Safari 12 that requires a user to confirm that they want to start the Zoom client prior to joining every meeting. The local web server enables users to avoid this extra click before joining every meeting. We feel that this is a legitimate solution to a poor user experience problem, enabling our users to have faster, one-click-to-join meetings. We are not alone among video conferencing providers in implementing this solution.
security 
8 days ago by bill.kirtley
Now why would Safari add that useless extra click? 🙃
from twitter_favs
8 days ago by andydavies