[Coco] Virtual CoCoFEST! On CoCoTALK! Saturday April 18th @ 2:00 PM EDT

M. David Johnson mdj at bds-soft.com
Thu Apr 16 01:14:08 EDT 2020


Thank you, Everybody -

Mine is not just a concern about security. In fact, much of what I’ve heard over the past few days does give me greater confidence in Zoom’s current level of security.

But, basically, I believe that we and the rest of the world are engaged in an undeclared economic (and perhaps biological) war with China. The fact that Zoom is currently under investigation by the FBI goes a long way towards confirming me in that belief. 

China lied. Thousands died.

China initiated the war by purposely lying and trying to convince us all that there was no danger. 133,000+ have died worldwide (27,000+ in the USA). Every one of those deaths can be laid squarely at Xi Jinping’s feet.

So I would thus hold that using Zoom is giving aid and comfort to the enemy. Zoom may no longer be routing sessions through China without the users’ knowledge or permission, but they have clearly done so in the recent past (and I suspect they only quit because they were caught at it).

I’ve used both Google’s free conference app and the Bluejeans conference program without any problems, so I’m not against conference apps in general; just Zoom.

--
M. David Johnson
mdj at bds-soft.com

-----Original Message-----
From: Coco [mailto:coco-bounces at maltedmedia.com] On Behalf Of RETRO Innovations
Sent: Wednesday, April 15, 2020 6:30 PM
To: coco at maltedmedia.com
Subject: Re: [Coco] Virtual CoCoFEST! On CoCoTALK! Saturday April 18th @ 2:00 PM EDT

On 4/15/2020 5:46 PM, neil at neilscomputerservice.com wrote:
>     I don't blame you for not wanting to use the Zoom service. News like
>     this article is scary stuff. I'd recommend anyone who has ever used
>     Zoom or is thinking of using Zoom in the near future to make sure their
>     password is changed and *not* the same on other web services.
>     -Neil
>     CoCo Crew Podcast
>     www.cococrew.org
>     https://www.nbcnews.com/tech/security/passwords-email-addresses-thousan
>     ds-zoom-accounts-are-sale-dark-web-n1183796

This is getting off topic a bit, and I'm not helping here, but:

As the article explains, this is not necessarily a Zoom account 
compromise, but a technique called "credential stuffing", where hackers 
get lists of credentials that have been compromised from other sources, 
and replay those into systems like Zoom to see if the people used the 
same credentials on multiple sites.  So, this article could easily be 
written about any service you use that does not require (or you have not 
enabled) 2 factor authentication (userid+password+the second factor 
item).  Teams, GotoMeeting, BlueJeans, Jabber, Skype, etc. are all just 
as susceptible to "credential stuffing", unless the provider has forced 
2FA or you have enabled it (which most people don't do, because it takes 
more setup time and periodically slows down the login process).  And, 
beyond services like this, any service can be the target of this attack 
(DropBox, Box, Wordpress.com, etc.)

Neil's guidance, generalized, is spot on though.  Don't re-use 
credentials across services on the Internet and seriously consider 
enabling 2FA if available.

I understand the general concerns and so don't want to under-represent 
them, but folks should remember this is a "conference call" that will be 
publicly simulcast on Youtube and Facebook and immediately released for 
online replay as they asses the risk involved.  Philosophical issues 
with the company's operation, dealing with other countries, etc., are of 
course, a different matter.

Above all, it's a shame the Internet is so much less innocent than in 
1985-1993 (NSFNet Era), where we all shared our email addresses with as 
many people as we could, had digital "pen pals" available almost every 
minute of the day, read about the machines we loved in the USENET 
comp.sys.* heirarchy of newsgroups, played on multiplayer underground 
dungeons (MUDs), and chose passwords primarily as an afterthought.

Jim




-- 
Coco mailing list
Coco at maltedmedia.com
https://pairlist5.pair.net/mailman/listinfo/coco



More information about the Coco mailing list