[Coco] Virtual CoCoFEST! On CoCoTALK! Saturday April 18th @ 2:00 PM EDT
M. David Johnson
mdj at bds-soft.com
Thu Apr 16 01:14:08 EDT 2020
Thank you, Everybody -
Mine is not just a concern about security. In fact, much of what I’ve heard over the past few days does give me greater confidence in Zoom’s current level of security.
But, basically, I believe that we and the rest of the world are engaged in an undeclared economic (and perhaps biological) war with China. The fact that Zoom is currently under investigation by the FBI goes a long way towards confirming me in that belief.
China lied. Thousands died.
China initiated the war by purposely lying and trying to convince us all that there was no danger. 133,000+ have died worldwide (27,000+ in the USA). Every one of those deaths can be laid squarely at Xi Jinping’s feet.
So I would thus hold that using Zoom is giving aid and comfort to the enemy. Zoom may no longer be routing sessions through China without the users’ knowledge or permission, but they have clearly done so in the recent past (and I suspect they only quit because they were caught at it).
I’ve used both Google’s free conference app and the Bluejeans conference program without any problems, so I’m not against conference apps in general; just Zoom.
--
M. David Johnson
mdj at bds-soft.com
-----Original Message-----
From: Coco [mailto:coco-bounces at maltedmedia.com] On Behalf Of RETRO Innovations
Sent: Wednesday, April 15, 2020 6:30 PM
To: coco at maltedmedia.com
Subject: Re: [Coco] Virtual CoCoFEST! On CoCoTALK! Saturday April 18th @ 2:00 PM EDT
On 4/15/2020 5:46 PM, neil at neilscomputerservice.com wrote:
> I don't blame you for not wanting to use the Zoom service. News like
> this article is scary stuff. I'd recommend anyone who has ever used
> Zoom or is thinking of using Zoom in the near future to make sure their
> password is changed and *not* the same on other web services.
> -Neil
> CoCo Crew Podcast
> www.cococrew.org
> https://www.nbcnews.com/tech/security/passwords-email-addresses-thousan
> ds-zoom-accounts-are-sale-dark-web-n1183796
This is getting off topic a bit, and I'm not helping here, but:
As the article explains, this is not necessarily a Zoom account
compromise, but a technique called "credential stuffing", where hackers
get lists of credentials that have been compromised from other sources,
and replay those into systems like Zoom to see if the people used the
same credentials on multiple sites. So, this article could easily be
written about any service you use that does not require (or you have not
enabled) 2 factor authentication (userid+password+the second factor
item). Teams, GotoMeeting, BlueJeans, Jabber, Skype, etc. are all just
as susceptible to "credential stuffing", unless the provider has forced
2FA or you have enabled it (which most people don't do, because it takes
more setup time and periodically slows down the login process). And,
beyond services like this, any service can be the target of this attack
(DropBox, Box, Wordpress.com, etc.)
Neil's guidance, generalized, is spot on though. Don't re-use
credentials across services on the Internet and seriously consider
enabling 2FA if available.
I understand the general concerns and so don't want to under-represent
them, but folks should remember this is a "conference call" that will be
publicly simulcast on Youtube and Facebook and immediately released for
online replay as they asses the risk involved. Philosophical issues
with the company's operation, dealing with other countries, etc., are of
course, a different matter.
Above all, it's a shame the Internet is so much less innocent than in
1985-1993 (NSFNet Era), where we all shared our email addresses with as
many people as we could, had digital "pen pals" available almost every
minute of the day, read about the machines we loved in the USENET
comp.sys.* heirarchy of newsgroups, played on multiplayer underground
dungeons (MUDs), and chose passwords primarily as an afterthought.
Jim
--
Coco mailing list
Coco at maltedmedia.com
https://pairlist5.pair.net/mailman/listinfo/coco
More information about the Coco
mailing list