Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday March 28 2020, @04:38AM   Printer-friendly
from the prick dept.

School quits video calls after naked man 'guessed' the meeting link – TechCrunch:

A school in Norway has stopped using popular video conferencing service Whereby after a naked man apparently "guessed" the link to a video lesson.

According to Norwegian state broadcaster NRK, the man exposed himself in front of several young children over the video call. The theory, according to the report, is that the man guessed the meeting ID and joined the video call.

One expert quoted in the story said some are "looking" for links.

Last year security researchers told TechCrunch that malicious users could access and listen in to Zoom and Webex video meetings by cycling through different permutations of meeting IDs in bulk. The researchers said the flaw worked because many meetings were not protected by a passcode.


Original Submission

Related Stories

Elon Musk's SpaceX Bans Zoom over Privacy Concerns 14 comments

Elon Musk's SpaceX bans Zoom over privacy concerns-memo

[...] In an email dated March 28, SpaceX told employees that all access to Zoom had been disabled with immediate effect.

"We understand that many of us were using this tool for conferences and meeting support," SpaceX said in the message. "Please use email, text or phone as alternate means of communication."

[...] NASA, one of SpaceX's biggest customers, also prohibits its employees from using Zoom, said Stephanie Schierholz, a spokeswoman for the U.S. space agency.

The Federal Bureau of Investigation's Boston office on Monday issued a warning about Zoom, telling users not to make meetings on the site public or share links widely after it received two reports of unidentified individuals invading school sessions, a phenomenon known as "zoombombing."

Also consider that one way to claim to have "end to end encryption" is to simply re-define the term. Zoom Meetings Aren't End-to-End Encrypted, Despite Misleading Marketing:

Zoom, the video conferencing service whose use has spiked amid the Covid-19 pandemic, claims to implement end-to-end encryption, widely understood as the most private form of internet communication, protecting conversations from all outside parties. In fact, Zoom is using its own definition of the term, one that lets Zoom itself access unencrypted video and audio from meetings.

With millions of people around the world working from home in order to slow the spread of the coronavirus, business is booming for Zoom, bringing more attention on the company and its privacy practices, including a policy, later updated, that seemed to give the company permission to mine messages and files shared during meetings for the purpose of ad targeting.

Security and Privacy Implications of Zoom 28 comments

Security and Privacy Implications of Zoom - Schneier on Security:

Over the past few weeks, Zoom's use has exploded since it became the video conferencing platform of choice in today's COVID-19 world. (My own university, Harvard, uses it for all of its classes. Boris Johnson had a cabinet meeting over Zoom.) Over that same period, the company has been exposed for having both lousy privacy and lousy security. My goal here is to summarize all of the problems and talk about solutions and workarounds.

In general, Zoom's problems fall into three broad buckets: (1) bad privacy practices, (2) bad security practices, and (3) bad user configurations.

Privacy first: Zoom spies on its users for personal profit. It seems to have cleaned this up somewhat since everyone started paying attention, but it still does it.

Now security: Zoom's security is at best sloppy, and malicious at worst. Motherboard reported that Zoom's iPhone app was sending user data to Facebook, even if the user didn't have a Facebook account. Zoom removed the feature, but its response should worry you about its sloppy coding practices in general:

"We originally implemented the 'Login with Facebook' feature using the Facebook SDK in order to provide our users with another convenient way to access our platform. However, we were recently made aware that the Facebook SDK was collecting unnecessary device data," Zoom told Motherboard in a statement on Friday.

Finally, bad user configuration. Zoom has a lot of options. The defaults aren't great, and if you don't configure your meetings right you're leaving yourself open to all sort of mischief.

Zoom Admits Data Got Routed Through China 13 comments

Zoom admits data got routed through China - Business Insider:

In a statement late Friday, Zoom CEO Eric Yuan admitted to mistakenly routing calls via China.

"In our urgency to come to the aid of people around the world during this unprecedented pandemic, we added server capacity and deployed it quickly — starting in China, where the outbreak began," Yuan said. "In that process, we failed to fully implement our usual geo-fencing best practices. As a result, it is possible certain meetings were allowed to connect to systems in China, where they should not have been able to connect."

He did not say how many users were affected.

During spells of heavy traffic, the video-conferencing service shifts traffic to the nearest data center with the largest available capacity – but Zoom's data centers in China aren't supposed to be used to reroute non-Chinese users' calls.

This is largely due to privacy concerns: China does not enforce strict data privacy laws and could conceivably demand that Zoom decrypt the contents of encrypted calls.

Separately, researchers at the University of Toronto also found  Zoom's encryption used keys issued via servers in China, even when call participants were outside of China.

[...] Zoom has faced multiple high-profile security issues in recent weeks as it struggles to cope with an unprecedented surge in traffic and new users.

Zoom did not immediately respond to Business Insider's request for comment and clarification.

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 5, Funny) by aristarchus on Saturday March 28 2020, @05:31AM (1 child)

    by aristarchus (2645) on Saturday March 28 2020, @05:31AM (#976567) Journal

    Just stop, Runaway!

    • (Score: -1, Redundant) by Anonymous Coward on Saturday March 28 2020, @06:57PM

      by Anonymous Coward on Saturday March 28 2020, @06:57PM (#976712)

      やめてください、暴走!

  • (Score: 5, Funny) by driverless on Saturday March 28 2020, @07:06AM

    by driverless (4770) on Saturday March 28 2020, @07:06AM (#976577)

    my Zoom video ID is ....

  • (Score: 4, Funny) by Subsentient on Saturday March 28 2020, @09:46AM (2 children)

    by Subsentient (1111) on Saturday March 28 2020, @09:46AM (#976593) Homepage Journal

    I laughed really loudly upon reading TFS, probably bothered the neighbors. This shouldn't be so funny to me, but I'm just picturing a dirty, morbidly obese sack of shit whacking his gack, reclined in a chair, while children scream in a cacophony on the voice chat.

    --
    "It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
    • (Score: 0) by Anonymous Coward on Sunday March 29 2020, @12:26AM

      by Anonymous Coward on Sunday March 29 2020, @12:26AM (#976780)

      Fake Nudes.

    • (Score: 2) by Grishnakh on Sunday March 29 2020, @05:21AM

      by Grishnakh (2831) on Sunday March 29 2020, @05:21AM (#976854)

      This happened in Norway. The kids probably were disgusted (mostly because the man was probably ugly), but Europe isn't like America where people completely freak out when they see someone's genitals.

  • (Score: 0) by Anonymous Coward on Saturday March 28 2020, @10:18AM (1 child)

    by Anonymous Coward on Saturday March 28 2020, @10:18AM (#976595)

    or send a copy of his dick to the police

    • (Score: 0) by Anonymous Coward on Saturday March 28 2020, @05:01PM

      by Anonymous Coward on Saturday March 28 2020, @05:01PM (#976673)

      Dick Tracy will find him!

  • (Score: 1) by anubi on Saturday March 28 2020, @11:27AM

    by anubi (2828) on Saturday March 28 2020, @11:27AM (#976601) Journal

    If so, was it graded?

    Anyway, to me the funniest story I've seen in a long time. I'll betcha that incident will be remembered by the children for the rest of their lives... And the guy probably had nothing significant to offer.

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
  • (Score: 0) by Anonymous Coward on Saturday March 28 2020, @06:39PM

    by Anonymous Coward on Saturday March 28 2020, @06:39PM (#976700)

    these schools/teachers are negligent fucks. if you have minors in your charge you are supposed to provide some basic protection. using meeting software that has complete shit for access control is gross negligence. and they are the teachers of another generation?

  • (Score: -1, Troll) by Anonymous Coward on Saturday March 28 2020, @10:50PM (1 child)

    by Anonymous Coward on Saturday March 28 2020, @10:50PM (#976763)

    the pervert had been a drag queen, then it would have been officially Heroic & Brave (TM) instead of a felony sex crime.

(1)