Reply to RIP zoom?

Forum Index » Montgomery County Public Schools (MCPS)

Reply to "RIP zoom?"

Subject:

Emoticons





More smilies

Text Color: Font: Close Marks

[quote=Anonymous][quote]
FWIW, the following is a summary of an investigative report released by Citizen’s Lab on Friday,  Citizen's Lab being a well-respected cybersecurity institution (part of the University of Toronto). They are well known in the field as objective researchers looking into exploitable weaknesses that pose a risk to a sector, or holistically (https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/):

1. Zoom misrepresents the encryption it uses, calling it “end-to-end” encryption. In April 2020 Zoom released a blog post clarifying that their encryption is between an individual’s device and the Zoom server, NOT the entire communication. IOW, not "end-to-end" encryption as industry uses the term

2. Zoom uses custom encryption which does a poor job of masking everything (in the report, you can still make out the outlines of an encrypted picture encrypted using Zoom's algorithm), and is predictable. And Zoom's keys are weak; AES-128 vice traditional AES-256

3. In making Zoom idiot-proof (called "low friction") Zoom created a number of vulnerabilities, some of which have been discussed in the press the past few days

4. Even with all parties to a call in the US, encryption keys come from China, creating the risk that Chinese govt can force Zoom to share keys and gain access

5. Nation states are now well aware of Zoom’s vulnerabilities and likely targeting users

6. Zoom provides 0 transparency about what it shares when served with legal process

7. Zoom's Waiting Room has a vulnerability (not publicly disclosed b/c they want Zoom to fix before ppl take advantage)[/quote][/quote]

Options

	Disable HTML in this message
	Disable BB Code in this message
	Disable smilies in this message

Review message

Search Recent Topics Hottest Topics