-
Two very different takes on the recent @zoom_us vulnerabilities. @bcrypt/1245472251895361536 @MalwareTechBlog/1245477938293694466 I align with @malwaretechblog on this issue. While Zoom indeed has some issues, I think calling it a dumpster fire is unnecessary.Permalink
“From reading the news and Twitter I just assumed someone found a Zoom RCE. Turns out, no. Bug 1: clickable links are in fact clickable Bug 2 & 3: if an attacker already has access to your machine, they can do bad things.”
3:27 PM - 1 Apr 2020
View on Twitter
Mood -2 🙁
-
And I disagree strongly with the headline of @patrickwardle 's post. Although it's a fun title, I do not think the recent issues in Zoom is at all comparable with the real dumpster fire of IoT security in general. objective-see.com/blog/blog_0x56.htmlPermalink
Mood 0
-
And while I think issues should be published, I am not sure if full disclosure at this time is the best way. I guess @drfarley and Zoom Security team has enough to do already, and lower severity issues with a lot of media attention might force them to focus on the wrong thingsPermalink
Mood +1 🙂
-
IT Security is not binary, it's about balancing risks. And on the balance of things, having selected Zoom as our go-to telco tool at work I have no plans to change that. So far, the usability of Zoom outweighs the security issues and I don't think other solutions are much betterPermalink
Mood 0
-
When balancing security vs usability, I am always reminded of this.
Mood 0
-
Here is a well written piece on the topic of Zoom @hackingdave/1245536000819986432?s=21 @HackingDave/1245536000819986432Permalink
Mood 0