https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf
Web Browser Privacy: What Do Browsers Say When They Phone Home?
Web Browser Privacy: What Do Browsers Say When They Phone Home?
"People in quarantine have a choice: either receive unexpected visits from the police, or download this app,"
I didn't have a problem with the warrant for Apple to unlock the phone in the San Bernadino case and I never understood some of the claims being made. Assuming that Apple had the physical capacity to unlock the phone (which raises some of it's own concerns), the warrant was for a specific device that belonged to the specific suspect. Apple made a big deal about being required to give the ability to unlock any (suitably similar) phone the government. That's something I would certainly oppose. But I would not oppose Apple being required to use its capabilities to unlock THAT phone and provide THAT unlocked phone (or its equivalent virtual image) to the government pursuant to the warrant.
How long before someone writes another app to let someone take a whole slew of selfies and then monitor the tracking app for a request, modify the meta data in one of the selfies, and upload it at a random time within the twenty minute window.
Read the article. Poor fella. I hope he wins it too.I sure hope he wins that suit.
This report examines the encryption that protects meetings in the popular Zoom teleconference app. We find that Zoom has “rolled their own” encryption scheme, which has significant weaknesses. In addition, we identify potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys through China.
As a result of these troubling security issues, we discourage the use of Zoom at this time for use cases that require strong privacy and confidentiality, including:
- Governments worried about espionage
- Businesses concerned about cybercrime and industrial espionage
- Healthcare providers handling sensitive patient information
- Activists, lawyers, and journalists working on sensitive topics
It never ceases to amaze me how pervasive the roll-your-own-crypto is out there -- and it is almost always bad crypto as a result. It's not like good crypto is expensive or hard to get.
With Zoom IMO these errors are likely intentional because they are so obvious as vectors to intercept data.It never ceases to amaze me how pervasive the roll-your-own-crypto is out there -- and it is almost always bad crypto as a result. It's not like good crypto is expensive or hard to get.
I think I'd need to see some decent evidence before coming to that conclusion -- there's is SO much bad roll-your-own crypto out there that it's more likely the case of don't ascribe to malice that which is perfectly well explained by incompetence. Which is not to say that malicious intent can't masquerade as incompetence to stay below the horizon.With Zoom IMO these errors are likely intentional because they are so obvious as vectors to intercept data.
AES-128 is not a bad choice or roll-your-own crypto. It has encryption bleed when used in Electronic Code Book mode.I think I'd need to see some decent evidence before coming to that conclusion -- there's is SO much bad roll-your-own crypto out there that it's more likely the case of don't ascribe to malice that which is perfectly well explained by incompetence. Which is not to say that malicious intent can't masquerade as incompetence to stay below the horizon.
China’s “New IP” proposal to replace TCP/IP has a built in “shut up command” for censorship
Maybe it's true about incompetence vs malfeasance in this case. The chain of flaws is so obvious and complete that only the superior method of stupidity could account for it.I'm sure Zoom will have those security flaws fixed pretty soon, and then they'll make a grand announcement about it and try to encourage people to use it again. But now most corporations have lost their trust in it and are using different platforms instead. I doubt that trust will ever be gained back.
It's a shame when a company loses a unique opportunity to expand a dominate the market due to incompetent unpreparedness.
I hope they go down in flames. It's not even anything against Zoom, per se. But rolling your own crypto package is such a well known bad thing that is so routinely ignored, perhaps it will take a company going down in flames because of doing so for others to finally start getting the hint.I'm sure Zoom will have those security flaws fixed pretty soon, and then they'll make a grand announcement about it and try to encourage people to use it again. But now most corporations have lost their trust in it and are using different platforms instead. I doubt that trust will ever be gained back.
It's a shame when a company loses a unique opportunity to expand a dominate the market due to incompetent unpreparedness.
Around here the schools all jumped on Zoom. Teachers are generally smart but maybe not on computer security. I guess that CEO guy was so busy watching the money that, well you know.Zoom security has been also banned by several education systems.
It's hard to say -- in general most of these start-ups (and even more established companies) simply don't know how difficult it is to do crypto properly. They also don't know that security-through-obscurity is a bad thing. Many honestly believe that rolling their own crypto and keeping everything proprietary has to be better because, after all, if the bad guys don't know how you're doing the crypto it must be more secure. So until I see something pointing in another direction, I'm willing to grant them the benefit of the doubt. But it still falls into the category of not doing due diligence when planning your project, so I'm not going to shed any tears over their troubles, either.Around here the schools all jumped on Zoom. Teachers are generally smart but maybe not on computer security. I guess that CEO guy was so busy watching the money that, well you know.
Thread starter | Similar threads | Forum | Replies | Date |
---|---|---|---|---|
B | Kindle privacy issue. | Off-Topic | 16 | |
Indeed and California's latest privacy law | Jobs & Career Advising | 0 | ||
S | Is this a wi-fi system? | General Electronics Chat | 5 | |
Internet Privacy Repeal, For or Against? | Off-Topic | 35 | ||
Questions about Privacy settings | Feedback and Suggestions | 2 |