Tone Montone via plug on 3 Apr 2020 05:27:08 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Virtual Plug? 

To All,

I really enjoyed the virtual plug meeting this week. I stayed quite and was stalking, but I really needed a fix and I found it interesting and rewarding.  

Thank you for putting it together!

Sent from my iPhone

> On Apr 3, 2020, at 8:20 AM, Rich Kulawiec via plug <plug@lists.phillylinux.org> wrote:
> 
> 
> [ Yeah, I'm following up my own message.  I know.  I'm including
> some more links and some commentary below. ---rsk ]
> 
> Turns out there's more:
> 
>    FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic
>    https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic
> 
>    "Zoom-Bombing" Hijacks Online Class Meetings In Massachusetts, FBI Warns -CBS Boston
>    https://boston.cbslocal.com/2020/03/30/zoom-zoombombing-hack-security-tips/
> 
>    Coronavirus: Add "Zoom-bombing" to the stresses overwhelming schools - Los Angeles Times
>    https://www.latimes.com/california/story/2020-03-25/zoombombing-usc-classes-interrupted-racist-remarks
> 
>    "Zoombombers" disrupt online classes with racist, pornographic content
>    https://www.insidehighered.com/news/2020/03/26/zoombombers-disrupt-online-classes-racist-pornographic-content
> 
>    Zoom Bug Gives Hackers Full Control Over Computers | Inc.com
>    https://www.inc.com/don-reisinger/zoom-bug-gives-hackers-full-control-over-computers.html
> 
>    Ex-NSA hacker drops new zero-day doom for Zoom -- TechCrunch
>    https://techcrunch.com/2020/04/01/zoom-doom/
> 
>    Maybe we shouldn't use Zoom after all -- TechCrunch
>    https://techcrunch.com/2020/03/31/zoom-at-your-own-risk/
> 
>    Zoom Contacts Feature Leaks Email Addresses, Photos
>    https://www.databreachtoday.com/zoom-contacts-feature-leaks-email-addresses-photos-a-14039
> 
>    The internet is now rife with places where you can organize Zoom-bombing raids | ZDNet
>    https://www.zdnet.com/article/the-internet-is-now-rife-with-places-where-you-can-organize-zoom-bombing-raids/
> 
>    Students Conspire in Chats to "Zoom-Bomb" Online Classes, Harass Teachers | PCMag
>    https://www.pcmag.com/news/students-conspire-in-chats-to-zoom-bomb-online-classes-harass-teachers
> 
> Two comments:
> 
> 
> 1. Am I telling you not to use it?  No.  *I* certainly won't use it under
> any circumstances whatsoever, now or in the future, because Zoom has
> put sufficient proof on the table to convince me that they're completely
> untrustworthy and always will be. [1]
> 
> It seems pretty obvious that they invested far more effort in monetizing
> users' security and privacy than they did actually making a product.
> That isn't an accident.  It's a deliberate strategy.  And it's unfixable.
> 
> 2.  At this very moment there are a lot of LUGs (and similar
> volunteer/dues-free organizations) trying to find a workable solution
> to roughly the same problem...and given that a lot of people involved
> in those have some extra time on their hands...this seems like a very
> opportune moment for someone (or a group of someones) to either work on
> an existing project that shows promise or start a new one.
> 
> And not just for LUGs: the world could use a decent solution in this
> space that isn't controlled by the kind of filth who run and staff Zoom.
> So right here, right now, is an opportunity for the entire open source
> world to step up and put Zoom out of business.  Win-win.
> 
> I'm busy with other projects and I don't particularly care about video
> conferencing so I'm not volunteering.  (Other than their security/privacy
> impacts, which is why I'm paying attention to this.)  I'm just observing
> discussions on multiple LUG mailing lists and noting that a lot of other
> people *do* care about video conferencing and are trying to figure out what
> to do.
> 
> ---rsk
> 
> [1] It will happen this way: they will send out their spokesliars to make
> the right noises.  They'll claim that these things are "accidents" and
> not deliberately designed and built. They'll promise to do better.
> They'll drag the lawsuit out as long as possible and then go for
> a settlement -- terms sealed, of course, and admitting no wrongdoing.
> Meanwhile, they won't remove anything: they'll just bury it deeper.
> Maybe they'll threaten a security researcher or two, that's often
> part of the playbook.  They'll offer services to struggling, desperate
> organizations who don't have the awareness to say "no" and thus will
> get themselves embedded in a lot of places.  And they'll sell, sell,
> sell any and all data.  What they don't sell above board, they'll
> sell under the table.  And what they don't sell under the table
> will be sold by enterprising, freelancing employees.  And what nobody's
> selling will simply be taken from them because, after all, why should
> they invest in security?  It's not *their* data.
> 
> Bonus points if you know who I was quoting with "It will happen this way."
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug