Re: [PLUG] Zoom bombing

It's not a hash, it's an arbitrary 8, 9, or 10 digit number. They're not sequential, but they're not very well randomized either, and it's very easy to scan a large number of meeting IDs with an EC2/Azure instance and a little scripting. Dump the results into no-one-home.txt, has-passcode.txt, and own-me-lol.txt and have fun.

On Fri, Apr 3, 2020 at 3:20 PM Matt Berlin via plug <plug@lists.phillylinux.org> wrote:

I know we're Zooming like crazy these days, but we can't be hitting hash collisions already. How is Zoom generating these meeting IDs?

- Matt

On Fri, Apr 3, 2020 at 3:06 PM George Zipperlen via plug <plug@lists.phillylinux.org> wrote:
Zoom hackers not as 133+ as I thought.

Not script kiddies exploiting Zoom's privacy backdoors.

Just randos finding re-used meeting ids...

But, as I also thought, FBI don't find it amusing at this time.

Deeper thought, this public reaction will inspire the next level, e.g. $CAUSE /* ^[1] motivated */, to do more spectacular stunts.

higher levels of hacker will keep doing what they already do.

But we all know that, I just have too much time on my hands as well.

[1] for arbitrary values of $CAUSE, most of which I don't share, for $CAUSE In Set(MY_CAUSES) send_message ("You're not helping!")

--
George Zipperlen
george.zipperlen@mail.com

___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug