Matt Berlin via plug on 4 Apr 2020 08:39:03 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Zoom bombing

I just checked, and the /j/########## links look like they use the phone number or the organizer (at least by default, and in the cases I saw).

- Matt

On Fri, Apr 3, 2020 at 8:01 PM Rich Mingin (PLUG) via plug <plug@lists.phillylinux.org> wrote:
It's not a hash, it's an arbitrary 8, 9, or 10 digit number. They're not sequential, but they're not very well randomized either, and it's very easy to scan a large number of meeting IDs with an EC2/Azure instance and a little scripting. Dump the results into no-one-home.txt, has-passcode.txt, and own-me-lol.txt and have fun.

On Fri, Apr 3, 2020 at 3:20 PM Matt Berlin via plug <plug@lists.phillylinux.org> wrote:


I know we're Zooming like crazy these days, but we can't be hitting hash collisions already.  How is Zoom generating these meeting IDs?

- Matt


On Fri, Apr 3, 2020 at 3:06 PM George Zipperlen via plug <plug@lists.phillylinux.org> wrote:
Zoom hackers not as 133+ as I thought.

Not script kiddies exploiting Zoom's privacy backdoors.

Just randos finding re-used meeting ids...

But, as I also thought, FBI don't find it amusing at this time.

Deeper thought, this public reaction will inspire the next level, e.g. $CAUSE /* ^[1] motivated */, to do more spectacular stunts.

higher levels of hacker will keep doing what they already do.

But we all know that, I just have too much time on my hands as well.

[1] for arbitrary values of $CAUSE, most of which I don't share,  for $CAUSE In Set(MY_CAUSES)  send_message ("You're not helping!") 

-- 
George Zipperlen
george.zipperlen@mail.com


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug