Fred Stluka via plug on 21 Apr 2020 13:29:18 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Fwd: Zoom bombing

Any evidence of snoopers being able to watch/listen without
being listed as an participant?  In Zoom, WebEx, or any other?

Fred Stluka
Bristle Software, Inc. 		#DontBeATrump #SadLittleDonny


On 4/15/20 7:13 PM, Rich Freeman via plug wrote:
On Wed, Apr 15, 2020 at 6:19 PM Tim Allen via plug
<> wrote:
Meeting organizers are re-using the same ids for sequences of meetings, and these meeting ids are being sent, and re-sent through insecure channels

This is a really tough one to get around.
Indeed, at work we use recurring meetings with constant meeting IDs
using WebEx all the time.  It can be painful to do it otherwise.

Really though with ANY kind of conferencing solution you should be
mindful of who is connected to your meetings in general, and
especially when discussing anything sensitive.  With audio teleconf
this can be more difficult, but with anything that has a web interface
it is usually pretty easy to count participants/etc, and when you see
that "Guest 1" that hasn't said a word you can always do a roll

Unless you have unique credentials for every meeting and don't send
them out far in advance it can be difficult to keep anything like this
super-secure.  But then again we're not talking about military-grade
security here.

Not sure how Zoom works but at least with WebEx meetings can't be
connected to outside of their scheduled timeslot unless a host has
connected.  This at least keeps people from using one of your meeting
IDs as some kind of free conferencing service at random times.  You
can also do things like lock meetings and take attendance and all that
stuff, and in general for anything really sensitive you would probably
have a pretty strict accountability for who is present (either dialed
in, or in the room with somebody dialed in).

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --