Keith C. Perry via plug on 18 Jun 2020 11:59:19 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] taskbook, Zoom |
Excellent point, which is why people need prioritize threats. While I'm positive Verizon could be attacked, the smart thing to do would be to worry about the possible attacks closer in. ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Keith C. Perry, MS E.E. Managing Member, DAO Technologies LLC (O) +1.215.525.4165 x2033 (M) +1.215.432.5167 www.daotechnologies.com ----- Original Message ----- From: "Rich Freeman via plug" <plug@lists.phillylinux.org> To: "jeff" <jeffv@op.net> Cc: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org> Sent: Thursday, June 18, 2020 10:53:18 AM Subject: Re: [PLUG] taskbook, Zoom On Thu, Jun 18, 2020 at 10:38 AM jeff via plug <plug@lists.phillylinux.org> wrote: > > Zoom decided to encrypt end-to-end, after the yelling. While I obviously support E2E encryption, I think that people complaining about this don't have a great grasp on the threat model. The only people that E2E encryption protects you from are those with access to the telecom infrastructure. This is all professionally managed and unless you are concerned about government spying/etc I think the risk of an attack here is relatively low. Of course it is nonzero and so E2E encryption should be preferred. What E2E encryption doesn't help with is attacks on the endpoints themselves - which are probably cellphones or desktop PCs. Which do you think is more likely? That some hacker managed to install a rootkit on somebody's Win10 PC? Or that some hacker managed to install a rootkit on some router/switch at Verizon? My point here isn't so much that you shouldn't care about E2E encryption. Rather, my point is that simply having a features checklist in the software you're using doesn't make you secure. Usually the weak point in any chain of security is you... -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug