Zoom官方也已经承认问题,说是会在未来90天内改正,并邀请第三方专家来review。 https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/ What we’re going to do Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively.
还真的被告了。securities fraud. N 04/08 03:42 *ZOOM, CEO, CFO ACCUSED OF CONCEALING ENCRYPTION SHORTCOMINGS BN 04/08 03:41 *ZOOM SHAREHOLDER FILES CLASS ACTION SUIT IN SAN FRANCISCO BN 04/08 03:40 *ZOOM SUED FOR SECURITIES FRAUD OVER PRIVACY, SECURITY FLAWS Caffeine 发表于 4/8/2020 9:57:29 AM
还真的被告了。securities fraud. N 04/08 03:42 *ZOOM, CEO, CFO ACCUSED OF CONCEALING ENCRYPTION SHORTCOMINGS BN 04/08 03:41 *ZOOM SHAREHOLDER FILES CLASS ACTION SUIT IN SAN FRANCISCO BN 04/08 03:40 *ZOOM SUED FOR SECURITIES FRAUD OVER PRIVACY, SECURITY FLAWS
我同学学校IT部门发的信: Yesterday the Washington Post ran an article under the headline "Thousands of Zoom video calls left exposed on open Web." Alarming, right? Except, as the reporter admits after a few lurid paragraphs, "The problem does not affect videos that remain within Zoom's own system." The 'open video' problem only occurs on 3rd party servers, where users upload videos for public sharing, without a password and without renaming the video. It does not occur on Zoom's own servers (nor on NYU Stream.) However, the headline "Some Users Careless, Overshare Video" would generate zero clicks, so the Post went with inflammatory instead of informative. Similarly, Fortune ran an article Tuesday under the headline "Are Zoom Chats Private?", and led with an accusation that private chats are being archived for others to see. Again, sounds like bad news, no? But only later does the reporter admit that the only private chats anyone can save from Zoom are the ones the user participated in, and only if they save the file locally. The host cannot see private chats between other participants. But the headline "Private Chats Are Private; Local Files Are Local" would likewise generate no clicks. It's not like Zoom is perfect. They can oversell system features; they've had to walk back claims about encryption and attention tracking. They had a genuine security issue last year with their Mac installer. But Zoom has fewer and smaller security and privacy issues than the press wants people to believe, and what issues have surfaced Zoom has fixed with alacrity. I know this is a stressful time, and Zoom has gone from optional for a few users to essential for substantially all of us in an eyeblink. But as you pass faculty concerns along to IT, please also help dial down the anxiety. Find out where faculty heard of a particular risk. Remind them that NYU IT is competent and dedicated, and that our colleagues who defend the university online are tracking these issues daily. If a big security issue does surface, IT will see it and react to it quickly and forcefully. But so far, nothing has merited the agida in the tech press.
有股票的可以考虑抛了,除非董事会CEO全体换人,很难在西方打开市场了。
https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/
Zoom官方也已经承认问题,说是会在未来90天内改正,并邀请第三方专家来review。
https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/
What we’re going to do
Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively.
多伦多大学安全实验室,发现Zoom有以下问题:
1、Zoom的官方文档,号称使用AES-256位加密,实际却是用普遍不推荐的AES-128 ECB,不但容易被暴力破解,而且加密后仍然会泄露信息
2、AES-128密匙,并非是点对点在用户之间产生,而是由Zoom服务器生成,然后转发到中国。
测试中,一个加拿大用户连线美国用户,结果AES-128密匙居然发给一个北京IP 52.81.151.250
3、Waiting Room有漏洞,会让非授权用户登入,出于防止abuse的目的,实验室不公开细节。
🔥 最新回帖
动作真是快啊。
🛋️ 沙发板凳
远离中国生产,出口美国的一切东西。比如这位帖主。
学校什么的可能无所谓,但是哪个科技公司要是用就SB了
为什么离不开?
什么叫美国离不开Zoom,美国有太多替代产品了Webex, Skype business, team, gotomeeting,etc。
zoom本来就是webex翻版,只不过是原班人马再创业,没了硅谷再造一个也不是问题吧
bericade - 4/19/2019 9:27:20 AM
有同样疑问呢
总结一下发家史:他87年数学系毕业 97年来美 加入创业公司WebEX做研发工程师 这个团队当时刚成立一年一共才十人 做了十年07年被思科收购 升为副总裁 11年决定辞职创业zoom 做的东西跟老东家一样会议视频平台 带了老东家40多个员工 17年红杉投了一亿元推广 现在火了
上星期就有爆料说是Zoom是江家的公司。。。
特殊时期没办法
现在和前苏联冷战没啥区别了
Zoom最稳定。其他都会断线,视频不清晰,声音不清晰。
加拿大的教育局也要求不用Zoom.
加拿大医院没有禁。
zoom本来就是抄webex的作业,厉害国除了作弊弯道超车有什么真正的技术?
ZOOM在天朝是被禁的。因为云服务器基本都在美国。
当然,ZOOM屁股干不干净,我就不知道了。ZOOM的开发如果不搬到美国,也是一颗定时炸弹
印度人是技术太次,把波音搞砸了,zoom是协助中国政府收集信息,不是技术上的缺陷
测出来有后门就不能用,你这问题很弱智
中国的info sec 非常强,养了一群老nb的大白帽服务政府,zoom的基地在国内生意这么大不可能没有咨询,
说不故意的也要有人信
怎么会离不开zoom?从来没用过zoom,美国有teams,skype,webex,gotomeeting,bluejeans。。。选择不要太多啊
搬回来也生存不了,没有中资支持它没法survive真正的市场竞争。
什么中资?ZM不是中概股,是美国公司,在美国上市
据说ZOOM用的是AWS,如果Amazon在中国有data center,出现中国IP不是很正常吗?APPLE在中国也有DATA center,是不是也不能用了?
说的是private key,不是data
这个洗地太没水平了。一个加拿大用户登陆,不route到加拿大的server,反而route到中国的server?
用Skype business,现在开始用team,很好用啊。
什么叫离不开zoom?
zoom便宜点。
便宜的原因就是中资和中政府幕后支持。所以它survive不了正常的市场竞争。
就你懂,哈哈哈
科技掌握在厉害国手里,就是对自由文明的祸害
key exchange需要啊。你这人太搞笑了
ZOOM好好的一个企业,明明不想参与政治,生生被政治给干掉了。
大形势下,只要沾边,谁也别想逃
从没有过ZOOM。不过,听说他们家技术最好。 然而没用。LOL.
AES-256-CBC/GCM 是比较主流的加密手段,速度快强度高,用来加密视频足够了。很多VOIP和VPN也用它。
Zoom自己的文档,也声称是AES-256。
结果Zoom却偷偷用的是AES-128-ECB,这不知道是什么时候的老古董,正常软件都不会用。
唯一的解释,就是要配合中共现有的暴力破解工具,留下后门。
所以美国正规公司和组织,都是第一时间drop ZOOM。
赚美国钱不给美国人就业机会干掉不是活该莫
懂加密的人回复:你就是胡说八道。 Diffie–Hellman key exchange 听过吗? 为什么密钥一定要通过北京服务器传递?完全不需要好吧!!!!任何学过information security 101的都知道如何做。 Zoom 这样简直太操蛋了!!!
可以好多人视频但画面上只能四个同时出现。
这样不怕被人告死?
ZOOM很多学校在用,现在疫情可以免费用,一个session可以一百人同时。
你再费心解释一下,为什么美国公司的server要放在北京,所有的R&D要放在北京,这和挂美国羊头卖中国狗肉有什么区别
拜你国所赐,这种情况真的很可能在西方世界发生