top | item 22750476

(no title)

jp10558 | 6 years ago

Me too. I swear they are stretching "vulnerability" to the point of stupidity. So, if a Hacker gets into your Zoom Meeting (itself a problem) and sends you a link, and you click it, bad things happen? Why, send out the hounds to any thing that has clickable links. Better boycot web browsers too while we're at it. Because the problem here isn't a clickable link, what if someone copy pastes it? Is that a zoom vulnerability too? The issue is Microsoft allowing SMB to the internet by default, or bad IT config allowing it to the net by default. The password problem is Microsoft STILL using insecure auth mechanisms there. NONE OF THIS has ANYTHING to do with Zoom or e-mail or a web browser IMO.

Oh, if you're already hacked in enough to run code on MacOS, you can grab the camera with Zoom. Or, you know, use any of many methods to do that I'm sure. The problem, and the reason for HIPS / AV / security solutions is to stop running "hacker code". If I'm running arbitrary code on your Mac, I don't need Zoom to grab a password.

Now, the bad installer methods used on MacOS - yes, those should not happen and ought to be fixed. I think it's the big problem, no one gets paid for a secure system, but one that people can use. Security just causes issues sadly, and making it possible for the most incapable computer user is why everyone loves Zoom for "just working". That sadly incentivizes them to try and work around security roadblocks, which is bad.

discuss

No comments yet.