1. 15
  1. 4

    I’m not even surprised by the outdated openssl lib, I’m mad about the windows registry dumper & crash-report screenshot functionality.

    1. 4

      It’s a sad indictment on the low priority society places on security that Zoom has a $42B market capitalization.

      1. 3

        A tad unfair as equally this can be explained that your own priorities are not aligned with the rest of society.

        Is Zoom meaningfully less secure than telephone conferencing, mobile phone calls, Skype/Teams, WebEx, …?

        To answer that you need to decouple absolute security, the content of those meetings, the geographic location of the moving parts, who the participants are and what their other options were (ie. mobile phone).

        Myself as a UK based grumpy sysadmin, I would be delighted to hear that someone in China is interested enough to listen to me waffle on technical stuff that is already in the public domain. Meanwhile a UK politician arguably would probably be better off using a landline from the local telco. Should Chinese citizens use non-local services such as WebEx or Skype though? Should the UK government use Cisco solutions, other than they make you think suicidal thoughts, but that is more a statement about UX rather than security.

        I personally value Zoom’s non-end-to-end encryption as it means they can multiplex all the AV streams into a single stream that my mobile network can handle out in the middle of the sticks.

        Zoom were just idiots blatantly caught mis-labelling and being stung by their handling of it all; time will tell if they actually fix all these problems. The real sob story here is everyone now being forced to use Teams, Skype, Slack and Google Hangouts instead. Is this a better outcome?

      2. 2

        The SHA256 output of string “0123425234234fsdfsdr3242” is used to initialize an OpenSSL EVP AES 256 CBC context for encryption and decryption of data

        To see how ridiculous this is try writing “0123425234234fsdfsdr3242” on your keyboard.

        1. 2

          And this is why I’m running this in a Flatpak… Ideally, not at all… but I’m forced to by my school.

          1. 1

            You can run it inside your browser, although not that obvious and with limited features.