This is assuredly right.
The change from Adobe to Zoom may, or may
not, have been right for ICANN and for this
group for any number of reasons ranging from
cost, to security, to scalability and
utility. But let’s not romanticize Adobe.
They are not a terribly secure platform
generically. As James said, the Zoom
response is poor – but we can’t hang that
around the neck of ICANN org.
P
Just want to call out
that Adobe has likely the worst reputation
in the entire tech industry when it comes to
security, I really would not hold them out
as either prompt or without serious issues
(I believe they still hold the record for
number of CVSS 9+ vulns).
Zooms response is poor I
agree, but on a data driven comparison it is
a far more secure platform.
That is true, but note
that this security researcher notified
Zoom of the exploit and they were in no
rush to repair it. Look at the timeline in
the Medium post. They only sought to fix
it after the vulnerability drew media
attention.
Adobe Connect was not
perfect but it met our needs and the
occasional security issues that arose were
promptly fixed by Adobe and never as
serious as this one!
On Tue, Jul 9, 2019 at
18:07, Adeel Sadiq <11beeasadiq@seecs.edu.pk>
wrote:
Speaking from a
technical perspective, no software is
perfect or bug-free. Its only a matter
of time a loophole is found and
exploited and eventually patched up. If
you think Adobe Connect or ezTalks
were/are free of these architectural
issues, think again! That's the way we
technical community do things.
Unfortunately,
uninstalling the application does
not rectify the situation, due to
poor architecture (acknowledged by
Zoom on their blog today). They are
working on a fix, now that public
scrutiny demands one. So
disappointing that ICANN has put us
in this terrible situation.
On Tue, Jul 9, 2019
at 16:15, Vaibhav Aggarwal, Catalyst
& Group CEO <va@BLADEBRAINS.COM>
wrote:
Thanks for this.
Till the next Update, I have removed
the Zoom For Mac Client with
immediate effect.
Hey -
remember when ICANN
switched everyone from
Adobe over to Zoom as a
way of enhancing
information security and
data privacy?
"A
vulnerability in the Mac
Zoom Client allows any
malicious website to
enable your camera
without your
permission... This
vulnerability allows any
website to forcibly join
a user to a Zoom call,
with their video camera
activated, without the
user's permission. On
top of this, this
vulnerability would have
allowed any webpage to
DOS (Denial of Service)
a Mac by repeatedly
joining a user to an
invalid call.
Additionally, if you’ve
ever installed the Zoom
client and then
uninstalled it, you
still have a localhost
web server on your
machine that will
happily re-install the
Zoom client for you,
without requiring any
user interaction on your
behalf besides visiting
a webpage. This
re-install ‘feature’
continues to work to
this day."