zoom

 The computer club mentioned zoom as an app to do free video conferencing during the stay-at-home period.

 Zoom Technologies (ZOOM) stock trading was halted after soaring 56,000%. Wrong zoom.

 Zoom, the app for video conferencing has experienced a large increase of use recently. 10 million/day > 300 million/day

 Helpful <-> Harmful

 The installer for zoom on MacOS installs without having a user approve.

Though not illegal or against Apple's terms and conditions, this is not normal for applications.

Zoom also allows other web sites to turn on the user's web cam via the zoom application. Zoom has indicated it will remove that feature.

 Also the app indicates the app uses end-to-end encryption. Not quite   More like transport encryption.

Zoom can see the data.

This post is not to advise against using zoom, just an attempt to inform, make aware, so members can prepare

Added 01-Apr-2020

 this is a link to a zoom blog post on securing a virtual classroom:

https://blog.zoom.us/wordpress/2020/03/27/best-practices-for-securing-your-virtual-classroom/

Also, reports of others zoombombing zoom sessions. zoombombing is broadcasting inappropriate images, videos, hate speech, etc. into active zoom sessions.

zoom windows client will convert UNC paths to clickable links. Good for utility/functionality, bad for security. 

If a user clicks of the SMB link, Windows will attempt to connect to the SMB link using the user's login name and the NTLM hash.  The hash can then feed into a de-hash program yielding the user's credentials to anyone capturing the traffic. Recall from above the zoom session is NOT end-to-end encrypted - yet.

In my opinion, zoom is like almost everything in today's cyber environment. Good for us as long as users are aware so they can prepare and understand the risk to balance against the reward.

I would use zoom. You should make the decision for your circumstances.

Zoom now indicates it will work these issues.

And so they have!

Post on social media of zoom meeting ID of British cabinet.  Probably NOT intended to be eavesdrop.

Update  3-Apr-2020

Update   4-Apr-2020

 Zoom is actively and quickly addressing security concerns. I have little reservation for using zoom for casual usage. Efforts and techniques can be taken to make zoom sessions safer - not safe.

Update: 14-Apr-2020

 Zoom now hides the meeting ID. zoom users sharing screen shots on social media could have their meeting joined if the security measures were lax. Soon users can limit the regions for their meetings. 

Zoom is actively and aggressively enhancing their security and usability. 

Update: 24-Apr-2020

 Zoom continues to amaze with their response to security and privacy issues - in a very good way.

Explosive growth, abuse target, new features - all are addressed in a way that gives other platforms a lesson in product management.

 But 500,000 meeting IDentifiers and passwords were on sole on a black market site. And 0-day exploits are also on sale for $500,000 each. Normal 0-day exploits fetch a few thousand dollars.

Update: 27-Apr-2020

 Zoom version 5.0 availability A lot of improvement

  GCM encryption support. Full system support to occur 30-May-2020.  (re)visit zoom download page to upgrade to version 5.0

patches and updates abound 24-Mar-2020

 Apple released iOS and iPadOS 13.4 today. Feature updates and security fixes. MacOS released two updates to their beta program as well.

 Also today Microsoft released an update KB4541335. This is NOT an automatic update, users need to use Windows Update and select.

Yet another Microsoft Windows zero-day vulnerability 23-March-2020

 The 0-day vulnerability in Microsoft's Adobe Type Manager Library (atmfd.dll) is being actively exploited according to a Microsoft advisory ADV200006.
 The knows exploits allow attackers to run code on a user's system and take actions on that user's behalf.
 Consult the advisory at Microsoft's site for details and mitigations.

COVID-19 related scams, links, false information, FUD, etc.

eMails, web sites, social media posts, twits, any and everything we've ever thought of or used is being used to capitalize on the outbreak.  The chance of appearing  to come from friends and/or family are very large.
The above eMail is an example of these fakes. Reports are many thousands a day are fake or attempting to lure the public to sow fear or gain financial advantage - cost the public money. Who sends these and similar eMails? Every/Anyone with $200 to purchase a Covid-19 themed phishing kit.

 Then there are apps. Apps for smart phones, Windows, MacOS, etc. Some are Covid themed directly. Some are Covid victim themed. Some have replaced the fold@home app (the real fold@home uses unused compute power to fold proteins for Covid and other research) .

 Fake or rogue domains. Hundreds are registered every day. One on one of these newly registered sites, users are asked for donations to fund vaccines, help victims, etc.

 With a larger workforce working remotely malware can more easily target and exploit remote worker's lesser protected machines that then connect to the company's infrastructure. Mom and/or dad now use the family computer that has been used all day by the curious teens in the house.

 The worst? Attackers of healthcare providers, agencies, and government agencies in the fight of Covid-19. State public health sites hit with ransomware (it is possible they would have been hit by ransomware attack anyway, just more likely to get past defenses given the stressed workforce).


Be aware, be prepared, be wary, be safe.  Like the virus, if each of us is safer, we are all safer.

Update: Researchers report 30,000% INCREASE in pandemic related threats. The FBI is seeing similar trends. I too see a lot more related scans, scams, and attempts via any and all past and current methods.
30,000% is NOT a typo!

COVID-19 and privacy/tracking?

 New arrivals to China are now being given a wristband and an app for their smartphone 
StayHomeSafe. Interesting name. The app and wristband are an alternative to forced quarantine camps. The app has a 14 day count down.
 Israel approved cellphone tracking technologies to enable tracking of suspected COVID-19 patients.
 Thailand provides a replacement SIM card for new arrivals to the country.
 These and other measures have been implemented with less than usual regulatory oversight. Due to the urgency. The China wristband comes with a warning of criminal and civil penalties. Time will tell if the app can or does collect any other data. China collects data from citizen's smartphones. China uses facial recognition to a large degree, capability has to be lessened die to face masks.

 The U.S. government is seeking measures from the technology sector to collect data to heighten the data collected to fight the outbreak. Law enforcement use of Stingrays can provide information and alert on large gatherings, has done so for years. The technology has been used and is used today. Google maps alerts on traffic congestion, restaurant wait times, population density for wild fire response, etc.

Rumors of US national quarantine are FAKE

 US National Security Council taking steps to dispel fake news attributed to "foreign entity"

 Some COVID-19 sites with graphic maps contain malware.

Be health safe, be cyber safer.

Got iPhone? Got unexplained cellular data?

 Reports of iPhone users getting large bills or large cellular data usage on unlimited plans.

Check Settings > Cellular > Cellular Data

Look at the data usage for Uninstalled Apps. My usage and my wife's usage is as expected. But users are experiencing large unexplained usage.

Check yours. If you get an increased bill from your carrier, report this. It appears to be a known problem.

Out of Band Microsoft security Update KB4551762

 Today, March 12, 2020 

 Microsoft released a patch for the SMB vulnerability.