Teams is a great big bag of hurt if you need to schedule meetings with people who are not part of a team.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Over 500,000 Zoom Accounts Sold on the Dark Web and Hacker Forums
- Thread starter MacRumors
- Start date
- Sort by reaction score
K.
https://www.businessinsider.com/china-zoom-data-2020-4
Zoom CEO apologizes for security problems on public live stream
“Clearly we have a lot of work to do,” Yuan saidwww.theverge.com
It's not a large jump from "automatically storing in the Cloud" to "the CPC is literally harvesting your data".
But hey, we all trust the Chinese to do the right thing...right?
You claimed they deliberately store information in China. Your link clearly stated that this was the result of a configuration error since fixed.
Paying customers now get to choose the locality which stores the data.
Your post was deliberately deceiving and untruthful. Why use hyperbole, there's plenty of real security concerns with Zoom without needing to just make up stuff.
I would agree. The biggest issue I have with FaceTime is the lack of grid view. When there are more than 5 loud people talking over each other on FaceTime, it drives everyone (in my family) crazy seeing faces bouncing around every 2 seconds.
A friend of mine who sold beer once said "There's no brand loyalty I can't overcome by offering a buck off per case..."
Zoom seems to be overcome by success in that they've dropped dialup numbers and limited meetings to 40 minutes for free subscribers. They must have been slammed with new users and quickly discovered they would lose money and subscribers if their servers and dial in lines get overwhelmed.
So many people missing the details of the article.
Zoom had absolutely nothing to do with the losing the credentials that are being sold here. This is just a failure on the end users part to use a new password that was not already compromised in some other data breach on a different website.
Sure, hate on Zoom, but not for this.
Zoom had absolutely nothing to do with the losing the credentials that are being sold here. This is just a failure on the end users part to use a new password that was not already compromised in some other data breach on a different website.
Sure, hate on Zoom, but not for this.
Apple is missing out a lot on corporate gimmicks. The idea of Microsoft teams is great, the implementation is rubbish. I’m sure Apple could get this to work better.
Are you sure? Zoom already proved they don't know how to do anti-hammer, allowing people to guess meeting IDs by simply trying them. Is Zoom smart enough to prevent password bots?
[automerge]1586896805[/automerge]
While I agree the end-user experience of Teams is crap, the reason why Teams is great is the administration and compliance side.
For example, it supports archiving for compliance and eDiscovery, incorporates their antimalware link scanning, has data loss prevention, integrates right into Active Directory, has data sensitivity tagging, etc. The reason why schools like it is because it ties into learning management systems, e.g. automatically setting up classroom environments.
Apple has absolutely no technology for this. They don't even have a solution for single-sign on, something Zoom has.
Last edited:
Using a proper password mitigates password bot attempts, and forcing users entering a meeting into a waiting room further makes the login process more secure.
If I understand correctly, the meeting IDs were something roughly resembling sequential integers. Guessing those isn't that hard. On the other hand, brute forcing the password for one account is quite time consuming. Do you really think they did so for thousands of accounts? Testing for re-use of passwords, by comparison, is lightning quick.
E-mail spam lists + top 100 passwords list is very effective if there isn't any rate limiting, which is exactly the point. Time how long it takes to return a wrong password on nearly all sites, much less than a second. With a botnet, you can easily test tens of thousands of passwords per second.
Also note the screenshot in the article gives the host key. That's a 6 digit number tied to the account, used to claim host permissions. It's necessary when the host dials in, but is also used in the computer UI. So whatever password you choose in Zoom, security is no better than 6 digits.
Yes, i'm sure, and i quote myself "Zoom had absolutely nothing to do with the losing the credentials that are being sold here."
Actually they absolutely did, upon closer inspection. Read my last post above regarding the host key. It has nothing to do with a "new password" because that wasn't what was leaked.
I speculate what happened is somebody figured out how the HTML5 client validates host keys and that isn't rate limited on the server side. Regardless, a 6 digit number isn't secure.
Last edited:
Hopefully they put rate limiting in, to make this process even more difficult for the ne'er do wells. But setting the account up correctly, according to the security that is required by the meeting host, goes a long way. If some uses phishing attempts to get to your account, they can grab the hostkey also.
Last edited:
For me, the key for a good corporate solution is, in no order:
1. Easy to use. Many peopel aren't computer savvy so it needs to be easy to setup a meeting and to get into one
2. Encrypted
3. Allow you to block entry and eject people
4. Have dial in numbers for around the world
5. Cross platform (OS) and device (Phone, Tablet, Computer, etc.)
6. Allow screen sharing, markup and a digital white board
If you haven't seen it, SNL's first Zoom skit captures every web meeting ever:
To a point, I draw a line when it comes to Busch Light 😂😂
At least they are trying. Who knows, they might be good after all of this.
Cisco Cloud Webex
I found it cheaper for our 60,000 users. We also have 2 10G direct connects through Equinix to Cisco which wasn't available at the time for zoom.
Opening 4 ports to a couple of hosts is a nightmare. Your network team is garbage.
Straight from the documentation:
TCP port 443 to lqtservice-web.wbx2.com
TCP port 443 to uds.huron-dev.com
TCP port 443 to gds.huron-dev.com
TCP port 443 to idbroker.webex.com
TCP port 8443 to callcontrol.huron-dev.com
TCP port 5061 to lqtservice-web.wbx2.com
TCP & UDP port 5004 to lqtservice-web.wbx2.com
I would trust my wife having cocktails with Bill Cosby before trusting anything from ms.
They are not encrypted. That was a false claim and one of the reasons they are having issues.
Zoom isn’t actually end-to-end encrypted
But the company denies that it’s misled users
www.theverge.com
Despite claims, Zoom calls are not end-to-end encrypted
A report claims that Zoom's video conferencing service is not end-to-end encrypted as the company claims and that Zoom can access all audio and video data from calls.
www.imore.com
Matter of opinion...
[automerge]1586903638[/automerge]
What issues? Issues is generic.
No, they're encrypted the same way Webex, Teams, and others are. They're not end-to-end encrypted like they claimed, but none of the other services, save FaceTime and some rarely used open source solutions, claims that either.
Fundamentally, dial-in prevents end-to-end encryption which is something nobody reviewing Zoom's claims realized.
Zoom Caught in Cybersecurity Debate — Here's Everything You Need To Know
Use Zoom Video Conferencing App? — Here's Everything You Need to Know Why Zoom Making So Many Negative Headlines In Cybersecurity
thehackernews.com
Thats fine, so lying about being end to end encrypted isn’t an issue?
Who is it an issue to? And are companies abandoning Zoom because of this? I personally don't care as long my confidential information discussed during a Zoom session doesn't end up on the dark web.