header 1500x360

Today Liberty Road received this email from David Spring. Who is David Spring and why would Liberty Road publish his report? Because David has spent a lifetime researching and helping businesses and individuals to protect and secure their online activity from hackers, malware, and other bad actors.

Please take a moment to read over David's report. We've left all of his links in tact rather than embedding them within the text so you can copy and past them into your browser or click the link. As the entire nation and world gravitate to online meetings it is inherint upon all of us to do so in as safe a manner as possible. Please share this information within your own networks if you find it valuable.

~ the Road to Liberty begins and Ends with All of Us


 https://easydns.comZoom is Malware/blog/2020/04/06/axis-of-easy-lets-make-this-simple-zoom-is-malware/

 I downloaded the report for Canada <https://www.gstatic.com/covid19/mobility/2020-03-29_CA_Mobility_Report_en.pdf> which tells me that overall, people visiting retail and recreation is down, at -59%, -35% for grocery and pharmacy, only down -16% for parks, -44% movement to workplaces and are only (quizzically) staying home +14%.

How does Google know?  Because people carry a Google tracking beacon with them wherever they go, they’re called Android phones (the Apple tracking beacons are called “iPhones”).

Among the other Big Tech companies piling into Corona snooping are Oracle and Amazon.  Recall in last week’s #AoE we reported on <https://easydns.com/blog/2020/03/30/axis-of-easy-april-fools-day-has-been-canceled/> how Toronto was working with the big telecommunication companies, aka telcos, to monitor cell phones as part of an effort to measure social distancing edicts.

Read:  https://www.google.com/covid19/mobility/

We’ve covered Zoom in these pages before.  Back in #AxisOfEasy 104 <https://easydns.com/blog/2019/07/08/axisofeasy-zoom-0-day-up-to-4-million-mac-cameras-exposed-to-remote-execution/> it turned out that the Zoom installer was installing mini-web servers on your computer, and it wasn’t even taking them off when you uninstalled Zoom, leaving your device open to all manner of vulnerability.

In the intervening week, all sorts of data points and news items came out about the (lack of) privacy issues with Zoom:

  *   On April 1st, a (former NSA) hacker released two new Zoom 0-days <https://techcrunch.com/2020/04/01/zoom-doom/> that enable a hacker with local access to a Zoom session to take over the software to install malware.

The next day Krebs on Security reported <https://krebsonsecurity.com/2020/04/war-dialing-tool-exposes-zooms-password-problems/> on the fast spreading “Zoom Bombing” phenomenon where pranksters and miscreants were war dialing Zoom rooms, looking for ones without password protections and crashing the meetings, hurling insults and profanities at the participants.

It gets worse <https://www.entrepreneur.com/article/348720>, turns out Zoom Bombing is a thing now, so the perpetrators are recording videos of their antics and releasing them on Tik Tok and who knows where else.

On the very next day (the cat came back….) it emerged that <https://www.theverge.com/2020/4/3/21207134/zoom-recordings-exposed-thousands-identical-naming-search> because of the naming scheme Zoom uses to create the files of video recordings participants make of their sessions, those records were easy to find and access on the web.

Toronto’s Citizen Lab reverse engineered the Zoom client and found that they had “rolled their own encryption scheme” and that it has pretty lousy encryption. Their report is here.<https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/>

  *   Arvind Narayanan, a professor of Computer Science at Princeton distilled it down thusly, “Let’s make this simple: Zoom is Malware” <https://mobile.twitter.com/random_walker/status/1244987617676050434>

Here at easyDNS we are working to facilitate video conferencing and remote collaboration tools for you and your teams and families.

We’re relying on open source tools like Matrix and Jitsi that use peer reviewed, publicly accepted encryption techniques and will seek to put the data under your control and nobody else’s.  Watch this space.

~ David Spring, Spring for Schools