Posted April 1, 2020 Zoom is being used to windows credentials. Original article https://www.zdnet.com/article/windows-10-alert-zoom-client-can-leak-your-network-login-credentials/ Quote On the heels of Zoom's iPhone privacy blunder, a security researcher has found that attackers can use the Zoom Windows client's group chat feature to share links that will leak the Windows network credentials of anyone who clicks on them. Zoom is again in hot water, this after many turn to it in a time of social distancing. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted April 1, 2020 So, they're getting sued (potentially) for sending information to facebook and now this? Anything for education, I guess. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted April 1, 2020 Ahh, the NSA (is at it again. EternalBlue used with Ransomware anyone? Remember that? I do. Note: not sure if Wardle was directly involved with any of that past stuff, but, it's the NSA, come on man! Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted April 1, 2020 11 minutes ago, comander said: Protip, Google has a "free" service that has higher video quality and is presumably more secure than Zoom. I'm sure one out of the 324 Google communication services will be good, the question is whether users will have time to find out which one before they kill it again. Regarding Zoom, I first heard about it like two weeks ago as forced remote work kicked in. I think it's the best service I ever used for multi-way meetings in terms of stability and audio/image quality for everyone involved (I think every other service at most dealt with two-way connections, sometimes not even). I guess it was too good to be true: the more I learn about it, the less reliable it seems in every other way. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted April 1, 2020 2 hours ago, sgteaglefort said: Zoom is being used to windows credentials. Original article https://www.zdnet.com/article/windows-10-alert-zoom-client-can-leak-your-network-login-credentials/ Zoom is again in hot water, this after many turn to it in a time of social distancing. Isn't there also something regarding how the macOS installer for Zoom operates? Intel® Core™ i7-12700 | GIGABYTE B660 AORUS MASTER DDR4 | Gigabyte Radeon™ RX 6650 XT Gaming OC | 32GB Corsair Vengeance® RGB Pro SL DDR4 | Samsung 990 Pro 1TB | WD Green 1.5TB | Windows 11 Pro | NZXT H510 Flow White Sony MDR-V250 | GNT-500 | Logitech G610 Orion Brown | Logitech G402 | Samsung C27JG5 | ASUS ProArt PA238QR iPhone 12 Mini (iOS 17.2.1) | iPhone XR (iOS 17.2.1) | iPad Mini (iOS 9.3.5) | KZ AZ09 Pro x KZ ZSN Pro X | Sennheiser HD450bt Intel® Core™ i7-1265U | Kioxia KBG50ZNV512G | 16GB DDR4 | Windows 11 Enterprise | HP EliteBook 650 G9 Intel® Core™ i5-8520U | WD Blue M.2 250GB | 1TB Seagate FireCuda | 16GB DDR4 | Windows 11 Home | ASUS Vivobook 15 Intel® Core™ i7-3520M | GT 630M | 16 GB Corsair Vengeance® DDR3 | Samsung 850 EVO 250GB | macOS Catalina | Lenovo IdeaPad P580 Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted April 1, 2020 29 minutes ago, BlueChinchillaEatingDorito said: Isn't there also something regarding how the macOS installer for Zoom operates? YES! They prompt for the admin users password (and do the install) before the user clicks install, when the installer window opens! they have literally done extra work so that the application is installed even if the user clicks cancel on the installer window! Zoom seems to be very poorly developed when it comes to being a good system application. Through i am more worried about windows if any application that runs can access credentials that sounds like a windows bug, you cant assume every application running on the system can read all the users passwords. macOS will only let an application read passwords it set into the keychain. (even the the user is root) they will be promted by the system if they want to let this application read other values if the application attempts to read them. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted April 1, 2020 Author 3 hours ago, BlueChinchillaEatingDorito said: Isn't there also something regarding how the macOS installer for Zoom operates? Yes zoom is facing many flaws and failures at the moment. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted April 1, 2020 On 4/1/2020 at 12:45 PM, comander said: Protip, Google has a "free" service that has higher video quality and is presumably more secure than Zoom. It's great. 100,000 Google employees use it regularly. No one else does, but it works amazing for the people who made it. They have so many that I honestly have no clue which one you're talking about. I stopped using most Google services because they abandon and replace them at an alarming rate. Edit: To me, this sounds more like a flaw with Windows and SMB than with Zoom. Quote When someone clicks on the UNC path link, Windows attempts to connect to the remote site using the SMB network file-sharing protocol. And by default, Windows then sends the user's login name and NT Lan Manager (NTLM) credential hash. Additionally, whenever an SMB connection is made, it may leak the client's IP address, domain name, user name, and host name. It's also worth noting that Zoom hasn't been used to steal credentials, despite what the OP claims. It's just a possibility. Make sure to quote or tag me (@JoostinOnline) or I won't see your response! PSU Tier List | The Real Reason Delidding Improves Temperatures | "2K" does not mean 2560×1440 Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted April 2, 2020 This sounds more like a problem with SMB than with Zoom. Zoom allows SMB links which is bad security practice, I guess. But SMB apparently straight up sends your hashed password across the network for no reason. Why? Other than that the only credentials the attacker can get is your IP address (which they can also get by linking to a website they host) and your username/Microsoft account name (??) (again, why is this being sent?). If anyone with more SMB knowledge than me knows why this data is being sent, or any more details about what is happening, I'd really appreciate it. I'm quite confused. Also, did I misunderstand anything? The Eight Fallacies of Distributed Computing Essentially everyone, when they first build a distributed application, makes the following eight assumptions. All prove to be false in the long run and all cause big trouble and painful learning experiences. The network is reliable Latency is zero Bandwidth is infinite The network is secure Topology doesn’t change There is one administrator Transport cost is zero The network is homogeneous — Peter Deutsch Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted April 4, 2020 i want to honestly see how zoom responds to this. my sisters use it to keep in touch with friends, but they use mac so they may be ok. Main PC: the literature club machine Intel I5 9600k @ 4.2 Ghz | MSI z390-a pro | G.Skill Trident Z RGB 32 GB 3000Mhz | Samsung 970 Evo 500 GB | Seagate barracuda 3.5" 2.5tb | Thermaltake Floe Riing RGB 240 | Asus GeForce GTX 1660 Ti 6 GB DUAL OC | Thermaltake Core P3 TG Snow Edition Daily drivers OPPO A52 | Razer Blackwidow Chroma | Razer Deathadder V2 Pro | Beryodynamic DT 990 PRO | Focusrite Scarlett solo gen 2 Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted April 4, 2020 3 hours ago, mon1ka said: i want to honestly see how zoom responds to this. my sisters use it to keep in touch with friends, but they use mac so they may be ok. I mean I guess it fixed in latest update https://9to5mac.com/2020/04/02/zoom-fixes-malware-like-macos-installer/ Meet jitsi is pretty good option if it just for keeping touch with friends. Magical Pineapples