[PLUG] Question on Zoombombin
Ben Koenig
techkoenig at gmail.com
Thu Apr 9 22:17:47 UTC 2020
On Thu, Apr 9, 2020 at 3:06 PM Rich Shepard <rshepard at appl-ecosys.com>
wrote:
> On Thu, 9 Apr 2020, Nat Taylor wrote:
>
> > Current best practices for hosting zoom meetings is to require a
> password,
> > and have all users wait in a "waiting room" until the host allows them
> in.
> > I think you can set it so Audio and Video is disabled too until the host
> > allows it.
>
> Recently I read (on krebsonsecurity.com) that the lack of passwords was
> the
> major entrance for bad actors to interrupt Zoom meetings.
>
> The two in which I participated the past couple of weeks had passwords.
> And,
> when I dialed in, entered the meeting and password numbers the computer
> told
> me that I was in the meeting and the host was not yet present. When the
> host
> connected to the meeting we started.
>
> In these meetings those using computers were asked to keep off their
> cameras
> unless they were recognized to speak. And all of us were asked to mute our
> phones. I used *6 to unmute/mute the phone and *9 to 'raise my hand' when I
> had something to contribute.
>
> No intruders in either meeting.
>
>
The changelog is rather amusing. It appears there were a handful of obvious
problems that made it easier for people to bomb meetings.
https://support.zoom.us/hc/en-us/articles/201361953-New-Updates-for-Windows
There's a very good chance that zoom is significantly more secure now than
it was a few weeks ago but it's still hilarious. Funny how the changelog
makes no mention of passwords and instead focuses on UI changes that make
it easier to chance the security settings.
> Rich
> _______________________________________________
> PLUG mailing list
> PLUG at pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
More information about the PLUG
mailing list