Does anyone know what could be doing this?
Yesterday I suddenly had problems with popup ads appearing on my system.
The first time I noticed it was while running zoom. Suddenly a little
(say 100x60) window opened up in the bottom right area of my screen with
Does anyone else have with experience with something like this?
Is it an
indication that my system might have been hacked? Via Zoom? via Chrome?
via ????
Yesterday I suddenly had problems with popup ads appearing on my system.
The first time I noticed it was while running zoom. Suddenly a little
(say 100x60) window opened up in the bottom right area of my screen with
a picture of a a wonman with large naked breasts appeared, was up for
about 7 sec with some text and then vanished. After I had closed zoom, (
and it was no longer running on my system) other such ads would appear
and then disappear, each time for only a few seconds. These would occur
in general with about an hour or so between them (although at least once
it was just a few minutes between two of them. Sometimes they were not
of naked women telling me they wanted me, but some advertisement for something I did not have time to read, so it was not just zoom that was
doing this.
I usually have a chrome window open, I tried to shut down all web pages
which I thought might have been triggering this, but that did not help.
I finally shut down chrome entirely and that seems to have stopped the
show. I have not noticed this today, while I am using chrome again.
Does anyone know what could be doing this? I have never had this happen before. Mind you I think I have had popups blocked and then when I
wanted to read a newpaper article I opened up the popups again as that website demanded I do so to read the article, and did not block them
again afterwards, so that could have been the problem, with that web
site somehow keeping the web page open that was feeding them to my
system. But that is just a theory.
Does anyone else have with experience with something like this? Is it an indication that my system might have been hacked? Via Zoom? via Chrome?
via ????
Yesterday I suddenly had problems with popup ads appearing on my system.
The first time I noticed it was while running zoom. Suddenly a little
(say 100x60) window opened up in the bottom right area of my screen with
a picture of a a wonman with large naked breasts appeared, was up for
Yesterday I suddenly had problems with popup ads appearing on my system.
The first time I noticed it was while running zoom. Suddenly a little
(say 100x60) window opened up in the bottom right area of my screen with
a picture of a a wonman with large naked breasts appeared, was up for
about 7 sec with some text and then vanished. After I had closed zoom, (
and it was no longer running on my system) other such ads would appear
and then disappear, each time for only a few seconds. These would occur
in general with about an hour or so between them (although at least once
it was just a few minutes between two of them. Sometimes they were not
of naked women telling me they wanted me, but some advertisement for something I did not have time to read, so it was not just zoom that was
doing this.
I usually have a chrome window open, I tried to shut down all web pages
which I thought might have been triggering this, but that did not help.
I finally shut down chrome entirely and that seems to have stopped the
show. I have not noticed this today, while I am using chrome again.
Does anyone know what could be doing this? I have never had this happen before. Mind you I think I have had popups blocked and then when I
wanted to read a newpaper article I opened up the popups again as that website demanded I do so to read the article, and did not block them
again afterwards, so that could have been the problem, with that web
site somehow keeping the web page open that was feeding them to my
system. But that is just a theory.
Does anyone else have with experience with something like this? Is it an indication that my system might have been hacked? Via Zoom? via Chrome?
via ????
On 19/04/2020 00.28, William Unruh wrote:I hate sites that demand popups and usually have them disabled. In this
Yesterday I suddenly had problems with popup ads appearing on my system.
The first time I noticed it was while running zoom. Suddenly a little
(say 100x60) window opened up in the bottom right area of my screen with
a picture of a a wonman with large naked breasts appeared, was up for
about 7 sec with some text and then vanished. After I had closed zoom, (
and it was no longer running on my system) other such ads would appear
and then disappear, each time for only a few seconds. These would occur
in general with about an hour or so between them (although at least once
it was just a few minutes between two of them. Sometimes they were not
of naked women telling me they wanted me, but some advertisement for
something I did not have time to read, so it was not just zoom that was
doing this.
I usually have a chrome window open, I tried to shut down all web pages
which I thought might have been triggering this, but that did not help.
I finally shut down chrome entirely and that seems to have stopped the
show. I have not noticed this today, while I am using chrome again.
Does anyone know what could be doing this? I have never had this happen
before. Mind you I think I have had popups blocked and then when I
wanted to read a newpaper article I opened up the popups again as that
website demanded I do so to read the article, and did not block them
again afterwards, so that could have been the problem, with that web
site somehow keeping the web page open that was feeding them to my
system. But that is just a theory.
Does anyone else have with experience with something like this? Is it an
indication that my system might have been hacked? Via Zoom? via Chrome?
via ????
Suspicions:
- A site that enabled notifications. They need the browser that
activated them to be running.
- some popup from some site.
- some crap from zoom. It is known to be a bad thing.
Using Firefox, I can enable popups for a single tab or for a single site.
I hate sites that demand popups and usually have them disabled. In this
case is was a newspaper site and I enabled them to read that site. Unfortunately I had no idea how to do it except by enabling them for everything.
On Sat, 18 Apr 2020 18:28:25 -0400, William Unruh
<unruh@invalid.ca> wrote:
Yesterday I suddenly had problems with popup ads appearing
on my system.
The first time I noticed it was while running zoom.
Suddenly a little
(say 100x60) window opened up in the bottom right area of
my screen with
a picture of a a wonman with large naked breasts appeared,
was up for
Either zoom or a website open in chrome (or any site used to
provide ads for
those sites) could have run javascript that launched a copy
of the browser running
in the background, popping up that window to annoy you.
If you were running either zoom or chrome as root, then the
system could easily
have been hacked, and the only way to confirm would be to
boot from an external
device that wasn't mounted in read/write mode while the hack
was running, and
carefully examining the system for changes. Not easy to do,
but possible.
If they were running as a user, a logout/in or reboot would
end the loading of the
sites unless an entry was added to autostart it on user
login. For that, reboot,
login as another user, and examine all files the user has
write access that were
modified recently for any scripts, etc. that shouldn't be
there. Also delete
any files in the cache for the possibly infected user.
The zoom bombing that's been frequently happening has mostly
been pranks that do
no real damage. Someone looking to steal from you isn't
going to do stupid things
to make it obvious the system has been accessed.
There are different threat levels and acceptable risk levels
for different people.
For an average person running any linux system, the primary
threat is financial. If
you are concerned that it was more than just zoom bombing,
and you use the possibly
infected account for anything financial, after ensuring the
system is no longer
infected, change all passwords for financial websites.
For someone working with high value information, thanks to
the mini os called uefi,
the motherboard and hard drives should be replaced as the
firmware on either could
be infected leaving a persistent threat that cannot be
easily found or removed.
Personally, if a reboot, or logout/login stops the popups, I
wouldn't worry further
about it. But that's up to you. I wouldn't use zoom though,
except possibly in a
vb guest created just for running zoom, so it doesn't have
any access to the host
system's files. The media has made it clear, zoom is not
designed to be secure.
Regards, Dave Hodgins
On 19/04/20 02:12, David W. Hodgins wrote:
If you were running either zoom or chrome as root, then the system
could easily
have been hacked, and the only way to confirm would be to boot from an
external
a trivial (for you) question :
as a single user with a single account (sudo enabled) I could be defined
an user with potential threats of that kind .... but I think that, when launching apps like firefox from Wiskers Menu without, invoking it
normally and not via sudo, I should not be using it "as root", would I ?
I mean, even the root user can launch apps without necessarily endow
them with superpowers, or not ?
device that wasn't mounted in read/write mode while the hack was
running, and
carefully examining the system for changes. Not easy to do, but possible.
If they were running as a user, a logout/in or reboot would end the
loading of the
sites unless an entry was added to autostart it on user login. For
that, reboot,
login as another user, and examine all files the user has write access
that were
modified recently for any scripts, etc. that shouldn't be there. Also
delete
any files in the cache for the possibly infected user.
to your experience, what other strange behaviour should one pay
attention to in order to discover some hacking ? A part from VISIBLE
pop-ups ...
Sometimes I look into task list, but that is useful only when I suspect
sth wrong "a priori" so I know more or less what to look for, and not in general, as many processes are unknown to me but perfectly legal as
system services
There are different threat levels and acceptable risk levels for
different people.
For an average person running any linux system, the primary threat is
financial. If
that is stealing credit cards number stored somewhere ? Many sites using E-carts store it also (dunno if just remotely, locally and remotely, or
just locally ... I think whichever is the worst for me :) :) )
you are concerned that it was more than just zoom bombing, and you use
the possibly
infected account for anything financial, after ensuring the system is
no longer
infected, change all passwords for financial websites.
For someone working with high value information, thanks to the mini os
called uefi,
the motherboard and hard drives should be replaced as the firmware on
either could
be infected leaving a persistent threat that cannot be easily found or
removed.
Holy God ...
frigtening
Personally, if a reboot, or logout/login stops the popups, I wouldn't
worry further
about it. But that's up to you. I wouldn't use zoom though, except
possibly in a
vb guest created just for running zoom, so it doesn't have any access
to the host
system's files.
On 19/04/20 02:12, David W. Hodgins wrote:
For an average person running any linux system, the primary
threat is financial. If
that is stealing credit cards number stored somewhere ?
a trivial (for you) question :
as a single user with a single account (sudo enabled) I
could be defined an user with potential threats of that kind
.... but I think that, when launching apps like firefox from
Wiskers Menu without, invoking it normally and not via sudo,
I should not be using it "as root", would I ?
I mean, even the root user can launch apps without
necessarily endow them with superpowers, or not ?
to your experience, what other strange behaviour should one
pay attention to in order to discover some hacking ? A part
from VISIBLE pop-ups ...
Sometimes I look into task list, but that is useful only
when I suspect sth wrong "a priori" so I know more or less
what to look for, and not in general, as many processes are
unknown to me but perfectly legal as system services
Yesterday I suddenly had problems with popup ads appearing on my system.
The first time I noticed it was while running zoom. Suddenly a little
(say 100x60) window opened up in the bottom right area of my screen with
a picture of a a wonman with large naked breasts appeared, was up for
about 7 sec with some text and then vanished. After I had closed zoom, (
and it was no longer running on my system) other such ads would appear
and then disappear, each time for only a few seconds. These would occur
in general with about an hour or so between them (although at least once
it was just a few minutes between two of them. Sometimes they were not
of naked women telling me they wanted me, but some advertisement for something I did not have time to read, so it was not just zoom that was
doing this.
I usually have a chrome window open, I tried to shut down all web pages
which I thought might have been triggering this, but that did not help.
I finally shut down chrome entirely and that seems to have stopped the
show. I have not noticed this today, while I am using chrome again.
Does anyone know what could be doing this? I have never had this happen before. Mind you I think I have had popups blocked and then when I
wanted to read a newpaper article I opened up the popups again as that website demanded I do so to read the article, and did not block them
again afterwards, so that could have been the problem, with that web
site somehow keeping the web page open that was feeding them to my
system. But that is just a theory.
Does anyone else have with experience with something like this? Is it an indication that my system might have been hacked? Via Zoom? via Chrome?
via ????
Thanks.
I would recommend to not use Zoom at all, it's not their lack of
securing the conferences, it's also their homegrown encryption is so bad that it's not much difference from sending the data in plain text.
Scan for processes, but it seems that it is chrome feature ;)
There is no ActiveX on Linux, as you can look what process
is responsible...
via ????
Thanks.
On 2020-04-19, J.O. Aho <user@example.net> wrote:
...
I would recommend to not use Zoom at all, it's not their lack of
securing the conferences, it's also their homegrown encryption is so bad
that it's not much difference from sending the data in plain text.
You know this how? I doubt that zoom allowed you access to their source
code for the encryption. It is of course possible you are right (many
people think encryption is easy) but that is not what you state. You
state it as a fact.
On 19/04/2020 14.02, Soviet_Mario wrote:
On 19/04/20 02:12, David W. Hodgins wrote:
If you were running either zoom or chrome as root, then
the system could easily
have been hacked, and the only way to confirm would be to
boot from an external
a trivial (for you) question :
as a single user with a single account (sudo enabled) I
could be defined an user with potential threats of that
kind .... but I think that, when launching apps like
firefox from Wiskers Menu without, invoking it normally
and not via sudo, I should not be using it "as root",
would I ?
If you are logged in as a normal user, and you run something
from the DE menu, they tend to be run as the normal user,
unless you have reconfigured the app to run as some other
user (some DE's have a simple option to pick another user,
but tend to be that you need to provide a password unless
you have also edited the sudoers).
I mean, even the root user can launch apps without
necessarily endow them with superpowers, or not ?
root is superuser, so root has to become a normal user with
su/sudo and telling which user. The main thing is, you are
just stupid if you use root as a normal user, the only time
you should and need to have root privileges is when you make
system changes.
If you still think it's cool to run as root, then you can
switch to microsoft windows instead.
device that wasn't mounted in read/write mode while the
hack was running, and
carefully examining the system for changes. Not easy to
do, but possible.
If they were running as a user, a logout/in or reboot
would end the loading of the
sites unless an entry was added to autostart it on user
login. For that, reboot,
login as another user, and examine all files the user has
write access that were
modified recently for any scripts, etc. that shouldn't be
there. Also delete
any files in the cache for the possibly infected user.
to your experience, what other strange behaviour should
one pay attention to in order to discover some hacking ? A
part from VISIBLE pop-ups ...
Anything out of the normal, as extra network traffic for
example.
As we ain't using your computer, we can't say what is normal
on it.
It's good to run things like rkhunter ckhrootkit calmav,
sure they won't be 100% detecting everything but at least
you lessen the possibility for someone taking over your
machine without you knowing it.
Sometimes I look into task list, but that is useful only
when I suspect sth wrong "a priori" so I know more or less
what to look for, and not in general, as many processes
are unknown to me but perfectly legal as system services
There are methods to hid processes, so looking at the
processes running won't give you the whole picture of your
computers activities.
There are different threat levels and acceptable risk
levels for different people.
For an average person running any linux system, the
primary threat is financial. If
that is stealing credit cards number stored somewhere ?
Many sites using E-carts store it also (dunno if just
remotely, locally and remotely, or just locally ... I
think whichever is the worst for me :) :) )
Storing card numbers and card holder data is regulated under
PCI DSS, if you don't follow the regulations you will not be
able to process MasterCard, Visa and JCB, most likely other
cards will follow to ban you too.
It may look for you as it's the e-cart that keeps your card
data, but it's the payment provider, which is a company
providing a service to the e-commerce site you are buying
from. If the e-commerce site would keep your card data, it
would be a high cost for them, PCI Audits annually, fees to
pay and even more if card holder data would leak.
you are concerned that it was more than just zoom
bombing, and you use the possibly
infected account for anything financial, after ensuring
the system is no longer
infected, change all passwords for financial websites.
For someone working with high value information, thanks
to the mini os called uefi,
the motherboard and hard drives should be replaced as the
firmware on either could
be infected leaving a persistent threat that cannot be
easily found or removed.
Holy God ...
frigtening
The scary thing is that you can have a malware installed on
your CPU, running on the Minix that Intel uses in their
CPU's, the malware will have total control of your computer
regardless OS and of course access to all data that the CPU
accessing like authentication keys.
There is no way for you to check what is running on the Minix.
Personally, if a reboot, or logout/login stops the
popups, I wouldn't worry further
about it. But that's up to you. I wouldn't use zoom
though, except possibly in a
vb guest created just for running zoom, so it doesn't
have any access to the host
system's files.
A problem with virtualization is that it ain't as secure,
you giving the GuestOS to close contact to the hardware,
bugs in the virtualization layer has in the past allowd
GuestOS to access HostOS directly.
With the CPU bugs (mainly Intel), there is possibilities to
get data from the HostOS in the same way as you had run the
application directly in the HostOS.
I would recommend to not use Zoom at all, it's not their
lack of securing the conferences, it's also their homegrown
encryption is so bad that it's not much difference from
sending the data in plain text.
On Sun, 19 Apr 2020 14:02:21 +0200, Soviet_Mario wrote:card.
On 19/04/20 02:12, David W. Hodgins wrote:
For an average person running any linux system, the primary
threat is financial. If
that is stealing credit cards number stored somewhere ?
From your standpoint, it is kinda a man in the middle crack.
The browser poisoned DNS Crack:
Let's say you have been surfing and have passed through a malware infected site. As you view pages/articles the malware gets a criminal site DNS
value into your browser's DNS cache for wherever you bank or use your
credit card. The next time you access that "secured" site, the criminal's sites gets your critical information and sends you on to the real site.
Other crack is the malware attacks your router and configures it to
use the criminals DNS server.
For the browser crack, your only defense is always close/exit your
browser when you are going to log into any site that requires id/pw/credit
For the router crack, you need to be running your own DNS server.ups.
I installed the bind package and have the name daemon server doing the look
Best I can do to prevent router access via browser was to configure prioxy
to block access to my router ip address.
snippet from one of my privoxy configuration files.
{ +block +handle-as-image }
.adshuffle.*
adserver.adtechus.com/*
adserver.adtech.de/*
.mspmentor.net/*
.murdoog.com/*
neatfeedback.com/*
.pointroll.*
.bluestreak.*
tcr.tynt.com/*
.media-servers.net/*
.linksynergy.com/*
.unanimis.co.uk/*
{ +block }
192.168.11.1
##------------ end /var/local/config/xx__my.action ------------
On Sun, 19 Apr 2020 08:02:21 -0400, Soviet_Mario=20
<SovietMario@cccp.mir> wrote:
=20
a trivial (for you) question :=20
as a single user with a single account (sudo enabled) I
could be defined an user with potential threats of that kind
.... but I think that, when launching apps like firefox from
Wiskers Menu without, invoking it normally and not via sudo,
I should not be using it "as root", would I ?
I mean, even the root user can launch apps without
necessarily endow them with superpowers, or not ?
It depends on how sudo has been configured. Don't set it to=20
cache the password.
Don't use setuid or setgid programs without ensuring it's=20
necessary, and worth
the risk.
=20
Never run anything that accesses the internet as root, with=20
the exception of
distro supplied update utilities, or simple tools such as=20
ping and traceroute
when debugging a connection.
=20
to your experience, what other strange behaviour should one=20
pay attention to in order to discover some hacking ? A part
from VISIBLE pop-ups ...
Sometimes I look into task list, but that is useful only
when I suspect sth wrong "a priori" so I know more or less
what to look for, and not in general, as many processes are
unknown to me but perfectly legal as system services
For all users, no matter what os they are using ... https://www.techsupportalert.com/safe-hex-safe-computing-practices.htm =
=20
=20
First, remember that security is not a goal you can=20
accomplish. It's a process
built of many layers, that is always a work in progress.
=20
For Mageia users, there is a tool called msec that produces=20
daily and weekly
reports of what is running when it does, that is accessing=20
or listening to
the network.=C2=A0 It includes a report of what's changed in that=20
list since it last
ran, as well as what packages have been changed. Get used to=20
what the reports show,
and pay attention to the changes. The msec tools can also be=20
used to configure
security based on your needs. https://doc.mageia.org/mcc/5/en/content/mcc-security.html
=20
For all linux users, don't install packages that come from=20
sources other then
the distribution, without careful consideration. Avoid=20
closed source packages like
zoom, unless you have no choice. If you must run a package=20
like zoom, keep it in
a virtual machine. While there are security bugs found from=20
time to time in the
various virtualization technologies, it's another layer of=20
security that makes it
harder for malware to access your data.
=20
Learn how to work with files that are kept encrypted while=20
on disk, and only
accessible when you actually need to work with the data they=20
contain. There are
many ways to accomplish this, such as using an encrypted=20
filesystem within files.
=20
The only time one of my systems has been infected, it was=20
with the virus called
ripper (back in dos 6.22 days). I was careless in that I=20
used a brand new disk
drive that had been partitioned by the retail store clerk,=20
without scanning it
for a virus first.
https://malware.wikia.org/wiki/Ripper
As it was a stealth rootkit, I only became aware of it when=20
a program I'd written
did an md5sum check of itself and found it had been=20
modified, so refused to run
with an error message explaining it had been changed.
=20
For linux users, there are a wide variety of tools to do=20
consistency checks for
files, such as aide. Learn about them, and use them.
=20
There are distributions that are very security oriented,=20
such as qubes os.
https://www.qubes-os.org/faq/
=20
Even if you don't decide to use it, it provides a useful=20
guide to
compartmentalization. The concepts it discusses can be=20
implemented in many
ways, such as using different logins for different functions.
=20
Whether using different logins, or different virtual=20
machines, the separations
of what data is accessible to what user's programs are=20
methods of implementing
one level of security.
=20
For threats such as meltdown and spectre, the only real=20
protection is to disable
hyper threading. It cut's cpus available by 50%, but for=20
most people the actual
impact of the reduction is minor.
=20
For bugs in firmware, if the hardware allows it, burn new=20
firmware images into
the EPROM or flash memory, whenever the new version includes=20
security fixes that
fix bugs that may apply to that system's usage. Be aware=20
that burning firmware
images may result in physical damage to the storage meaning=20
the hardware will have
to be replaced, so take that concern into account too.
=20
When buying new hardware, take the time to research known=20
security issues with
the hardware from that manufacturer.
=20
Security is a process. It's up to you to decide what=20
activities are worth what
level of risk.
=20
On example I'll give is router security. I have my router's=20
ip address changed
to a non default address, so if it's settings get remotely=20
reset, I'll lose
internet and lan access till I figure out what's wrong and=20
fix it.
I don't use the router's dns server. I run bind on one of my=20
systems, and use
that as the name server for all systems on my lan. I also=20
have it configured
to block many ad servers, as they are a notorious source of=20
javascript malware.
https://github.com/Trellmor/bind-adblock
=20
Regards, Dave Hodgins
=20
The ad is not up for long enough-- less than 10 sec. To notice it, and
to react usually takes longer than that.
Dunno : I am logged in as single (I mean no other account
exist, and this user is an "admin") user.
from the DE menu, they tend to be run as the normal user,Is it there a way to inquiry the privilege level of a
running process ?
no, did not customize nothing
I have only one user created. When I try to execute some
processes (Synaptic, Gparted and Disks, BitBleach(root))
they asks me for password. From this I tend to think that,
in spite of being an admin, most of work still goes on as
plain user.
Firefox does not asks for password (apart from its internal
master pwd)
If you still think it's cool to run as root, then you can
switch to microsoft windows instead.
cool ? why exactly ?
Anyway, I am the only person on the machine, so I created
one user only. But I never try to escalate privileges if not
necessary (I.G. when some programs ask to, or when I am
denied to change some file and have to)
I don't run any lightweight network monitor.
It would be nice to fine one for XFCE. Just an icon on the
taskbar that, upon hovering the mouse over, pops up some
info dnld/upld speed and so.... do you know any ?
It's good to run things like rkhunter ckhrootkit calmav,
I have clamav but is not in autorun at startup.
On 19/04/20 15:03, J.O. Aho wrote:
On 19/04/2020 14.02, Soviet_Mario wrote:
On 19/04/20 02:12, David W. Hodgins wrote:
If you were running either zoom or chrome as root, then the system
could easily
have been hacked, and the only way to confirm would be to boot from
an external
a trivial (for you) question :
as a single user with a single account (sudo enabled) I could be
defined an user with potential threats of that kind .... but I think
that, when launching apps like firefox from Wiskers Menu without,
invoking it normally and not via sudo, I should not be using it "as
root", would I ?
If you are logged in as a normal user, and you run something
Dunno : I am logged in as single (I mean no other account exist, and
this user is an "admin") user.
from the DE menu, they tend to be run as the normal user,
Is it there a way to inquiry the privilege level of a running process ?
I mean, even the root user can launch apps without necessarily endow
them with superpowers, or not ?
root is superuser, so root has to become a normal user with su/sudo
and telling which user. The main thing is, you are just stupid if you
use root as a normal user, the only time you should and need to have
root privileges is when you make system changes.
I have only one user created. When I try to execute some processes (Synaptic, Gparted and Disks, BitBleach(root)) they asks me for
password.
to your experience, what other strange behaviour should one pay
attention to in order to discover some hacking ? A part from VISIBLE
pop-ups ...
Anything out of the normal, as extra network traffic for example.
I don't run any lightweight network monitor.
It would be nice to fine one for XFCE. Just an icon on the taskbar that, upon hovering the mouse over, pops up some info dnld/upld speed and
so.... do you know any ?
As we ain't using your computer, we can't say what is normal on it.
no, I am not suspecting, I was just asking for some general criteria
It's good to run things like rkhunter ckhrootkit calmav,
I have clamav but is not in autorun at startup.
I also have rkhunter (but I had forgotten to :)). Now I launch it and
see the response.
done (it scanned a lot of things !)
I got 2 warnings
/usr/bin/curl [ Warning ]
/usr/bin/lwp-request [ Warning ]
but dunno what the problem is. Should I try to reinstall those packages ?
on network section the warning are more numerous
Checking for passwd file changes [ Warning ]
Checking for group file changes [ Warning ]
Checking if SSH root access is allowed [ Warning ]
Checking if SSH protocol v1 is allowed [ Warning ]
Checking for hidden files and directories [Warning]
There are different threat levels and acceptable risk levels for
different people.
For an average person running any linux system, the primary threat
is financial. If
that is stealing credit cards number stored somewhere ? Many sites
using E-carts store it also (dunno if just remotely, locally and
remotely, or just locally ... I think whichever is the worst for me
:) :) )
Storing card numbers and card holder data is regulated under PCI DSS,
if you don't follow the regulations you will not be able to process
MasterCard, Visa and JCB, most likely other cards will follow to ban
you too.
I'm unaware of following or not following anything, I mean : FF (and the sites) does what It deem proper. I SAVE login info (under a master password), and surely this is a potential threat, but otherwise it would
be to error-prone and annoying to manually fill forms :\
There is no way for you to check what is running on the Minix.
here on this old machine (from 2010) maybe there is no such stuff ...
the new one ... who knows. It is a SiC computer, intel.
Best I can do to prevent router access via browser was to configure
prioxy to block access to my router ip address.
I have only one user created. When I try to execute some processes
(Synaptic, Gparted and Disks, BitBleach(root)) they asks me for
password. From this I tend to think that, in spite of being an admin,
most of work still goes on as plain user.
There use of home grown encryption has been discussed in security and/orrisk
assessment areas, as well as in the general press.https://tech.slashdot.org/story/20/04/03/165216/zooms-encryption-is-not-suited- for-secrets-and-has-surprising-links-to-china-researchers-discover
For example
It uses poorly designed encryption between the end user and the zoom serverswhere
it's decrypted, prior to being re-encrypted for each of the other users ofthe same
meeting. It's very fast encryption/decryption, but not secure.
As a result, zoom usage has been banned by many governments and companies.
William Unruh wrote:
The ad is not up for long enough-- less than 10 sec. To notice it, and
to react usually takes longer than that.
Did you clean up your browser yet?
From: Mike Easter
Subject: Re: popup ads appearing on my system.
Date: Sat, 18 Apr 2020 15:42:39 -0700
Message-ID: <hg1e30F7qddU1@mid.individual.net>
http://al.howardknight.net/?ID=158731801800
On 19/04/20 15:03, J.O. Aho wrote:
On 19/04/2020 14.02, Soviet_Mario wrote:
On 19/04/20 02:12, David W. Hodgins wrote:
If you were running either zoom or chrome as root, then
the system could easily
have been hacked, and the only way to confirm would be to
boot from an external
a trivial (for you) question :
as a single user with a single account (sudo enabled) I
could be defined an user with potential threats of that
kind .... but I think that, when launching apps like
firefox from Wiskers Menu without, invoking it normally
and not via sudo, I should not be using it "as root",
would I ?
If you are logged in as a normal user, and you run something
Dunno : I am logged in as single (I mean no other account
exist, and this user is an "admin") user.
from the DE menu, they tend to be run as the normal user,
Is it there a way to inquiry the privilege level of a
running process ?
unless you have reconfigured the app to run as some other
user (some DE's have a simple option to pick another user,
but tend to be that you need to provide a password unless
you have also edited the sudoers).
no, did not customize nothing
I mean, even the root user can launch apps without
necessarily endow them with superpowers, or not ?
I have only one user created. When I try to execute some
processes (Synaptic, Gparted and Disks, BitBleach(root))
they asks me for password. From this I tend to think that,
in spite of being an admin, most of work still goes on as
plain user.
Firefox does not asks for password (apart from its internal
master pwd)
If you still think it's cool to run as root, then you can
switch to microsoft windows instead.
cool ? why exactly ?
Anyway, I am the only person on the machine, so I created
one user only. But I never try to escalate privileges if not
necessary (I.G. when some programs ask to, or when I am
denied to change some file and have to)
device that wasn't mounted in read/write mode while the
hack was running, and
carefully examining the system for changes. Not easy to
do, but possible.
If they were running as a user, a logout/in or reboot
would end the loading of the
sites unless an entry was added to autostart it on user
login. For that, reboot,
login as another user, and examine all files the user has
write access that were
modified recently for any scripts, etc. that shouldn't be
there. Also delete
any files in the cache for the possibly infected user.
to your experience, what other strange behaviour should
one pay attention to in order to discover some hacking ? A
part from VISIBLE pop-ups ...
Anything out of the normal, as extra network traffic for
example.
I don't run any lightweight network monitor.
It would be nice to fine one for XFCE. Just an icon on the
taskbar that, upon hovering the mouse over, pops up some
info dnld/upld speed and so.... do you know any ?
As we ain't using your computer, we can't say what is normal
on it.
no, I am not suspecting, I was just asking for some general
criteria
It's good to run things like rkhunter ckhrootkit calmav,
I have clamav but is not in autorun at startup.
I also have rkhunter (but I had forgotten to :)). Now I
launch it and see the response.
done (it scanned a lot of things !)
I got 2 warnings
/usr/bin/curl [ Warning ]
/usr/bin/lwp-request [ Warning ]
but dunno what the problem is. Should I try to reinstall
those packages ?
on network section the warning are more numerous
Checking for passwd file changes [ Warning ]
Checking for group file changes [ Warning ]
Checking if SSH root access is allowed [ Warning ]
Checking if SSH protocol v1 is allowed [ Warning ]
Checking for hidden files and directories [Warning]
Overall it does not seem worrying situation, but I
ckhrootkit no, I don't have it. I'll search later on the repo.
sure they won't be 100% detecting everything but at least
you lessen the possibility for someone taking over your
machine without you knowing it.
Sometimes I look into task list, but that is useful only
when I suspect sth wrong "a priori" so I know more or less
what to look for, and not in general, as many processes
are unknown to me but perfectly legal as system services
There are methods to hid processes, so looking at the
processes running won't give you the whole picture of your
computers activities.
ah, I did not know that.
:\
There are different threat levels and acceptable risk
levels for different people.
For an average person running any linux system, the
primary threat is financial. If
that is stealing credit cards number stored somewhere ?
Many sites using E-carts store it also (dunno if just
remotely, locally and remotely, or just locally ... I
think whichever is the worst for me :) :) )
Storing card numbers and card holder data is regulated under
PCI DSS, if you don't follow the regulations you will not be
able to process MasterCard, Visa and JCB, most likely other
cards will follow to ban you too.
I'm unaware of following or not following anything, I mean :
FF (and the sites) does what It deem proper. I SAVE login
info (under a master password), and surely this is a
potential threat, but otherwise it would be to error-prone
and annoying to manually fill forms :\
It may look for you as it's the e-cart that keeps your card
data, but it's the payment provider, which is a company
providing a service to the e-commerce site you are buying
from. If the e-commerce site would keep your card data, it
would be a high cost for them, PCI Audits annually, fees to
pay and even more if card holder data would leak.
I just used seldom Amazon, Ebay, Wind (IT service provider)
and a few others : all of them store the card number. But as
I said, dunno WHERE. I have no restricted policy on COOKIES,
so most might be saved HERE and not out ... too complex for
me to try to discover such details :(
you are concerned that it was more than just zoom
bombing, and you use the possibly
infected account for anything financial, after ensuring
the system is no longer
infected, change all passwords for financial websites.
For someone working with high value information, thanks
to the mini os called uefi,
the motherboard and hard drives should be replaced as the
firmware on either could
be infected leaving a persistent threat that cannot be
easily found or removed.
Holy God ...
frigtening
The scary thing is that you can have a malware installed on
your CPU, running on the Minix that Intel uses in their
CPU's, the malware will have total control of your computer
regardless OS and of course access to all data that the CPU
accessing like authentication keys.
yes, I had gotten such stuff would run transparently and
under the OS level, alas
There is no way for you to check what is running on the Minix.
here on this old machine (from 2010) maybe there is no such
stuff ... the new one ... who knows. It is a SiC computer,
intel.
Personally, if a reboot, or logout/login stops the
popups, I wouldn't worry further
about it. But that's up to you. I wouldn't use zoom
though, except possibly in a
vb guest created just for running zoom, so it doesn't
have any access to the host
system's files.
A problem with virtualization is that it ain't as secure,
you giving the GuestOS to close contact to the hardware,
bugs in the virtualization layer has in the past allowd
GuestOS to access HostOS directly.
With the CPU bugs (mainly Intel), there is possibilities to
get data from the HostOS in the same way as you had run the
application directly in the HostOS.
I would recommend to not use Zoom at all, it's not their
lack of securing the conferences, it's also their homegrown
encryption is so bad that it's not much difference from
sending the data in plain text.
luckily I don't need Zoom.
Do you think the half a dozen warnings got from RKHUNTER are
worth while ?
On 2020-04-19, Carlos E.R. <robin_listas@es.invalid> wrote:
On 19/04/2020 00.28, William Unruh wrote:
Suspicions:I hate sites that demand popups and usually have them disabled. In this
- A site that enabled notifications. They need the browser that
activated them to be running.
case is was a newspaper site and I enabled them to read that site.
Unfortunately I had no idea how to do it except by enabling them for everything. I had trouble today figuring how to block them-- the chrome settings page is not very transparent.
I think then I forgot about them and left popups enabled, so it is quite possible it was in that way that they got in.
- some popup from some site.
- some crap from zoom. It is known to be a bad thing.
Possibly. I am not at all sure that it is a "bad thing". It has suddenly gotten a lot of light shone on them ( which is good) but with scrutiny
like that, almost anything will reveal warts. Skype has been around (
and is getting worse and worse under MS tutilage) and so people have not scrutinized it to nearly the same extent.
Using Firefox, I can enable popups for a single tab or for a single site.
It is possible I can do that with chrome as well.
No idea what you mean by "admin" in a linux context. Or are you using Windows?
A root user has access to everything on the machine. It can open and
alter any file on the machine. If a hacker breaks in, then as root he
can run anything.
On 2020-04-19, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:
...
There use of home grown encryption has been discussed in security and/or risk
assessment areas, as well as in the general press.
For example https://tech.slashdot.org/story/20/04/03/165216/zooms-encryption-is-not-suited- for-secrets-and-has-surprising-links-to-china-researchers-discover
It of course gives no indication as to what that encryption is. It tends
On Sun, 19 Apr 2020 15:51:26 -0400, William Unruh <unruh@invalid.ca> wrote:
No idea what you mean by "admin" in a linux context. Or are you using
Windows?
It's quite common on linux systems. On Mageia systems ...
$ id adm
uid=3(adm) gid=4(adm) groups=4(adm)
# ls -l /var/log/security|tail -n 1
-rw-r----- 1 root adm 8098 Apr 12 04:23 writable.weekly.yesterday
It allows users who have been added to the adm group to read the securityreports,
without giving them full root authority.
beforeA root user has access to everything on the machine. It can open and
alter any file on the machine. If a hacker breaks in, then as root he
can run anything.
The root user can, but things like the immutable flag may need to be unset
the file can be modified or removed.
Regards, Dave Hodgins
On Sun, 19 Apr 2020 15:23:34 -0400, William Unruh <unruh@invalid.ca> wrote:
On 2020-04-19, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:
...
There use of home grown encryption has been discussed in security and/or risk
assessment areas, as well as in the general press.
For example https://tech.slashdot.org/story/20/04/03/165216/zooms-encryption-is-not-suited- for-secrets-and-has-surprising-links-to-china-researchers-discover
It of course gives no indication as to what that encryption is. It tends
For details of how bad it is, see
Regards, Dave Hodgins
Personally, if a reboot, or logout/login stops the popups, I wouldn't
worry further
about it. But that's up to you. I wouldn't use zoom though, except
possibly in a
vb guest created just for running zoom, so it doesn't have any access to
the host
system's files. The media has made it clear, zoom is not designed to be secure.
On Sun, 19 Apr 2020 15:23:34 -0400, William Unruh <unruh@invalid.ca> wrote:
On 2020-04-19, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:
...
There use of home grown encryption has been discussed in security and/or risk
assessment areas, as well as in the general press.
For example https://tech.slashdot.org/story/20/04/03/165216/zooms-encryption-is-not-suited- for-secrets-and-has-surprising-links-to-china-researchers-discover
It of course gives no indication as to what that encryption is. It tends
For details of how bad it is, see
Regards, Dave Hodgins
On 2020-04-19, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:
For details of how bad it is, see
https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-th e-confidentiality-of-zoom-meetings/
Note that many things in that document are just silly and bad. It is not
a "rollyour own" crypto. They use AES, which is the standard. They use
128 bit key AES, which is not as strong as 256bit AES, but is no slouch. (AFAIK no claims to have reversed 128 bit AES). The use it in CBC mode, which, under some circumstances can leak some information. Certainly
video mode, or audio, the leakage is completely negligible-- In cases
there there are many many repeats of the same 16 byte (128 bit) blocks,
it can do so (which is what that Penguin shows) but as even that page
says, if for example one compresses the image, that goes away-- repeated
16 byte blocks get compressed away. One huge advantage of CBC mode is
that it is error tolerant. Even if bytes get altered in transmission,
they affect only the 16nyte block they are part of not other parts.
Now, for me the biggest problems are the key generation and transport.
Key generation should take place on the host's system, not by zoom. (I
do not know where it is generated, but the suggestion is that it is
generated by "central office".
Key transport should take place in such a
way that only the endpoints know what the key is. There are certainly transport techniques which allow that to happen.
They really really should make the encryption protocol and techniques
public. On the other hand they differ in this in no way from almost all
other systems. Almost noone makes theirs public, for fear of encouraging attacks, and rely on the "Trust us" mantra.
On 20/04/2020 23.23, William Unruh wrote:
On 2020-04-19, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:
For details of how bad it is, see
https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-th e-confidentiality-of-zoom-meetings/
Note that many things in that document are just silly and bad. It is not
a "rollyour own" crypto. They use AES, which is the standard. They use
128 bit key AES, which is not as strong as 256bit AES, but is no slouch.
(AFAIK no claims to have reversed 128 bit AES). The use it in CBC mode,
which, under some circumstances can leak some information. Certainly
video mode, or audio, the leakage is completely negligible-- In cases
there there are many many repeats of the same 16 byte (128 bit) blocks,
it can do so (which is what that Penguin shows) but as even that page
says, if for example one compresses the image, that goes away-- repeated
16 byte blocks get compressed away. One huge advantage of CBC mode is
that it is error tolerant. Even if bytes get altered in transmission,
they affect only the 16nyte block they are part of not other parts.
Take a look at this image:
You will see why you don't want to use ECB.
Also the 5 of the key generation machines are located in China and it
seems that those 5 is most often used for chat encryption, keep in mind
that Zoom shares the keys with the Chinese government.
Now, for me the biggest problems are the key generation and transport.
Key generation should take place on the host's system, not by zoom. (I
do not know where it is generated, but the suggestion is that it is
generated by "central office".
It's generated on 73 different cloud servers, 5 located in China and the rest in US.
Key transport should take place in such a
way that only the endpoints know what the key is. There are certainly
transport techniques which allow that to happen.
As long as you think the Chinese government is part of your
conversation, then it's kind of ok.
They really really should make the encryption protocol and techniques
public. On the other hand they differ in this in no way from almost all
other systems. Almost noone makes theirs public, for fear of encouraging
attacks, and rely on the "Trust us" mantra.
Many do release whitepapers on their encryption or have third party assessments.
Note that many things in that document are just silly and bad. It is not
a "rollyour own" crypto. They use AES, which is the standard. They use
128 bit key AES, which is not as strong as 256bit AES, but is no slouch. (AFAIK no claims to have reversed 128 bit AES). The use it in CBC mode, which, under some circumstances can leak some information. Certainly
video mode, or audio, the leakage is completely negligible-- In cases
there there are many many repeats of the same 16 byte (128 bit) blocks,
it can do so (which is what that Penguin shows) but as even that page
says, if for example one compresses the image, that goes away-- repeated
16 byte blocks get compressed away. One huge advantage of CBC mode is
that it is error tolerant. Even if bytes get altered in transmission,
they affect only the 16nyte block they are part of not other parts.
["Followup-To:" header set to alt.os.linux.mageia.]
On 2020-04-21, J.O. Aho <user@example.net> wrote:
On 20/04/2020 23.23, William Unruh wrote:
On 2020-04-19, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:
For details of how bad it is, see
https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-th e-confidentiality-of-zoom-meetings/
Note that many things in that document are just silly and bad. It is not >>> a "rollyour own" crypto. They use AES, which is the standard. They use
128 bit key AES, which is not as strong as 256bit AES, but is no slouch. >>> (AFAIK no claims to have reversed 128 bit AES). The use it in CBC mode,
which, under some circumstances can leak some information. Certainly
video mode, or audio, the leakage is completely negligible-- In cases
there there are many many repeats of the same 16 byte (128 bit) blocks,
it can do so (which is what that Penguin shows) but as even that page
says, if for example one compresses the image, that goes away-- repeated >>> 16 byte blocks get compressed away. One huge advantage of CBC mode is
that it is error tolerant. Even if bytes get altered in transmission,
they affect only the 16nyte block they are part of not other parts.
Take a look at this image:
https://theintercept.imgix.net/wp-uploads/sites/1/2020/04/ecb-540x235.png?[obje ct+Object]=
You will see why you don't want to use ECB.
Oh come off it. Yes, as I said a picture which has bunches of 16 byte
blocks which are exactly the same, ECB is problematic. But there are trivial ways of changing that. put in single bit dittering in each byte, or compressing the file (which as far as I know zoom does already) The
question is not whether one can find cases where it is bad, the question
is whether in a real life case it is bad.
Also the 5 of the key generation machines are located in China and it
seems that those 5 is most often used for chat encryption, keep in mind
that Zoom shares the keys with the Chinese government.
And that is also as far as anyone knows, crap. On the same level you do
Know that Skype and google and ... all share everything with teh US government:-) [And no, of course I do not know that, just as you do not
know what you are saying]
Now, for me the biggest problems are the key generation and transport.
Key generation should take place on the host's system, not by zoom. (I
do not know where it is generated, but the suggestion is that it is
generated by "central office".
It's generated on 73 different cloud servers, 5 located in China and the
rest in US.
I agree completely that key generation does not belong on servers. It
belongs on the host machine. And for most people, what they are using
zoom for is simply not sensitive information. Zoom is almost certainly
more secure than the telephone.
what the key is."Key transport should take place in such a
way that only the endpoints know what the key is. There are certainly
transport techniques which allow that to happen.
As long as you think the Chinese government is part of your
conversation, then it's kind of ok.
What are you talking about. Do you know what key transport is? To repeat
what I said.
"Key transport should take place in such a way that only the endpoints know
On 21/04/2020 08.18, William Unruh wrote:
["Followup-To:" header set to alt.os.linux.mageia.]
On 2020-04-21, J.O. Aho <user@example.net> wrote:
On 20/04/2020 23.23, William Unruh wrote:
On 2020-04-19, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:
For details of how bad it is, see
https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-th e-confidentiality-of-zoom-meetings/
Note that many things in that document are just silly and bad. It is not >>>> a "rollyour own" crypto. They use AES, which is the standard. They use >>>> 128 bit key AES, which is not as strong as 256bit AES, but is no slouch. >>>> (AFAIK no claims to have reversed 128 bit AES). The use it in CBC mode, >>>> which, under some circumstances can leak some information. Certainly
video mode, or audio, the leakage is completely negligible-- In cases
there there are many many repeats of the same 16 byte (128 bit) blocks, >>>> it can do so (which is what that Penguin shows) but as even that page
says, if for example one compresses the image, that goes away-- repeated >>>> 16 byte blocks get compressed away. One huge advantage of CBC mode is
that it is error tolerant. Even if bytes get altered in transmission,
they affect only the 16nyte block they are part of not other parts.
Take a look at this image:
https://theintercept.imgix.net/wp-uploads/sites/1/2020/04/ecb-540x235.png?[obje ct+Object]=
You will see why you don't want to use ECB.
Oh come off it. Yes, as I said a picture which has bunches of 16 byte
blocks which are exactly the same, ECB is problematic. But there are trivial
ways of changing that. put in single bit dittering in each byte, or
compressing the file (which as far as I know zoom does already) The
question is not whether one can find cases where it is bad, the question
is whether in a real life case it is bad.
ECB is bad and should NEVER be used. Even if you compress data before,
you will leak a lot of data.
Also the 5 of the key generation machines are located in China and it
seems that those 5 is most often used for chat encryption, keep in mind
that Zoom shares the keys with the Chinese government.
And that is also as far as anyone knows, crap. On the same level you do
Know that Skype and google and ... all share everything with teh US
government:-) [And no, of course I do not know that, just as you do not
know what you are saying]
There are differences how the data is used, even FSB is a nice kid
compared with the Chinese. Companies tied close to the Chinese Communist party benefits a lot from the data that the government collects from
foreign businesses.
Sure NSA and FSB helps domestic companies to get hold of information,
but this is more on request bases instead of a constant stream from the agencies to the companies.
Now, for me the biggest problems are the key generation and transport. >>>> Key generation should take place on the host's system, not by zoom. (I >>>> do not know where it is generated, but the suggestion is that it is
generated by "central office".
It's generated on 73 different cloud servers, 5 located in China and the >>> rest in US.
I agree completely that key generation does not belong on servers. It
belongs on the host machine. And for most people, what they are using
zoom for is simply not sensitive information. Zoom is almost certainly
more secure than the telephone.
Sure the phone is insecure, but the difference is that only those can
listen who can access the lines where the audio is sent, this mean for
US users it would just be NSA, not like with Zoom, no matter where the Chinese government has the possibility to take part of your data.
Key transport should take place in such a
way that only the endpoints know what the key is. There are certainly
transport techniques which allow that to happen.
As long as you think the Chinese government is part of your
conversation, then it's kind of ok.
What are you talking about. Do you know what key transport is? To repeat
what I said.
"Key transport should take place in such a way that only the endpoints know what the key is."
That ain't the case for Zoom.
Now, for me the biggest problems are the key generation and transport. >>>>> Key generation should take place on the host's system, not by zoom. (I >>>>> do not know where it is generated, but the suggestion is that it is
generated by "central office".
It's generated on 73 different cloud servers, 5 located in China and the >>>> rest in US.
I agree completely that key generation does not belong on servers. It
belongs on the host machine. And for most people, what they are using
zoom for is simply not sensitive information. Zoom is almost certainly
more secure than the telephone.
Sure the phone is insecure, but the difference is that only those can
listen who can access the lines where the audio is sent, this mean for
US users it would just be NSA, not like with Zoom, no matter where the
Chinese government has the possibility to take part of your data.
Key transport should take place in such a
way that only the endpoints know what the key is. There are certainly >>>>> transport techniques which allow that to happen.
As long as you think the Chinese government is part of your
conversation, then it's kind of ok.
What are you talking about. Do you know what key transport is? To repeat >>> what I said.
"Key transport should take place in such a way that only the endpoints know what the key is."
That ain't the case for Zoom.
J.O. Aho understates the case against China and its involvement in computers and communications.
Chinese military and governmental officials have declared communications
a critical strategic arena in all aspects for China. All Aspects. That includes hacking and cracking the networks of others, government
supervision and monitoring of China's networks by many thousands of
personnel (yeah, China has a lot of people to put on a problem regarded
as important), and domination of outgoing communications channels
whenever possible with propaganda advantageous to China, to include disinformation, misinformation, lies, and when convenient carefully
chosen truths.
The Chinese themselves have repeatedly discussed the saturated
government control of communications means and themes since 1949
when Mao's communists took over. China's government tells you and
others what it wants you to believe, or at least act as if you believe,
and it wants to know everying of significance that you know which is
possibly of consequence to Communist Party rule. That is encompassing,
and China's government is very serious about it. Only capability,
not truth or morality or human rights, are of importance to them.
Implications in computers and communications are profound.
That ain't the case for Zoom.
J.O. Aho understates the case against China and its involvement in computers and communications.
On 2020-04-21, Jim Beard <jim.beard@verizon.net> wrote:
That ain't the case for Zoom.
J.O. Aho understates the case against China and its involvement in computers
and communications.
Here is Zoom's statement about the Chinese servers:
......handle a massive increase in demand. In our haste, we mistakenly added our two Chinese datacenters to a lengthy whitelist of backup bridges, potentially enabling non-Chinese clients to — under extremely limited circumstances — connect to them (namely when the primary non-Chinese servers were unavailable). This configuration change was made in February.
However, in February, Zoom rapidly added capacity to our Chinese region to
Importantly:China datacenters off of the whitelist of secondary backup bridges for users outside of China.
Upon learning of the oversight yesterday, we immediately took the mainland
This situation had no impact on our Zoom for Government cloud, which is aseparate environment available for our government customers and any others who request the specifications of that environment.
Zoom has layered safeguards, robust cybersecurity protection, and internalcontrols in place to prevent unauthorized access to data, including by Zoom employees — regardless of how and where the data gets routed.
--------------------------------------------------
So, incompetence rather than malice is what it looks like to me.
On Tue, 21 Apr 2020 20:52:32 +0000, William Unruh wrote:
On 2020-04-21, Jim Beard <jim.beard@verizon.net> wrote:
That ain't the case for Zoom.
J.O. Aho understates the case against China and its involvement in computers
and communications.
Here is Zoom's statement about the Chinese servers:
https://blog.zoom.us/wordpress/2020/04/03/response-to-research-from-university- of-torontos-citizen-lab/
......
However, in February, Zoom rapidly added capacity to our Chinese region to handle a massive increase in demand. In our haste, we mistakenly added our two Chinese datacenters to a lengthy whitelist of backup bridges, potentially enabling non-Chinese clients to — under extremely limited circumstances — connect to them (namely when the primary non-Chinese servers were unavailable). This configuration change was made in February.
Importantly:
Upon learning of the oversight yesterday, we immediately took the mainland China datacenters off of the whitelist of secondary backup bridges for users outside of China.
This situation had no impact on our Zoom for Government cloud, which is a separate environment available for our government customers and any others who request the specifications of that environment.
Zoom has layered safeguards, robust cybersecurity protection, and internal controls in place to prevent unauthorized access to data, including by Zoom employees — regardless of how and where the data gets routed.
--------------------------------------------------
So, incompetence rather than malice is what it looks like to me.
The one does not rule out the other. Both can be operative.
What you call "malice" (it might also be termed "soverign intent") I consider certain in the case of China.
Whether what you call "incompetence" was a factor or not, I consider
of no importance, in this instance.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 90:49:59 |
Calls: | 6,658 |
Files: | 12,203 |
Messages: | 5,334,155 |