[Hidden-tech] Major security flaw in Zoom

PeopleFirst Tech zach at peoplefirst.tech
Wed Jul 10 16:44:25 UTC 2019


Have you used the popular Zoom platform for videoconferencing or screen
sharing? We primarily don't, but recent security flaws uncovered on Zoom
lead us to suggest that you uninstall it (instructions courtesy of BuzzFeed
<https://www.buzzfeednews.com/article/nicolenguyen/zoom-webcam-hacker-watching-you-vulnerability>
).

Further reading:
https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5

What to Do About It

Go to Zoom settings > Video, and under Meetings, enable “Turn off my video
when joining a meeting.”

OR

Get rid of the Zoom desktop app entirely. If you want to get ahead of
Zoom’s patch, which the company said will be released by midnight tonight,
first you need to shut down the web server. Open the application called
Terminal. Copy and paste this text: lsof -i :19421. Press enter. You’ll get
a string of mumbo jumbo. Underneath the text “PID,” copy the string of
numbers. Then type “kill -9” (without the quotes), add a space after -9,
and paste the PID string of numbers. Press enter. The server has been
killed.

Drag the Zoom app, along with a folder titled “.zoomus,” to the trash can.
Then hover over the trash can, and press CONTROL and click your mouse
simultaneously. Empty the trash can. Boom.


— — —

*Zach Fried*

*PeopleFirst Tech Consulting* <https://peoplefirst.tech/>

Human-Focused Solutions
zach at peoplefirst.tech


By Appointment:

409 Main Street, Suite 214

Amherst, MA 01002

(413) 461-0617
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20190710/39eebd2a/attachment.html>


Google

More information about the Hidden-discuss mailing list