Native software for anything that *can* be done on the web *is a mistake*:https://techcrunch.com/2020/04/01/zoom-doom/ …
-
Show this thread
-
Replying to @slightlylate
TBF, this particular attack is a bit dopey.pic.twitter.com/IpBxIYQUnG
1 reply 0 retweets 3 likes -
Replying to @ericlaw
Yeah, a local priv escalation ain't the end of the world, but this is a trampoline that I have every expectation is going to get re-combined into a dozen new, worse things
1 reply 0 retweets 1 like -
Replying to @slightlylate @ericlaw
You make a couple great points in this thread, but if an attacker has the access required to the physical device to exploit the bugs described, Zoom's security model is the least of your problems. IMO, the article is dramatically overstating the case.
1 reply 0 retweets 1 like -
Replying to @_ericelliott @ericlaw
It's not the instance, it's the trend. The thing about security is that posture is defines outcomes as much as testing. Previously: https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 …https://www.theverge.com/2020/1/28/21082331/zoom-vulnerability-hacker-eavesdrop-security-google-hangouts-skype-checkpoint …
2 replies 0 retweets 1 like
*is what defines outcomes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.