Search Results for “Verge”


May 16, 2020
Kim Lyons / The Verge

Kim Lyons / The Verge  
Faulty Edison Mail Update Allowed Some iOS App Users to See Strangers’ Emails

Edison Mail has rolled back a software update that seemingly allowed some users of its iOS app to see emails from strangers’ accounts. The glitch occurred after users applied the update, which was meant to enable users to sync data across devices. Edison said it was a bug, not a security breach, and that the issue appeared limited to users of the iOS app. The company rolled back the update and contacted affected users.

Related: MacRumors, 9to5Mac, TechNadu, PhoneArena, Ubergizmo, Daring Fireball, SlashGear

Tweets:@MagnussonP @zmknox


April 24, 2020
Tom Warren / The Verge

Tom Warren / The Verge  
Nintendo Confirms That Up to 160,000 Accounts May Have Been Accessed in Recent Attacks, Disables Nintendo Network IDs

Nintendo has confirmed reports of a breach and is disabling the ability to log into a Nintendo Account through a Nintendo Network ID (NNID) after 160,000 accounts have been affected by hacking attempts. Login IDs and passwords were “obtained illegally by some means other than our service,” the company said in a statement. During the breach, nicknames, date of birth, country, and email addresses may have been accessed, and some accounts may have experienced fraudulent purchases. Passwords are being reset for all affected accounts, and Nintendo urges users to implement two-factor authentication.

Related: Polygon – All, Tom’s Guide News, Evening Standard, Techradar, IGN All, ZDNet Security, Kotaku, Trusted Reviews, Silicon Republic, The Sun, Engadget


April 25, 2020
Russell Brandom / The Verge

Russell Brandom / The Verge  
Apple and Google Reveal Enhanced Privacy Practices for Coronavirus Contact Tracing App, Say It Will Be Disbanded Once Virus is Contained

Apple and Google released a set of FAQs regarding their ambitious joint coronavirus contact tracing app and outlined some of their privacy practices and pledged for the first time to disband their effort after the virus becomes contained. Under a new encryption specification, daily tracing keys will now be randomly generated rather than mathematically derived from a user’s private key and will be called temporary tracing keys. More importantly, the daily tracing key is shared with the central database if a user decides to report their positive diagnosis. The companies also developed a new system for encrypting Bluetooth transmissions such that they cannot be decoded in transit. Finally, the companies will no longer call their effort contact-tracing system but instead refer to it as an “exposure notification” system.

Related: CNET News, Engadget, AppleInsider, UPI.com, CERT-EU , CNBC Technology, Bloomberg Technology, SlashGear, TechCrunch, Android Authority, Reuters, Axios, FOX News, VentureBeat, Tech Insider, iMore, HealthITSecurity, HotHardware.com, Trusted Reviews, MobileSyrup.com, ExtremeTech, Bloomberg Technology, BBC News, PhoneArena, Security News | Tech Times, iPhone Hacks, MacRumors, Slashdot, Vox, TechTarget, The New Stack, Cult of Mac,  Apple-Google (PDF)

Tweets:@markgurman @stshank

CNET News: Apple and Google’s coronavirus tracking tool: How privacy fits in – CNET
Engadget: Google and Apple detail privacy measures ahead of coronavirus tracking tests
AppleInsider: Apple and Google evolve Exposure Notification to boost privacy, enhance encryption
UPI.com: Joint Apple-Google coronavirus tracker gets improved technology
CNBC Technology: Apple and Google are tweaking plans for tech to help officials track coronavirus exposure
Bloomberg Technology: Apple, Google Boost Privacy Protections for Contact-Tracing Tool – Bloomberg
SlashGear: Apple and Google change coronavirus contact tracing after privacy pushback
TechCrunch: Apple and Google update joint coronavirus tracing tech to improve user privacy and developer flexibility
Android Authority: Google and Apple announce new contact tracing name and security measures
Reuters: Apple, Google update coronavirus contact tracing tech ahead of launch
Axios: Apple, Google tweak contact tracing specs as launch nears
FOX News: Apple and Google will shut down coronavirus tracing app when pandemic ends, companies say
VentureBeat: Apple and Google build more privacy and flexibility into Bluetooth contact tracing tech
Tech Insider: Google and Apple are adding some key privacy boosts to their upcoming coronavirus-tracking tool, and say they’ll shut it down once the pandemic is over (APPL, GOOG, GOOGL)
iMore: Apple and Google will disable COVID-19 tracing when pandemic ends
HealthITSecurity: ACLU, Scientists Urge Privacy Focus for COVID-19 Tracing Technology
HotHardware.com: Apple And Google Clarify COVID-19 Contact Tracing Pact Following Privacy Uproar
Trusted Reviews: Can privacy survive coronavirus? Apple and Google detail contract tracing plans
MobileSyrup.com: Apple, Google update exposure notification APIs with new protections and capabilities
ExtremeTech: Apple, Google Announce Privacy Changes to Coronavirus Tracing
Bloomberg Technology: Apple, Google Boost Privacy Protections for Contact-Tracing Tool – Bloomberg
BBC News: Apple and Google accelerate coronavirus contact tracing apps plan
PhoneArena: Apple and Google make changes to their contact tracing solution to address privacy concerns
Security News | Tech Times: Apple, Google to Terminate COVID-19 Tracking Tools When Pandemic Ends, But Here’s The Catch
iPhone Hacks: Apple, Google Introduce Privacy and Accuracy Related Changes to Upcoming COVID-19 Exposure Notification App
MacRumors: Apple and Google Strengthen Privacy of COVID-19 Exposure Notification System, Targeting Next Week for Beta Release
Slashdot: Apple and Google Pledge To Shut Down Coronavirus Tracker When Pandemic Ends
Vox: Could contact tracing bring the US out of lockdown?
TechTarget: NHSX reveals full details of UK Covid-19 contact-tracing strategy
The New Stack: Safe Paths: MIT Coronavirus Contact-Tracing App Protects User Privacy
Cult of Mac: Apple and Google enhance protection for contact-tracing tool; target beta for next week
Vox: Apple and Google’s new contact tracing tool is almost ready. Just don’t call it a contact tracing tool.
Apple-Google: Exposure Notification Frequently Asked Questions (PDF)

@markgurman: Apple and Google are upping the privacy protections of its Covid-19 Contact Tracing tool (now called Exposure Notification) — adding more randomly generated keys, Bluetooth metadata encryption, exposure recording limit of 30 minutes. It’s also launching in beta next week.
@stshank: Apple and Google have updated their coronavirus contact tracing technology to try to address privacy concerns (and to make it easier for health authorities to write apps): https://cnet.com/news/google-apple-adjust-coronavirus-tracking-app-to-get-ahead-of-privacy-concerns/ from @iansherr


April 22, 2020
Tom Warren / The Verge

Tom Warren / The Verge  
Zoom Releases 5.0 Update That Includes Spate of New Security Features Including Default Passwords and Improved Encryption

A new Zoom 5.0 update is rolling out today designed to address some of the many complaints that Zoom has faced in recent weeks. The latest release includes a security icon that groups together several Zoom’s security features such as the ability to lock meetings quickly, remove participants, and restrict screen sharing and chatting in meetings. Zoom is also now enabling passwords and waiting rooms by default for most customers, and IT admins can define passwords’ complexity.  On top of that, Zoom is also improving some of its encryption and upgrading to the AES 256-bit GCM encryption standard, which, while not end-to-end encryption as some of Zoom’s previous marketing materials indicated, is nonetheless an improvement.

Related: TechRepublic, Reuters, PhoneArena, 9to5Mac, Neowin, ZDNet Security, Android Central, Windows Central, The Register – Security, CISO MAG, WCCFtech, BetaNews, HotHardware, Computerworld Security


May 21, 2020
Russell Brandom / The Verge

Russell Brandom / The Verge  
Apple and Google Roll Out Support for Their Coronavirus Exposure Notification System, Three U.S. States, Twenty-Two Countries Sign Up

In a move that makes digital contact tracing one step closer to reality in the U.S. and other countries, Apple and Google rolled out support for their coronavirus exposure notification system, as implemented in an update to iOS and Android. The joint system uses a complex BLE Beacon protocol to allow users to track recent exposures to other users who have tested positive for COVID-19. Both tech giants pledge not to monetize the data and to shut down the system once the tracking is no longer needed. Three U.S. states have come forward to announce their own notification systems based on the app – Alabama, South Carolina, and North Dakota. The companies say 22 countries have separately received access to the API, although it declined to name specific nations.

Related: Business Insider, iMore, Android Central , Mic, Fortune, Roll Call, Future of Privacy Forum, Android Authority, iPhone Hacks, ET news, Tech Insider, WRAL Tech Wire, Gulf News Technology, LA Daily News, TIME, POLITICO, MacRumors, MacDailyNews, TechCrunch, xda-developers, Vox, MacRumors, iMore, Pocket-lint, Input, MacStories, Patently Apple, MacDailyNews, Gizmodo Australia, Slashdot, BBC, The Guardian, MacDailyNews, TechCrunch, POLITICO, Fortune, LA Daily News, TIME, IT News, iMore, channelnews, ZDNetMacRumors, MacDailyNews, Techdirt, xda-developers, Apple Newsroom, MacStories, Android Authority, Pocket-lint, Techradar, Vox

Tweets:@carolineha_ @lukOlejnik @LeoKelion @geoffreyfowler

Business Insider: Apple and Google are making their COVID-19 exposure tech available to public health agencies, which means you’ll soon have access to contact tracing apps (GOOG, GOOGL, APPL)
iMore: Apple and Google officially launch Exposure Notifications to fight COVID-19
Android Central : Apple and Google officially launch Exposure Notifications to fight COVID-19
Mic: The Trump administration demanded the U.N. remove abortion access from its pandemic response plan
Fortune: Apple, Google’s COVID-19 tracing tool is one big step closer to being put to use
Roll Call: Apple, Google release template for COVID-19 contact tracing apps
Future of Privacy Forum: FPF CEO: Will I Install an Exposure Notification App? Thoughts on the Apple-Google API
Android Authority: Google and Apple announce exposure notification API (Update: Now public)
iPhone Hacks: Apple Releases iOS 13.5 and iPadOS 13.5 with Exposure Notification API for Contact Tracing Apps
ET news: ‘Failed mishmash’ of privacy protections insufficient for NHS app users
Tech Insider: Apple and Google are making their COVID-19 exposure tech available to public health agencies, which means you’ll soon have access to contact tracing apps (GOOG, GOOGL, APPL)
WRAL Tech Wire: Apple, Google release technology for pandemic apps tracking COVID-19 exposure
Gulf News Technology: Apple, Google release technology for COVID-19 apps
LA Daily News: Apple, Google release technology for pandemic apps
TIME: Apple and Google Release Smartphone Technology to Notify People of Possible Coronavirus Exposure
POLITICO: Apple, Google release coronavirus-tracing software — but will it help?
MacRumors: Apple and Google Launch COVID-19 Exposure Notification API, Over 20 Countries Have Requested and Received Access
MacDailyNews: Apple TV+ faces dual challenges
TechCrunch: Apple and Google launch exposure notification API, enabling public health authorities to release apps
xda-developers: [Update 6: API Live] Google and Apple announce the Contact Tracing API and Bluetooth spec to warn users of COVID-19
Vox: Apple and Google roll out their new exposure notification tool. Interest seems limited.
MacRumors: Apple Releases iOS and iPadOS 13.5 With Exposure Notification API, Face ID Mask Updates, Group FaceTime Changes and More
iMore: Apple releases iOS 13.5 with exposure notification API, Face ID updates
Pocket-lint: What’s new in iOS 13.5? COVID-19 Exposure Notification API and more
Input: iOS 13.5 is here with smarter Face ID unlock when you’re wearing a face mask
MacStories: Apple Releases iOS 13.5 with COVID-19 Exposure Notifications, Face ID Bypass for Masks, FaceTime Setting, and Apple Music Stories Sharing
Patently Apple: A Bitter Ex-Apple Sub-Contractor in Europe is demanding that action be taken against Apple for basically ‘wiretapping entire populations’ via Siri
MacDailyNews: Siri whistleblower goes public over ‘lack of action,’ says Apple should face consequences
Gizmodo Australia: Siri Whistleblower Goes Public To Protest Lack Of Consequences For Apple
Slashdot: Apple Whistleblower Goes Public Over ‘Lack of Action’
BBC: Apple and Google release marks ‘watershed moment’ for contact-tracing apps
The Guardian: Apple and Google release phone technology to notify users of coronavirus exposure
MacDailyNews: How to opt out of COVID-19 contact tracing in iOS 13.5
TechCrunch: Apple and Google launch exposure notification API, enabling public health authorities to release apps
POLITICO: Apple, Google release coronavirus-tracing software — but will it help?
Fortune: Apple, Google’s COVID-19 tracing tool is one big step closer to being put to use
LA Daily News: Apple, Google release technology for pandemic apps
TIME: Apple and Google Release Smartphone Technology to Notify People of Possible Coronavirus Exposure
WRAL Tech Wire: Apple, Google release technology for pandemic apps tracking COVID-19 exposure
LA Daily News: Apple, Google release technology for pandemic apps
TIME: Apple and Google Release Smartphone Technology to Notify People of Possible Coronavirus Exposure
IT News : Apple-Google contact tracing tech draws interest in 23 countries, some hedge bets
iMore: Apple and Google officially launch Exposure Notifications to fight COVID-19
channelnews: Could Apple & Google’s COVID-19 Tracing Tech Make COVIDSafe Better?
ZDNet: Apple releases iOS 13.5 with COVID-19 contact tracing feature, Face ID improvements
MacRumors: Apple and Google Launch COVID-19 Exposure Notification API, Over 20 Countries Have Requested and Received Access
MacDailyNews: Apple TV+ faces dual challenges
Techdirt: The Case For Contact Tracing Apps Built On Apple And Google’s Exposure Notification System
xda-developers: [Update 6: API Live] Google and Apple announce the Contact Tracing API and Bluetooth spec to warn users of COVID-19
Apple Newsroom: iPhone SE: A powerful new smartphone in a popular design
MacStories: Apple Releases iOS 13.5 with COVID-19 Exposure Notifications, Face ID Bypass for Masks, FaceTime Setting, and Apple Music Stories Sharing
Android Authority: Google and Apple announce exposure notification API (Update: Now public)
Pocket-lint: What’s new in iOS 13.5? COVID-19 Exposure Notification API and more
iMore: Apple releases iPadOS 13.5
Pocket-lint: What’s new in iOS 13.5? COVID-19 Exposure Notification API and more
Techradar: iOS 13.5 is here – why you should download it right away
Vox: Apple and Google roll out their new exposure notification tool. Interest seems limited.

@carolineha_: By the way, Apple + Google's API — the backbone that public health authorities can use to build exposure notification apps — went out today. The companies said today that "a number" of US states and 22 countries on 5 continents have requested access
@lukOlejnik: Here's how Google Play will verify that the contact tracing apps are actually from "national health authorities". Seems the system may behave differently if there's a risk of "high risk of transmission". What does it mean? I don't know! #COVID?19 https://support.google.com/googleplay/and
@LeoKelion: Apple and Google have delivered - now public health authorities get to see if there's real advantage in adopting their Covid-19 contact tracing model. But there may be some teething issues along the way
@geoffreyfowler: Apple and Google’s coronavirus exposure software is here, along with iOS 13.5 Now we’re waiting for apps that that use it. So far, we just know 3 states saying they’re going to try: Alabama, South Carolina and North Dakota.


March 6, 2020
Dan Goodin / Ars Technica

Dan Goodin / Ars Technica  
‘Unfixable’ Flaw in All Intel Chips Released Over the Past Five Years Could Allow Attackers to Execute Malicious Code

Patches that Intel has issued for flaws that allow attackers to defeat a host of security measures may be insufficient to protect systems adequately, researchers at Positive Technologies said, with virtually all Intel chips released in the past five years containing an unfixable flaw.  The flaw is in the Converged Security and Management Engine, often abbreviated as CSME, a subsystem inside Intel CPUs and chipsets that’s roughly analogous to AMD’s Platform Security Processor. The CSME implements the firmware-based Trusted Platform Module used for silicon-based encryption, authentication of UEFI BIOS firmware, Microsoft System Guard and BitLocker, and other security features. The bug stems from the failure of the input-output memory management unit to implement early enough in the firmware boot process, which could allow malicious code to be executed with the highest privilege levels. Intel says that installing the CSME and BIOS updates with end of manufacturing set by the system manufacturer “should” mitigate local attacks. However, researchers at Positive Technologies say this might not sufficiently reduce the problem.

Related: Newsweek, SecurityWeek, CSO Online, Positive Technologies, ZDNet, Motley Fool, Ars Technica, WCCFtech,  ARN, SC Magazine, Appuals.com, SiliconANGLE, SC Magazine, TechSpot, Digital Trends, gHacks, KitGuru, eTeknix, Gizmodo, TechCentral.ie, Windows Central, Silicon Republic, Reddit – cybersecurity, Daily Mail,Tech Insider, SlashGear » security, The Tech Report, TechTarget, The Verge, Ubergizmo, BGR, OnMSFT.com, The Hacker News, Apple Insider, Appuals.com, CNET, IT World Canada, ExtremeTech, WinBuzzer, Dark Reading: Attacks/Breaches

Tweets:@reneritchie

Newsweek: New Intel CSME CPU Bug is ‘Unfixable’ Security Vulnerability Affecting Chipsets Released Over Last Five Years
SecurityWeek: Vulnerability in Intel Chipsets Allows Hackers to Obtain Protected Data
CSO Online: Intel CSME flaw is unpatchable, researchers warn
Positive Technologies: Intel x86 Root of Trust: loss of trust
>ZDNet: Intel CSME bug is worse than previously thought
Motley Fool: Intel Chip Flaw Proves Unfixable Despite Patches
Ars Technica: 5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable
WCCFtech: Deep Learning Breakthrough Results In A Single Intel Xeon Destroying 8x NVIDIA Tesla V100 GPUs
ARN: Design flaw could compromise Intel platform security features, researchers warn
SC Magazine: Intel flaw impacts most new Intel chipsets | SC Media
Appuals.com: Intel Next-Gen Performance NUC 11 Mini-PCs To Feature 11th Gen 10nm+ Core Tiger Lake-U Series CPUs
SiliconANGLE: Intel chipset vulnerability can be exploited to obtain encrypted data
SC Magazine: Intel flaw impacts most new Intel chipsets | SC Media
TechSpot: Intel CSME vulnerability allows hackers to break encryption and DRM
Digital Trends : Uh oh: There’s an unfixable security vulnerability in Intel processors
gHacks: UserBenchmark is a freeware benchmarking tool that tells if your components are performing to their potential
KitGuru: Researchers find new Intel security vulnerability that is “impossible to fix”
eTeknix: Another Intel Vulnerability, and it’s Unfixable…
Gizmodo: Unfixable Flaw in Intel Chipsets Opens Encrypted Data to Hackers
TechCentral.ie: Intel CSME flaw is unpatchable, researchers warn
Windows Central : Serious Intel CPU security flaw affects millions and can’t be fixed
Silicon Republic: Major flaw discovered in many Intel chips from the last five years
Reddit – cybersecurity: A major new Intel processor flaw could defeat encryption and DRM protections. Exciting to see what becomes of this in regard to the gaming industry.
Daily Mail : Unfixable flaw in Intel chips from the last five years could let cyber criminals hijack computers
Tech Insider: Renee James has wowed the chip industry with a new ARM chip for data centers that has put Intel, her former company, on notice
SlashGear » security: Intel CSME flaw: 5 years of chips have a truly ominous, unfixable flaw
The Tech Report: Unfixable vulnerability found in Intel CPUs
TechTarget: Intel CSME flaw deemed ‘unfixable’ by Positive Technologies
The Verge : A major new Intel processor flaw could defeat encryption and DRM protections
Ubergizmo : New Intel Chip Flaw Discovered, Might Be Unpatchable
BGR: Intel’s unfixable chip flaw could give hackers access to encrypted data
OnMSFT.com: Researchers discover new security flaw affecting Intel CPUs from last 5 years
The Hacker News: This Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years
Apple Insider : New Intel chip flaw threatens encryption, but Macs are safe
Appuals.com: Intel Consumer-Grade CPUs Unfixable Hardware-Level Security Vulnerability Discovered But It Is Difficult To Exploit
CNET: ‘Unfixable’ hole in Intel ROM exposes all but latest chips to attack, researchers say
IT World Canada: Vulnerability in Intel chipsets could lead to ‘chaos’, predicts report
ExtremeTech: Intel Has an Unfixable Chipset Security Flaw. Is it a Risk?
WinBuzzer: Intel Has Been Hit by Another “Unfixable” CPU Flaw That Could Lead to Undetectable Malware
Dark Reading: Attacks/Breaches: Physical Flaws: Intel’s Root-of-Trust Issue Mostly Mitigated

@reneritchie: NB: Apple’s Mac computers are unaffected by this latest Intel CSME security flaw. FileVault doesn’t use any Intel security features and T2 Macs exclusively use T2.


April 2, 2020
Romain Dillet / TechCrunch

Romain Dillet / TechCrunch  
Zoom CEO Apologizes for Security and Privacy Glitches, Says Company Will Implement 90-Day Feature Freeze and Work with Third-Party Experts to Produce Transparency Report

Wildly popular videoconferencing app Zoom has been battered with a series of privacy and security controversies since its meteoric rise during the COVID-19 crisis even as the company has quickly signed up 200 million new users. In the wake of these controversies, CEO Eric S. Yuan has written a lengthy blog post to address some of the concerns around Zoom. In particular, Yuan said that Zoom is enacting a 90-day feature freeze during which the company won’t ship any new feature until it is done fixing the current feature set. Zoom will also work with third-party experts and prepare a transparency report. Yuan apologized for the glitches saying that “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home.”

Related: Forbes, CNET, Neowin, BusinessLine – Home, iPhone Hacks, Engadget, The Verge, Business Insider, TechJuice, HOTforSecurity, Computer Business Review, GeekWire, Reuters: Top News, PhoneArena, Android Authority, ZDNet Security, ExtremeTech, MobileSyrup.com, WCCFtech, Trusted Reviews, TechNadu, RTE, E-Commerce Times, GBHackers On Security, 9to5Mac, Digital Trends, Telecomlive.com, Android Central , iMore, Windows Central ,South China Morning Post, Big News Network, Thomas Brewster – Forbes, Android Authority, Graham Cluley, Telecompaper Headlines, MobileSyrup.com, The Financial Express, Security AffairsUbergizmo, ET news, Fast Company, USA Today, SlashGear » security, City A.M. – Technology, The State of Security, TechWorm, The Hill, CBSNews.com, The Next Web, E Hacking News, BBC News, Digital Trends, BetaNews, The Verge, Tom’s Guide News, Zoom

Tweets:@josephfcox @TheHackersNews @runasand @ashk4n

Forbes : Zoom Just Made These Powerful COVID-19 Security And Privacy Moves Following Outcry
CNET: Zoom boss says it’ll freeze feature updates to address security issues
Neowin: Zoom to fix security and privacy issues in 90-day feature freeze
BusinessLine – Home: Zoom announces 90-day freeze on feature updates to focus on privacy and security
iPhone Hacks: Zoom Announces 90 Days Feature Freeze, Will Work on Improving the Security Of Its Platform
Engadget: Zoom vows to win back user trust with extensive security review
The Verge: What Zoom doesn’t understand about the Zoom backlash
Business Insider: Zoom’s CEO apologizes for its many security issues as daily users balloon to 200 million
TechJuice: ‘Zoombombing’ is becoming an issue amid rising popularity due to coronavirus
HOTforSecurity: Zoom-bombing: FBI warns of rise in teleconference hijacking amid stay-at-home order
Computer Business Review: Zoom Security Storm: Company Apologises, Hackers Squabble
GeekWire: Zoom Security Storm: Company Apologises, Hackers Squabble
Reuters: Zoom pulls in more than 200 million daily video users during worldwide lockdowns
PhoneArena: SpaceX employees forbidden from using the Zoom app over privacy concerns
Android Authority: Zoom won’t add new features for 90 days as it tackles privacy, security woes
ZDNet Security: Zoom: We’re freezing all new features to sort out security and privacy
TechCrunch: Zoom freezes feature development to fix security and privacy issues
ExtremeTech: Zoom’s Security and Privacy Practices Kind of Zuck
MobileSyrup.com: Zoom vows to fix issues around privacy and security within 90-days
WCCFtech: Zoom Gets Banned at SpaceX Following Privacy Concerns
Trusted Reviews: Why Zoom is attracting so much criticism right now
RTE: Zoom stops product development to fix security issues
E-Commerce Times: Zoom’s Soaring Popularity Is a Double-Edged Sword
9to5Mac: Zoom penetration tests commissioned to improve ‘trust, safety and privacy’
Digital Trends: SpaceX tells workers to ditch Zoom over ‘significant’ privacy concerns
Android Central : Zoom apologizes over security and privacy issues and freezes new features
iMore: Zoom apologizes over security and privacy issues and freezes new features
Windows Central : Zoom apologizes over security and privacy issues and freezes new features
Channel News Asia: Elon Musk’s SpaceX bans Zoom over privacy concerns
Tech Insider: Elon Musk’s SpaceX bans Zoom over security and privacy concerns
Thomas Brewster – Forbes: Why Zoom Really Needs Better Privacy: $1.3 Million Orders Show The US Government’s COVID-19 Response Is Now Relying On It
Android Authority: Zoom won’t add new features for 90 days as it tackles privacy, security woes
Graham Cluley: Zoom promises to improve its security and privacy as usage (and concern) soars
Telecompaper Headlines: Zoom promises full security review as users pass 200 mln per day
MobileSyrup.com: Zoom vows to fix issues around privacy and security within 90-days
The Financial Express: Has Zoom got it right on security?
Security Affairs: Crooks use tainted Zoom apps to target users at home due to Coronavirus outbreak
Ubergizmo: Zoom Pledges To Spend The Next 90 Days Fixing Its Privacy And Security Issues
ET news: Security snafus exhumed amid Zoom boom
Fast Company: Elon Musk’s SpaceX bans employees from using Zoom over ‘significant privacy and security concerns’
USA Today: Zoom to focus on security, privacy, CEO says, as usage booms during coronavirus crisis
SlashGear » security: Zoom CEO responds: What happens next for hit video calling app
City A.M. – Technology: Zoom vows to fix security issues as it hits 200m daily users
The State of Security: Zoom promises to improve its security and privacy as usage (and concern) soars
TechWorm: Zoom Security Vulnerability Leaks Windows Login Credentials To Hackers
The Hill: Zoom vulnerabilities draw new scrutiny amid coronavirus fallout
CBSNews.com: FBI warns of online attacks on video conference app Zoom
The Next Web: After a litany of security fuck-ups, Zoom promises weekly updates
E Hacking News: Hackers use fake Zoom domains to spread malware
BBC News: Zoom boss apologises for security issues and promises fixes
Digital Trends: Zoom freezes development of new features to fix privacy issues
Trusted Reviews: Why Zoom is attracting so much criticism right now
BetaNews: Zoom issues an apology for privacy and security issues, will enact a feature freeze to focus on fixes
The Verge: Zoom announces 90-day feature freeze to fix privacy and security issues
Tom’s Guide News: Zoom privacy and security issues: Here’s everything that’s wrong (so far)
Zoom: A Message to Our Users

@josephfcox: Zoom announces several changes, such as a "feature freeze" and moving all engineering resources to fixing privacy and security issues; enhancing its bug bounty program https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/
@TheHackersNews: UPDATE: After facing backlash over #privacy & security concerns, #Zoom today issued updates to patch some recently disclosed flaws & also announced to enhance its #bugbounty program and shift all of its engineering resources to resolve further issues. https://thehackernews.com/2020/04/zoom-windows-password.html
@runasand: Letter from @zoom_us CEO @ericsyuan outlines what the company has done and will do moving forward to address issues and concerns, including shifting “engineering resources to focus on our biggest trust, safety, and privacy issues.”
@ashk4n: I have to say the response from @zoom_us to all the privacy, security, and #abusability issues surrounding their platform is very good: CEO acknowledges the specific problems, lays out steps they’re taking to fix them, and clear communicates steps to users


April 3, 2020
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
New Automated Zoom Meeting Discovery Tool ‘zWarDial’ Shows Many Zoom Meetings Are Unprotected by Passwords as FBI Issues Warning of ‘Zoombombing’

According to data gathered by a new automated Zoom meeting discovery tool dubbed “zWarDial,” a substantial number of meetings at major corporations are not being protected by a password, which could lead to those meetings being “Zoom bombed” or eavesdropped upon. Each Zoom conference call is assigned a Meeting ID that consists of 9 to 11 digits. Naturally, hackers have figured out they can simply guess or automate the guessing of random IDs within that space of digits. The incidence of Zoombombing has reached such a peak that the FBI issued a warning earlier this week about the problem and guided how to keep meetings secure.

Related: TechBeacon, Thomas Brewster – Forbes, Slashdot, iTnews – Security, USA Today, bobsullivan.net, MacRumors, The Register – Motley Fool, Techerati, ExtremeTech, Fortune, MarketWatch.com – Software Industry News, E-Commerce Times, The Guardian,  BGR, CNN.com, WashingtonExaminer.com, Pocket-lint, The Verge, HealthITSecurity, SecurityWeek, iTnews – Security, SiliconANGLE,channelnews, Blog – Wordfence, FOX News, Big News Network, Inverse, Slashdot, The Verge,The Hill, Futurism, Rapid7, Motley Fool, rthk.hk Local, Mashable, Inverse, EFF, ExtremeTech, Verdict, Popular Science, Heavy.com, The Sun, TechTarget, The Sun, New Zealand Herald – Top Stories, Android Central , Tech Insider, Vox

Tweets:@iblametom

TechBeacon: Zoom: Just one click, and privacy went ‘boom’
Thomas Brewster – Forbes: Why Zoom Really Needs Better Privacy: $1.3 Million Orders Show The US Government’s COVID-19 Response Is Now Relying On It
Slashdot: SpaceX Bans Zoom Over Privacy Concerns
iTnews – Security: Musk’s SpaceX bans Zoom over privacy and security concerns
USA Today: Do these things to keep hackers out of your Zoom calls
bobsullivan.net: As Zoom use explodes, so do Zoom problems. Here’s my security checklist
MacRumors: Zoom Updates Mac App Installer to Remove Controversial ‘Preflight’ Installation Method
Cyber News Group : Zoom now being sued through sharing personal data – UK government, however, defends its use
The Register – Security: Yeah, that Zoom app you’re trusting with work chatter? It lives with ‘vampires feeding on the blood of human data’
Heimdal Security : SECURITY ALERT: Zoom Under Scrutiny in Wake of UNC Patch Injection Issue Disclosure
Reddit – cybersecurity: Zoom has another security flaw. ‘Researchers at a company called Bleeping Computer have exposed another security flaw with the conferencing application Zoom—one that allows hackers to steal user passwords.’
US-CERT Current Activity: FBI Releases Guidance on Defending Against VTC Hijacking and Zoom-bombing
Infosecurity.US: The Continuing ZOOM Security Fails: A Litany Of Security Incompetence
Cult of Mac: 5 Zoom alternatives to keep you connected during COVID-19 crisis
Verdict: Zoom unveils 90-day plan to rebuild reputation
Motley Fool: Zoom Freezes All New Feature Rollouts to Shift Resources Toward Privacy and Safety
Techerati: Zoom halts development to plug security holes
ExtremeTech: Zoom Removes Tool That Secretly Displayed Your LinkedIn Data
Fortune: Zoom meetings keep getting hacked. Here’s how to prevent ‘Zoom bombing’ on your video chats
MarketWatch.com – Software Industry News: Zoom Video lurches from boom to backlash amid privacy issues, ‘Zoom bombing’ attacks
E-Commerce Times: Zoom’s Soaring Popularity Is a Double-Edged Sword
The Guardian: ‘Zoom is malware’: why experts worry about the video conferencing platform
BGR: Zoom responds to backlash over privacy concerns
CNN.com: Zoom CEO apologizes for having ‘fallen short’ on privacy and security
WashingtonExaminer.com: ‘Zoom-bombing’ and privacy flaws plague app that has become immensely popular during coronavirus outbreak
Pocket-lint: Zoom pauses new features to focus on security as users grow 20x in three months
The Verge: Zoom quickly fixes ‘malware-like’ macOS installer with new update
HealthITSecurity: Zoom to Halt Feature Development to Bolster Privacy, Security for COVID-19
SecurityWeek: Zoom’s Security and Privacy Woes Violated GDPR, Expert Says
iTnews – Security: Musk’s SpaceX bans Zoom over privacy and security concerns
SiliconANGLE: Zoom CEO ‘deeply sorry’ after privacy issues, promises improvements
channelnews: Zoom Slammed Over Security Issues & China Server
Blog – Wordfence: Safety and Security While Video Conferencing with Zoom
FOX News: SpaceX bans its employees using Zoom over privacy concerns, report says
Big News Network: Elon Musk’s SpaceX bans Zoom over privacy concerns
Inverse: SpaceX drops Zoom due to ‘significant’ privacy concerns
Slashdot: SpaceX Bans Zoom Over Privacy Concerns
The Verge: Zoom has disabled a feature that was exposing users’ LinkedIn profiles
The Hill: Zoom CEO says company reached 200 million daily users in March
Futurism: Experts Warn That Hackers Can Use Zoom to Take Over Your Computer
Rapid7: Dispelling Zoom Bugbears: What You Need to Know About the Latest Zoom Vulnerabilities
Motley Fool: Why Zoom Video Communications Stock Fell Today
rthk.hk Local: Privacy chief warns of video conference risks
Mashable: Zoom was secretly mining LinkedIn data and sharing it with some users
Inverse: SpaceX drops Zoom due to ‘significant’ privacy concerns
EFF: Harden Your Zoom Settings to Protect Your Privacy and Avoid Trolls
ExtremeTech: Zoom Removes Tool That Secretly Displayed Your LinkedIn Data
Blog – Wordfence: Safety and Security While Video Conferencing with Zoom
Verdict: Zoom unveils 90-day plan to rebuild reputation
Popular Science: Check these privacy and security settings before your next Zoom video chat
Heavy.com: Zoom Bombing: 5 Fast Facts You Need to Know
The Sun: Zoom chat app says 200MILLION people are using it every DAY as coronavirus crisis forces world into lockdown
channelnews: Zoom Slammed Over Security Issues & China Server
Fortune: Zoom meetings keep getting hacked. Here’s how to prevent ‘Zoom bombing’ on your video chats
TechTarget: Risk & Repeat: Zoom security comes under fire
The Sun: Zoom chat app says 200MILLION people are using it every DAY as coronavirus crisis forces world into lockdown
New Zealand Herald – Top Stories: Zoom boss ‘deeply sorry’ over security claims, expert unconvinced
Android Central : If you’re fed up with Zoom’s shenanigans, here’s out to delete your account
Tech Insider: Protect your Zoom meetings with a password now — otherwise, you’re leaving the door wide open for hackers to ‘Zoom-bomb’
Vox: Zoom’s sudden spike in popularity is revealing its privacy (and porn) problems

@iblametom: New - Guess who spent over $1 million on Zoom tech in just a few days? CDC, FEMA and NIH. As in all the US gov bodies responding to the coronavirus crisis. This is where Zoom security and privacy needs to be much better.


November 25, 2017
Catalin Cimpanu / Bleeping Computer

Catalin Cimpanu / Bleeping Computer  
CoinPouch Presumably Hacked, $655,000+ of Verge Currency Missing

The CoinPouch cryptocurrency wallet team this week said it had been hacked with over $655,000 in Verge currency stolen. CoinPouch blames the incident on a Verge node the company set up together with Verge project maintainers to handle Verge transactions for CoinPouch users. The Verge team denied a hack had occurred but recommended a set of modifications for CoinPouch’s Verge node to improve its security. Despite implementing the recommendations of the Verge team, CoinPouch said it received reports from users that their Verge wallets were not working in CoinPouch. A Verge developer subsequently said that most Verge tokens on the Verge Specific Node had been transferred out. CoinPouch went public with the hack and notified law enforcement and requested a copy of the Verge node’s underlying server from the hosting company to hand over to a forensics firm and investigate what happened.

April 5, 2018
Neer Varshney / The Next Web

Neer Varshney / The Next Web  
Cryptocurrencies Verge and Electroneum Suffered ‘51% Attacks,’ Hacker Stole 250K XVG

Privacy cryptocurrency Verge and mobile-oriented currency Electroneum suffered 51% attacks, meaning that a malevolent miner gained majority control of the network hashrate. Around 250,000 Verge coins or XVG were stolen by the attacker, who was able to mine multiple blocks one second apart using the same (scrypt) algorithm due to flaws in the code of Verge’s blockchain. Both coins are based on the proof of work consensus protocol of Bitcoin in which a transaction is considered valid if it’s validated by a majority of the nodes. Both Verge and Electroneum will implement hard forks to rectify the flaw that allowed for the 51% attacks.