Man, I need to stop reading the tech news today, it's just too stupid :) Supposedly they found one of the more obvious sources of the zoombombing problem: https://www.zdnet.com/article/zoom-removes-meeting-ids-from-app-title-bar-to-improve-privacy/
PEBKAC. Social engineering is always the most effective weapon in a hacker's arsenal. -Ben On Mon, Apr 6, 2020 at 12:22 AM Mark Allyn <[email protected]> wrote: > Thank you, Ben. I was only a guest at the meeting yesterday, not the host, > so I don't think I can initiate any action. > > However, it did spur me into doing research on how I can batten down my > own meetings as a host to try to prevent this from happening to me. > > Mark > > ----- Original Message ----- > From: "Ben Koenig" <[email protected]> > To: "Portland Linux/Unix Group" <[email protected]> > Sent: Sunday, April 5, 2020 8:58:54 PM > Subject: Re: [PLUG] Question on Zoombombin > > My assumption here is that you are correct. I am not a Zoom employee or > legal authority on this matter so there are other factors I may not be > aware of. If I were considering taking legal action against individuals who > "zoombombed" my meeting, I would start by contacting their Support team to > see what resources they offer for this situation. The answer you get from > them would determine what your next steps would be, if needed. > > https://support.zoom.us/hc/en-us/articles/201362003 > You've got some excellent questions, and they do appear to have a support > team ready to receive them. As a support tech at a data security company, > I'm curious to know how willing they are to resolve these types of > problems. > > -Ben > > On Sun, Apr 5, 2020 at 7:31 PM Mark Allyn <[email protected]> wrote: > > > Ben: > > > > Thanks. I was wondering about this. So if the server (zoom.com) were to > > field the IP > > addresses, than would it be Zoom who would have to trace Zoombombers and > > take action? > > > > I have been reading reports that the FBI is starting to take interest in > > this as > > apparently Zoombombing is a violation of the CFAA, Computer Fraud And > > Abuse Act and > > it would not be myself as a meeting host to try to turn over IP addresses > > to the > > authorities. > > > > Or does Zoom even care? > > > > Mark > > > > ----- Original Message ----- > > From: "Ben Koenig" <[email protected]> > > To: "Portland Linux/Unix Group" <[email protected]> > > Sent: Sunday, April 5, 2020 7:17:06 PM > > Subject: Re: [PLUG] Question on Zoombombin > > > > Short answer: no. > > > > Long answer: My understanding is that services like Zoom provide a > central > > server that allows clients to talk to each other. The only IP address you > > need is that of the server, the others are abstracted away from the > client. > > > > instead, > > - each user sends their data to the server. > > - the server aggregates the incoming connections > > - server distributes data to clients as required > > > > Normally one or more of these clients would be dedicated as the "host" or > > moderator, who is able to change how the server functions on-the-fly. > This > > includes things like kicking individual clients, and other functions. In > > order to do get the IP address of each client in a meeting, the service > > must expose that data to each client. This is normally considered a > > security flaw, > > however it would not be unheard of for a given piece of software to > > accidentally leak that kind of data. > > > > That said, if there are bugs in the software that allow unauthorized > users > > to join meetings at will, then it's possible that a bug may exist that > > allows you to identify the IP address of your peers in a given meeting. > > This would be an interesting question for Zoom's customer service team, > > since allowing other users to see your IP opens up some severe privacy > > concerns. Personally I'd be interested just to know how they respond to > > such a question. > > -Ben > > > > On Sun, Apr 5, 2020 at 6:09 PM Mark Allyn <[email protected]> wrote: > > > > > Folks: > > > > > > I don't know if this is the right forum or not to ask this, but I am > > > curious about this so called Zoombombing that's been creeping up. > > > > > > I was as a zoom meeting that did get bombed with porn on Saturday. > > > Luckily, the host was able to kick them off very quickly. > > > > > > However, this leads me to a question. > > > > > > If I happen to have had another machine on my network running a > sniffer; > > > something like Snort; would have I got the IP address of whomever > > > Zoombombed the meeting I was on? > > > > > > In a system like Zoom, do all of the videos come together to my desktop > > or > > > do they go to the host first and then out to the guests? Who would see > > the > > > source IP addresses of those who connect (including the zoombomber) if > > they > > > had a Snort or other sniffer running on their network? > > > > > > If this is not a good forum for something like this, would anyone know > > > what forum I could take this to? Would it be DorkbotPDX? > > > > > > Thank you > > > > > > Mark > > > > > > -- > > > Mark Allyn > > > Bellingham, Washington > > > www.allyn.com > > > _______________________________________________ > > > PLUG mailing list > > > [email protected] > > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > > _______________________________________________ > > PLUG mailing list > > [email protected] > > http://lists.pdxlinux.org/mailman/listinfo/plug > > -- > > Mark Allyn > > Bellingham, Washington > > www.allyn.com > > _______________________________________________ > > PLUG mailing list > > [email protected] > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > -- > Mark Allyn > Bellingham, Washington > www.allyn.com > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
