You are reading the article Another Day, Another Couple Of Zoom Vulnerabilities Discovered … updated in November 2023 on the website Hatcungthantuong.com. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested December 2023 Another Day, Another Couple Of Zoom Vulnerabilities Discovered …
It seems hardly a day can go by without more Zoom vulnerabilities being discovered – with not just one but two more being revealed today …
The Verge reports that a group of security professionals were able to use brute-force attacks to access sensitive details about almost 2,400 Zoom meetings in a single day.
An automated tool developed by security researchers is able to find around 100 Zoom meeting IDs in an hour and information for nearly 2,400 Zoom meetings in a single day of scans, according to a new report from security expert Brian Krebs.
Security professional Trent Lo and members of SecKC, a Kansas City-based security meetup group, made a program called zWarDial that can automatically guess Zoom meeting IDs, which are nine to 11 digits long, and glean information about those meetings, according to the report.
In addition to being able to find around 100 meetings per hour, one instance of zWarDial can successfully determine a legitimate meeting ID 14 percent of the time, Lo told Krebs on Security. And as part of the nearly 2,400 upcoming or recurring Zoom meetings zWarDial found in a single day of scanning, the program extracted a meeting’s Zoom link, date and time, meeting organizer, and meeting topic, according to data Lo shared with Krebs on Security.
The number was so high it led Zoom to wonder whether its action in requiring passwords by default is not working.
“Passwords for new meetings have been enabled by default since late last year, unless account owners or admins opted out. We are looking into unique edge cases to determine whether, under certain circumstances, users unaffiliated with an account owner or administrator may not have had passwords switched on by default at the time that change was made.”
Additionally, The Intercept reports that Zoom’s encryption appears to have serious flaws.
Meetings on Zoom, the increasingly popular video conferencing service, are encrypted using an algorithm with serious, well-known weaknesses, and sometimes using keys issued by servers in China, even when meeting participants are all in North America, according to researchers at the University of Toronto […]
They conclude […] that Zoom’s service is “not suited for secrets” and that it may be legally obligated to disclose encryption keys to Chinese authorities and “responsive to pressure” from them.
The university also discovered that the form of encryption used is weaker than Zoom claims, and is a particularly poor implementation of the weaker standard.
The company claims that Zoom meetings are protected using 256-bit AES keys, but the Citizen Lab researchers confirmed the keys in use are actually only 128-bit. Such keys are still considered secure today, but over the last decade many companies have been moving to 256-bit keys instead.
Furthermore, Zoom encrypts and decrypts with AES using an algorithm called Electronic Codebook (ECB) mode, “which is well-understood to be a bad idea, because this mode of encryption preserves patterns in the input,” according to the Citizen Lab researchers. In fact, ECB is considered the worst of AES’s available modes.
The company is responding, but if you’re not already using one of the many alternatives out there, the latest Zoom vulnerabilities may persuade you to do so. Among my tech friends, Whereby seems to be a popular choice.
FTC: We use income earning auto affiliate links. More.
You're reading Another Day, Another Couple Of Zoom Vulnerabilities Discovered …
The first atomic test was atmospheric. From that day in 1945 and through the first two decades after the end of World War II, the United States and the Soviet Union conducted around 400 more atmospheric tests in total. France carried out its last atmospheric test in the 1970s, and China conducted the last atmospheric nuclear test to date in October 1980. Over half the population of the world is younger than the last nuclear detonation in the sky, but that might all change as tensions between the United States and North Korea edge toward a modern atomic brinkmanship.
North Korea is the only nation to test nuclear weapons in the 21st century. So far, all of North Korea’s tests were done underground, where the effects of the blast can be better contained. Testing an atmospheric blast means lofting a warhead vertically, above North Korea itself, or it means launching on a more horizontal trajectory, with the missile carrying a nuclear warhead traversing over a nearby country. While within the technical abilities of Kim Jong-un’s state, it took a failure of diplomatic understanding to even put the test on the proverbial negotiating table.
On Friday, Foreign Minister Ri Yong-ho said that, in response to President Trump’s threat at the United Nations to destroy North Korea, Pyongyang may take action, up to and including the “powerful detonation of an H-bomb in the Pacific,” according to Yonhap. The statement followed an escalating war of words that week, as the president of the world’s oldest nuclear power tried to constrain the world’s youngest.
To understand the risk posed by a possible new atmospheric test, it helps to step back to 1963, when the United States and the Soviet Union signed the Partial Test Ban Treaty. And we’ll need to narrow our scope a little—down to baby teeth.Radioactive baby teeth
“Health concerns in the American public were rising, because of detectable levels of radiation in people’s bones,” says Alex Wellerstein, an assistant professor at the Stevens Institute of Technology who specializes in the history of nuclear weapons. “There was a big event called the baby tooth survey, where people were encouraged to send in their children’s baby teeth after they had fallen out. Scientists could use that in conjunction with the location and the age of the child to track how much Strontium 90 was getting into American bones.”
Strontium 90 is a radioactive isotope produced by nuclear fission. With atmospheric tests, the plume of radioactive by-product would stay in the atmosphere, mix with other clouds, and then come down when it rained, and end up in the ecosystem, like on grass. Cows would eat that grass, and then because strontium acts like calcium chemically, that strontium would end up in the milk, and then end up in human bones.
“Little bits of this stuff aren’t going to cause you lots of trouble,” says Wellerstein, “but as you raise that exposure up higher and higher and over large populations, you’re just adding little bits of uptick to the base chance of fatal cancer, which is already higher than people like to think about. Adding a couple percentage points in there for a population of 300 million starts to add up to thousands of people, even if it’s hard to detect which radioactive source the exposure was from specifically.”
Besides the health impact, there was a strategic reason to ban atmospheric tests, too. Testing underground limits the size of the weapons that a nation can develop. Not every nuclear power signed and abided by the Partial Test Ban Treaty: besides North Korea, France and China are still not signatories, though it’s been decades since either tested in a way that would violate the treaty. Should North Korea decide to test a weapon in the Pacific, it would also have the challenge of getting that weapon to the Pacific.No safe trajectory to the Pacific
“The shortest pathway to open ocean is over Hokkaido the way they’ve gone with the two Hawsong tests,” says Vipin Narang, an associate professor of political science at MIT. “It’d have to be a trajectory that doesn’t look like it’s coming to the continental US or Guam, and gives them open ocean. That’s the Hokkaido trajectory, we’ve gotten used to it, they’ve gotten used it it, I think that’s probably the way they go, and it’s the thinnest part of Japan, so the risk to Japan is minimized.”
Twice in August, North Korea tested missiles in a flight over the southwestern peninsula of the island of Hokkaido in Japan. It was the first and second such launches over Japan in over a decade, and the only ones so far that are explicitly missiles, rather than satellite launch vehicles. The launches passed over only two small parts of the island, but they still passed directly through Japan’s airspace, and prompted text alerts for the public in case the tests were instead an attack. Minimizing risk here does not mean no risk, and that’s assuming the missiles perform as expected and carry on into the Pacific.
“The United States only once tested a live warhead on a ballistic missile on ballistic trajectory,” says Wellerstein. “It was Shot Frigatebird of Operation Dominick, which was a submarine launched missile.”
“In general, testing both at once adds a lot of risk and uncertainty and isn’t safe,” says Wellerstein. “There are worst case scenarios which can you prevent with clever engineering, like putting a sensor on the warhead that says ‘if I’m not where I’m supposed to be, don’t go off’, and hopefully North Korea will build those. Less catastrophic but still not good, the missile blows up on the warhead, which won’t explode ideally but may disperse plutonium, or it may blow up in midair. And missiles sometimes do explode on a launchpad and disperse plutonium all over, which is a contamination problem.”
There is the chance that the missile does not reach its intended spot in the Pacific, and explodes prematurely over land. It could also be targeted by missile defense systems, which have so far never succeeded against a target in realistic conditions (though some systems have had some successes in recent test exercises). A test that fails over land and results in deaths, especially if the warhead goes off.
“If something doesn’t go according to plan, and the warhead detonates at a lower altitude than intended and then there are effects on shipping or civil aviation or loss of life,” says Narang, “that’s a world-changing event, that’s an act of war, and I’m not sure how we’re going to climb down from that.”
“We’ve made it hard for the North Koreans to do that,” says Wellerstein. “If they give us forewarning and say, ‘hey, we’re going to test a missile’, we’ve made it clear we’re going to try and shoot down their missiles. You can’t have both, you can’t tell people you’re going to shoot down their missile, maybe, and tell them you’d like it if you gave them warning before the test.”
There could also be an electromagnetic pulse, though beyond the immediate area experiencing the blast, fire, and radiation, it’d be hard to say how much extra reach that electromagnetic pulse effect would have. Many planes in the United States have some protection against this, which is to say some protection against electrical storms, that might translate into protecting it from the pulse.
Outside the immediate blast area, there’s still that plume of radioactive gas.
“If a weapon goes off in the atmosphere, you’ll detect that radioactivity from huge distances, even distances where that radioactivity doesn’t pose any health threats,” says Wellerstein. “I think that’s going to make people very uncomfortable, as the difference between the radioactivity you can detect and the radioactivity that can hurt you is going to be lost on a lot of Americans.”
That plume, and the deadlier risks it entails, is one possible outcome of tensions and miscommunication between the White House and Pyongyang. Should North Korea be the first nation to conduct an atmospheric nuclear test in this century, it would not be the first nation to surprise the United States with such a test. In 1966, China detonated a nuclear weapon at high altitude while President Lyndon B. Johnson was visiting Thailand.Relearning how to win another Cold War
“All the same rhetoric we used for Kim Jong-un, we used for Mao,” says Narang. “We said ‘he’s a madman, he can’t be trusted with nuclear weapons’. But we managed. Deterrence has a logic of its own, it’s a universal language. The reality is, Kim Jong-un has bought himself insurance against external regime change, invasion, probably efforts at disarmament. Should the United States attempt it, there’s a possibility of Guam or Japan or even the continental United States eating a nuke. This reality is why he bought himself nuclear weapons in the first place, so he didn’t meet the fate of Saddam and Gaddafi. He’s not going to give them up.”
For decades, the United States maintained a policy of denuclearization for North Korea, hoping some combination of sanctions and diplomatic pressure would convince the pariah state to abandon its nuclear ambitions. Despite the sanctions, despite attempts to isolate North Korea diplomatically, the country developed its own nuclear weapons. This progress capped off this summer with the tests of two intercontinental ballistic missiles and a thermonuclear bomb.
“And the fact is, he’s a nuclear weapons power at this point. We have to get out of the frame of trying to denuclearization, because that’s probably not going to happen,” says Narang. “It means learning how to practice deterrence, like we did with the Chinese and the Russians. It means dialogue and diplomacy at some level. We don’t have to like it, but this is the reality right now. Once you pass the threshold, the cost of denuclearizing is higher than practicing deterrence, which is something the United States is actually pretty good at.”
Gear4 UnityRemote: another iPhone universal remote option
We may receive a commission on purchases made from links.
Whether the world really needs another way to turn an iPhone 4 or other iOS device into a universal remote control is something for a different argument; Gear4 is just pleased to get its UnityRemote out of the door. The $99 accessory hooks up to your iPhone via Bluetooth and has a 360-degree IR transmitter array to control your HDTV, amp, Blu-ray player and anything else.
Meanwhile there’s the usual companion software in the App Store which turns your iOS device into a learning remote. You can either program it by choosing your kit from a list of preconfigured manufacturers and hardware, or by teaching the UnityRemote emitter itself using the existing remote control.
There’s macro support, so you can have your TV, cable box and surround sound amp turn on simultaneously with a single button-tap, and programmable gestures to change things like volume and channel. It’s available now, at $99 from Gear4 direct or from Amazon.
GEAR4 Takes Control With New UnityRemote™
Now available for U.S. purchase, UnityRemote device gives iPhone/iPod/iPad
users universal control
Designed to make controlling multi-media devices simple, the universal UnityRemote from GEAR4 enables users to control everything from TVs to Hi-Fis, Blu-Ray players to digital TV boxes – anything that has an infrared receiver – using one single device.
“Excitement for UnityRemote has been building and we’re looking forward to having consumers start using it in their homes,” said Tom Dudderidge, CEO of GEAR4. “People are already so comfortable and familiar with their iDevices, it will be a huge convenience to use it as a remote as well.”
UnityRemote works with two parts – an app, which is downloaded for free from the Apple App Store, and a small device that can be placed anywhere in the room. The UnityRemote device receives a Bluetooth® signal from the Apple device, and then sends an infrared command in 360 degrees via five infrared transmitters to the device to be controlled.
After launching the app, users simply select the device to be controlled from a long list of manufacturers – many that you’ve heard of, and even some you haven’t. If, for some reason, the device to control is not listed, UnityRemote can easily ‘learn’ how to control the device.
Users can also set up ‘actions’ for UnityRemote to control multiple devices simultaneously. With one touch, users can turn on their TV, DVD player, digital TV box and their home cinema sound system. The remote layout can also be adjusted so that one remote layout has the buttons for multiple devices on the same screen, like ‘play’ from the DVD player and volumes for the surround system. There’s nothing to plug in to the iPhone and nothing to search for with UnityRemote. Simply enter the room and begin using your iPhone, iPod touch or iPad as a remote control.
Disruptive Ltd. is the owner and manufacturer of the GEAR4 brand, the UK’s leading iPod, iPhone and iPad audio brand. Founded in 2004, the company is privately owned and operated, with its head office in High Wycombe, UK.
Computer games take up a massive amount of storage space. Some titles even reach 200 GB for a single game. With sizes that large (and if you have limited bandwidth), you don’t want to waste time and data re-downloading a game.
Thankfully, Steam makes it easy to move a game from one drive to another. While this process was more complicated in the past, Steam has now integrated Steam Library folders directly into the client.
Table of ContentsHow to Move Steam Games to Another Drive
Once you choose a destination, name the new folder. The name defaults to SteamLibrary if you don’t choose another. When this process is completed, you can move games with ease.
When you install games in the future, you can choose which of the drives you wish to install to. Games you play frequently should go on your primary drive, but games you don’t play often are good candidates for going to a secondary (potentially external) drive so they don’t clutter your memory.How to Game Between Multiple Computers
There are some instances when someone might game on more than one computer. Maybe you have a rig in your college dorm and one at home, or maybe you play competitively but need your own Steam library for competition. Whatever the reason, you can host your entire library on an external drive and carry it with you.
Create a new Steam library on the external drive. Download or copy your Steam games to the external drive. Once you’ve done this, you can use the drive on any PC. You will need to install Steam on the new PC and set the default folder to the external drive.
Sometimes it can take a few minutes for all of the necessary files to load, but once the game is up and running you should be able to play with little to no latency at all.Why You Should Move Steam Games
Many modern gaming PCs have two drives: a solid state drive that holds the operating system and the most commonly-played games, and a traditional hard drive with significantly more storage for non-essential files.
If you have a core set of games that you spend most of your time playing, these are the best games to keep on your main drive. However, if there are other games that you want to try out, but you don’t mind longer load times, you can put them on a secondary drive.
This way, your most-played games load quickly and play better, while games that you aren’t going to dedicate most of your time too won’t take up space on the solid state drive. If you start to spend more time with the games on your secondary drive, you can move them to the main drive – just don’t use up all the storage spacel.
Why? Solid state drives load significantly faster than traditional hard drives. A game on a solid state drive will have shorter load times and better performance than a game on a traditional SATA drive.
If you want a good example of where this would be useful, take a look at any open world game. Skyrim, for instance. Open-world games have long load times, but a solid state drive reduces the time you spend waiting and increases the time you spend playing.
You are more than a data point. The Opt Out is here to help you take your privacy back.
WITH A FEW infamous exceptions, it’s safe to say most of the content we see about children on social media has a positive spirit behind it. Your friend’s photo of their first sonogram and your cousin’s lengthy ramble about their toddler’s temper tantrums each come from a good place: the desire to mark a milestone, seek support, share happiness, or build community. But shifting the focus from the people who make the posts to the kids portrayed in them reveals a problem.
The emotional, psychological, and developmental consequences of having one’s childhood—and all its growing pains—shared online are still unknown, as the first generation of kids conceived in the era of social media is only now coming of age. But studies and specialists are already warning that oversharing information about the kids in our lives might be fraught—both from an ethical and an online privacy point of view.What is sharenting and why is it problematic?
[Related: School devices are sharing your family’s data, but you can stop them]
“All of that seems innocuous, so you must be talking about influencers and mommy bloggers posting photos and videos of their children 24/7,” I hear you saying. Nope. Sharenting goes beyond the people making a profit off the content they share—the possibility of exploitation and what some may consider digital child labor is only a fraction of the problem.
The obvious negative consequences of sharenting are the criminal and illegal activities it can lead to. Consider a post made by a new parent that includes a photo of their newborn, the kid’s full name and date of birth, and the name of the hospital. All that information will probably still be there when that infant becomes an adult, readily available for anyone who wants to bypass the security questions for one of their online accounts. And problems won’t wait for adulthood: A 2011 Carnegie Mellon CyLab study found that child identity theft was 51 times more common than adult identity theft. This is likely because a child’s identity is a clean slate with no credit history, Harvard Law School faculty member Leah Plunkett says in her book Sharenthood.
Then there’s the possibility that the pictures you took of your child’s bath or your niece’s gymnastics tournament will end up on the wrong side of the internet. In 2023, an investigation by Australia’s children e-safety commissioner found that one image-sharing website for pedophiles contained at least 45 million files and “about half the material appeared to be sourced directly from social media.”
Beyond these clear risks, the effects of sharenting on the psychosocial development of children are unclear. Data is scarce as we wait for the first children raised on social media to become adults, says Stacey Steinberg, a professor at the University of Florida Levin College of Law and author of Growing Up Shared. “Research, for the most part, is anecdotal—it is desperately needed,” she says. In her book, Plunkett theorizes that sharenting may thwart a child’s essential ability to explore, and that long-lasting posts may alter their personal narrative and sense of self, as many people they meet will go online and learn about them.
“Most parents do not overshare because they are trying to be malicious,” Steinberg says. “Most just have not yet considered the importance of their child’s digital footprint.” On the contrary, adults generally sharent with good intentions. Studies show sharenting is a way for parents to find validation and social support, and to help each other in an increasingly isolating landscape for child rearing. So instead of stopping everything and eliminating even the benefits of sharenting, Plunkett suggests four ways to post about the kids in your life in a more responsible way.Share offline
First, go analog when possible. This is especially important if you’re sharing private information about a child. It’s important to you, as a person in charge of a minor, to receive support and validation from the people around you, and even though posting about it online may be the most immediate option, there are other ways to go about it. If you want people to see a cute picture of your baby to mark their first year, consider printing and mailing copies to your family and loved ones. If you need help managing a child’s temper tantrums, maybe pick up the phone and call or text your pediatrician instead of writing a lengthy Facebook post about it.Keep super-sensitive details to yourself
When it comes to sensitive information, just don’t share it. The things we post online have much longer lives than we realize, and details such as birth dates or the name of a child’s middle school could eventually make it easier for criminals and creeps to act against today’s children in the future. It’s unlikely these bits of information will unlock an account on their own, but they could be the missing piece that helps a hacker validate someone’s identity or answer a security question.Make sure the kids are fully clothed
One of the most disturbing uses of sharents’ photos and videos of children is their storage and reposting on file-sharing sites that cater to pedophiles. Most of the time, these pictures show kids in common situations like playing at the beach, running around in the park, or practicing cartwheels in the backyard. But the truth is that a lot of these innocent images get sexualized by twisted people. This is why Plunkett recommends only posting images of fully clothed children. The Innocent Lives Foundation, which seeks to protect children against predators online, provides more guidelines on particular outfits they search for (costumes, tutus, and bathing suits, for example) and hashtags to avoid when posting.Don’t include the child’s face
Finally, ask yourself if a kid’s face actually has to be in the photo. You can always use an emoji or a scribble to cover their features, but if that goes against your aesthetic, consider posting only pictures showing the back of their head or a slight profile. This will help them stay anonymous in the real world.Get the kids involved
[Related: When to have the online-security talk with your kids]
It helps to think about children not as a source of entertainment or an opportunity to harvest likes, but as individuals who will one day face the consequences of our decisions to share moments of their lives. You might think you shared something silly or cute, like a video of them falling asleep on the toilet when they were three, but for them it may turn into a social debacle in the school cafeteria. Or maybe you run into an issue with something else—something you can’t even think of right now—that prevents them from getting into the college of their dreams. That’s the scary part: the not knowing.
Read more PopSci+ stories.
NVIDIA Arm acquisition faces another hurdle with FTC lawsuit
Most people probably don’t know it, and they certainly shouldn’t have to, but Arm’s processor technologies pretty much run the world today. It’s present not just in smartphones and tablets, including Apple’s iPhones, but also in supercomputers, cars, and quite a number of IoT products. It is because of that rather critical position that NVIDIA’s plan to buy Arm from SoftBank is meeting a lot of resistance, and the latest to fall into place could be the final nail in the acquisition’s coffin, unless the two companies can convince the FTC otherwise.
There are too many actors on stage for this NVIDIA-Arm deal, which isn’t surprising because there are too many stakeholders in Arm’s business. Even the UK has reservations because of how the acquisition could endanger the country’s position in the tech market, not to mention raising national security concerns as far as trade secrets go. Before being acquired by Japanese giant SoftBank, Arm or ARM Holdings was an independent UK-based company designing and licensing IP for the chips that power many of the world’s devices today.
NVIDIA is one of Arm’s customers, and its plans to buy the chip designer have naturally ruffled the feathers of its rivals as well as government regulators. The US Federal Trade Commission is actually a bit late to the party, but it might also have the biggest weight considering what’s at stake. Its lawsuit to block NVIDIA’s acquisition of Arm makes it clear that it doesn’t believe NVIDIA can play fair with its competitors once it holds all the cards.
The FTC notes that acquiring Arm puts NVIDIA in a very favorable position to drive or curb the growth of the already struggling semiconductor market. In particular, it would have access to sensitive information from Arm’s other licensees, many of whom include NVIDIA’s direct rivals. Such an arrangement could lead Arm’s licensees to distrust the property and might be forced to seek alternate technologies. While that could help diversify the processor market, it will naturally result in some delays and losses along the way.
NVIDIA and Arm have promised to remain neutral as far as Arm IP licenses and services go, but not everyone is buying it. Many of NVIDIA’s own partners have expressed concern about the ramifications of this acquisition across a wide range of industries. Although best known for its graphics cards, NVIDIA also has stakes in other markets, including data centers and automotive systems.
The acquisition has already been questioned and scrutinized in other regions, including the EU and the UK, but the FTC’s lawsuit could deal the final blow. If it fails to get approval in the US, NVIDIA might be forced to drop its plans altogether, especially if it can’t provide enough guarantees to regulators that it will be impartial in how it runs Arm’s business. Unfortunately, this could also have a negative impact on Arm and its technologies as SoftBank will be forced to find another buyer or, in its worst-case scenario, form an industry consortium willing to purchase the property.
Update the detailed information about Another Day, Another Couple Of Zoom Vulnerabilities Discovered … on the Hatcungthantuong.com website. We hope the article's content will meet your needs, and we will regularly update the information to provide you with the fastest and most accurate information. Have a great day!