The end of the earth!

In what is likely going to become a summer tradition, we spent the past week camping in Cape May, NJ. The weather was great, the kids loved it, and we had a great time (well, except for the sunburn). This photo was shot from the beach at the Cape May Lighthouse in Cape May Point, which is at the very southernmost tip of New Jersey (map).

Image Information:

Camera:iPhone XS Max
Focal length:4.25mm
Shutter speed:1/13333 sec.

Apple has pushed a silent Mac update to remove hidden Zoom web server

From TechCrunch:

Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission.

The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which Zoom quietly installed on users’ Macs when they installed the app.

Good, I was waiting for this to happen 👍

The Zoom Desktop App Lets Any Website Take Over Your Mac’s Camera. Here’s What To Do About It.

From BuzzFeed News:

“We consciously enabled the ability to have meeting joins initiated from within an iframe on a webpage,” said Farley, who also noted that the company is not disabling the capability after the security researcher’s findings. Asked whether it was a concern that such iframes require no click from the user to join a meeting, he replied, “No, that’s not a security concern.”

The above is a quote from Zoom’s Chief Security Officer Richard Farley.

In a nutshell, Zoom is purposely bypassing security steps put in place by browser manufacturers and don’t care about the security implications because they think there aren’t any 🤦‍♂️

I already removed the app and the locally running web server from my Mac, but I’m still stuck using the iPad app because we use Zoom at work (for now) otherwise I’d completely ditch it in a heartbeat.

Trump’s Twitter blocking violates Constitution, appeals court rules

From CNN:

An appeals court said Tuesday that President Donald Trump violated the First Amendment by blocking users on Twitter.

The 2nd US Circuit Court of Appeals upheld a New York judge’s ruling and found that Trump “engaged in unconstitutional viewpoint discrimination by utilizing Twitter’s ‘blocking’ function to limit certain users’ access to his social media account, which is otherwise open to the public at large, because he disagrees with their speech.”

Good. This should apply to anyone in public office. Public/elected officials should be required to hear public opinion, even if (or especially when) it differs from their own.

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

From Jonathan Leitschuh:

A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.

Hoooooo boy 🤦‍♂️