Apple has pushed a silent Mac update to remove hidden Zoom web server

From TechCrunch:

Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission.

The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which Zoom quietly installed on users’ Macs when they installed the app.

Good, I was waiting for this to happen 👍

The Zoom Desktop App Lets Any Website Take Over Your Mac’s Camera. Here’s What To Do About It.

From BuzzFeed News:

“We consciously enabled the ability to have meeting joins initiated from within an iframe on a webpage,” said Farley, who also noted that the company is not disabling the capability after the security researcher’s findings. Asked whether it was a concern that such iframes require no click from the user to join a meeting, he replied, “No, that’s not a security concern.”

The above is a quote from Zoom’s Chief Security Officer Richard Farley.

In a nutshell, Zoom is purposely bypassing security steps put in place by browser manufacturers and don’t care about the security implications because they think there aren’t any 🤦‍♂️

I already removed the app and the locally running web server from my Mac, but I’m still stuck using the iPad app because we use Zoom at work (for now) otherwise I’d completely ditch it in a heartbeat.

Trump’s Twitter blocking violates Constitution, appeals court rules

From CNN:

An appeals court said Tuesday that President Donald Trump violated the First Amendment by blocking users on Twitter.

The 2nd US Circuit Court of Appeals upheld a New York judge’s ruling and found that Trump “engaged in unconstitutional viewpoint discrimination by utilizing Twitter’s ‘blocking’ function to limit certain users’ access to his social media account, which is otherwise open to the public at large, because he disagrees with their speech.”

Good. This should apply to anyone in public office. Public/elected officials should be required to hear public opinion, even if (or especially when) it differs from their own.

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

From Jonathan Leitschuh:

A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.

Hoooooo boy 🤦‍♂️

A nice day for baseball

We took the boys to Philadelphia to see the Phillies play the Miami Marlins on Sunday afternoon. It was pretty hot out, but our seats were fantastic — right next to the foul pole in left field. Unfortunately no home runs came our way, but everyone still had a blast. I wish we lived closer, I’d love to go to more games.

Image Information:

Camera:iPhone XS Max
Focal length:4.25mm
Shutter speed:1/2160 sec.

Iron Pigs post-game fireworks

Miranda and I took all of the kids and her mom down to Coca-Cola Park in Allentown for an Iron Pigs game before her mom and the oldest kid head off to the Rock School’s ballet program for the summer. We didn’t realize there were post-game fireworks when we bought the tickets, so that was a nice surprise… especially since the Iron Pigs didn’t play very well.

Image Information:

Camera:iPhone XS Max
Focal length:6mm
Shutter speed:1/30 sec.

Red Sox legend Ortiz stable after shooting in DR

From ESPN:

Former Boston Red Sox slugger and Dominican star David Ortiz is out of surgery and doing “fine,” according to his family, after he was shot Sunday at a club in Santo Domingo, Dominican Republic.

Some tragic news out of the Dominican Republic. On the upside, it sounds like he’s going to be ok and has been flown back to Boston for additional treatment.

Snapchat Employees Abused Data Access to Spy on Users

From Motherboard (emphasis mine):

Several departments inside social media giant Snap have dedicated tools for accessing user data, and multiple employees have abused their privileged access to spy on Snapchat users, Motherboard has learned.


Oh wait, no, I’m not. Can we just burn the entire tech industry to the ground now?

Instagram website leaked phone numbers and emails for months, researcher says

From CNET:

Instagram’s website leaked user contact information, including phone numbers and email addresses, over a period of at least four months, a researcher says.


It seems like there’s a similar article every week and every time I consider going back, I’m reminded of why I left.