Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission.
The Cupertino, Calif.-based tech giant told TechCrunch that the update — now released — removes the hidden web server, which Zoom quietly installed on users’ Macs when they installed the app.
Good, I was waiting for this to happen 👍
From BuzzFeed News:
“We consciously enabled the ability to have meeting joins initiated from within an iframe on a webpage,” said Farley, who also noted that the company is not disabling the capability after the security researcher’s findings. Asked whether it was a concern that such iframes require no click from the user to join a meeting, he replied, “No, that’s not a security concern.”
The above is a quote from Zoom’s Chief Security Officer Richard Farley.
In a nutshell, Zoom is purposely bypassing security steps put in place by browser manufacturers and don’t care about the security implications because they think there aren’t any 🤦♂️
I already removed the app and the locally running web server from my Mac, but I’m still stuck using the iPad app because we use Zoom at work (for now) otherwise I’d completely ditch it in a heartbeat.
An appeals court said Tuesday that President Donald Trump violated the First Amendment by blocking users on Twitter.
The 2nd US Circuit Court of Appeals upheld a New York judge’s ruling and found that Trump “engaged in unconstitutional viewpoint discrimination by utilizing Twitter’s ‘blocking’ function to limit certain users’ access to his social media account, which is otherwise open to the public at large, because he disagrees with their speech.”
Good. This should apply to anyone in public office. Public/elected officials should be required to hear public opinion, even if (or especially when) it differs from their own.
Former Boston Red Sox slugger and Dominican star David Ortiz is out of surgery and doing “fine,” according to his family, after he was shot Sunday at a club in Santo Domingo, Dominican Republic.
Some tragic news out of the Dominican Republic. On the upside, it sounds like he’s going to be ok and has been flown back to Boston for additional treatment.
From Motherboard (emphasis mine):
Several departments inside social media giant Snap have dedicated tools for accessing user data, and multiple employees have abused their privileged access to spy on Snapchat users, Motherboard has learned.
I am SHOCKED 🙄
Oh wait, no, I’m not. Can we just burn the entire tech industry to the ground now?
Instagram’s website leaked user contact information, including phone numbers and email addresses, over a period of at least four months, a researcher says.
It seems like there’s a similar article every week and every time I consider going back, I’m reminded of why I left.
From Brett Terpstra:
If you don’t already have the scoop, it’s the search engine that can serve as a complete replacement for Google (and Bing and whatever else you like), except it respects your privacy and security. And while Google does some cool tricks, DuckDuckGo does some even better ones.
I’ve tried switching to DuckDuckGo a couple of times and always ended up going back to Google. Maybe I’ll try it again and these tips — particularly the “bang” searches — will help me stick with it.
From The Onion:
Wondering how the social media giant will unethically exploit their personal data next, Facebook users conceded Friday they are morbidly curious to see what the company does to them in order to recoup its losses following a $5 billion Federal Trade Commission fine.
I know this is from the Onion, but this sort of shit really is exactly why I left.