My wife just ran an educational seminar on @zoom_us for a volunteer organization she helps and ... we witnessed our first Zoom bombing!
Slide defacing, violent threats, racial slurs - the works!
Reported to trust @ zoom.
But that won& #39;t stop me from investigating on my own!
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤠" title="Cowboy hat face" aria-label="Emoji: Cowboy hat face">
https://abs.twimg.com/emoji/v2/... draggable="false" alt="😉" title="Zwinkerndes Gesicht" aria-label="Emoji: Zwinkerndes Gesicht">
Slide defacing, violent threats, racial slurs - the works!
Reported to trust @ zoom.
But that won& #39;t stop me from investigating on my own!
They used a unique ID and password but distributed the invite too widely IMO
https://abs.twimg.com/emoji/v2/... draggable="false" alt="😕" title="Verwirrtes Gesicht" aria-label="Emoji: Verwirrtes Gesicht">
The default logs (PRO acct) leave *quite* a bit to be desired.
I may setup up Zoom event API (via webhook) as shown by @MSSPete: https://twitter.com/ItsReallyNick/status/1255320077580320770?s=20">https://twitter.com/ItsReally... (overkill for charity, but fun for next time)
The default logs (PRO acct) leave *quite* a bit to be desired.
I may setup up Zoom event API (via webhook) as shown by @MSSPete: https://twitter.com/ItsReallyNick/status/1255320077580320770?s=20">https://twitter.com/ItsReally... (overkill for charity, but fun for next time)
I& #39;ll also have them disable the annotation feature (In Meeting > Basics).
Though a birdie tells me they& #39;re switching to @MicrosoftTeams anyway
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🙃" title="Auf den Kopf gestelltes Gesicht" aria-label="Emoji: Auf den Kopf gestelltes Gesicht">
That said, I& #39;m pretty sure I can find these punks.
Zoom > Usage > Active Hosts:
Name (Original Name)
User Email
Join Time
Leave Time
Though a birdie tells me they& #39;re switching to @MicrosoftTeams anyway
That said, I& #39;m pretty sure I can find these punks.
Zoom > Usage > Active Hosts:
Name (Original Name)
User Email
Join Time
Leave Time
Email not required. (will also look into that setting)
Unless email is only exposed if you use an explicit sign-up email. That is, I don& #39;t know if OAuth-based auth shows up in Zoom& #39;s Active Hosts logging. Anyone know?
Unless email is only exposed if you use an explicit sign-up email. That is, I don& #39;t know if OAuth-based auth shows up in Zoom& #39;s Active Hosts logging. Anyone know?
Personal opinion: when it comes to security vs. usability, @zoom_us is incredibly usable!
I don& #39;t know what& #39;s important to them
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤷♂️" title="Achselzuckender Mann" aria-label="Emoji: Achselzuckender Mann">, so when sending this abuse report, I try to point to TOS
https://abs.twimg.com/emoji/v2/... draggable="false" alt="➡️" title="Pfeil nach rechts" aria-label="Emoji: Pfeil nach rechts"> https://zoom.us/terms
In">https://zoom.us/terms&quo... the abuse report I just sent, I noted
d. Prohibited Use (vi)
I don& #39;t know what& #39;s important to them
In">https://zoom.us/terms&quo... the abuse report I just sent, I noted
d. Prohibited Use (vi)
Some free and probably legal thing you can do for those attendees w/ email addresses*
https://abs.twimg.com/emoji/v2/... draggable="false" alt="1⃣" title="Tastenkappe Ziffer 1" aria-label="Emoji: Tastenkappe Ziffer 1">Thank them for attending the event inviting them to complete your survey/webhook using a tracking pixel [pictured]
THEY& #39;RE VIEWING NOW.
https://abs.twimg.com/emoji/v2/... draggable="false" alt="🤣" title="Lachend auf dem Boden rollen" aria-label="Emoji: Lachend auf dem Boden rollen">
*burner emails? compromised? are people this dumb?
THEY& #39;RE VIEWING NOW.
*burner emails? compromised? are people this dumb?
Use full-size original image (drop passed URL parameters) + @TinEye / Google reverse image search / others? (suggestions?)
A bunch of y& #39;all do professional recon... what& #39;d I leave out?