Mornings With Mark

Zoom.us had a pretty egregious security issue this week. Their response was poor despite the best efforts for responsible disclosure by the security research who discovered the issue. While this issue has dominated tech headlines, the real issue is much more significant and commonplace. Usability chosen over security. Scratch that, a push for usability without an awareness of security or privacy impacts. Yet another example of why security teams needs to change the way we work. It's time to do better. References; Alex Clayton on the Zoom IPO, https://medium.com/@alexfclayton/zoom-ipo-s-1-breakdown-119249acadd3 the disclosure from Jonathan Leitschuh, https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 action taken by Apple to remove the Zoom.us web server, https://techcrunch.com/2019/07/10/apple-silent-update-zoom-app/