SSI PDT VISIO – Zoom’s Encryption Is “Not Suited for Secrets”

Zoom’s Encryption Is “Not Suited for Secrets” and Has Surprising Links to China, Researchers Discover

Micah Lee

micah.lee@theintercept.com

@micahflee

9-11 minutes


Meetings on Zoom, the increasingly popular video conferencing service, are encrypted using an algorithm with serious, well-known weaknesses, and sometimes using keys issued by servers in China, even when meeting participants are all in North America, according to researchers at the University of Toronto.

The researchers also found that Zoom protects video and audio content using a home-grown encryption scheme, that there is a vulnerability in Zoom’s “waiting room” feature, and that Zoom appears to have at least 700 employees in China spread across three subsidiaries. They conclude, in a report for the university’s Citizen Lab — widely followed in information security circles — that Zoom’s service is “not suited for secrets” and that it may be legally obligated to disclose encryption keys to Chinese authorities and “responsive to pressure” from them.

Zoom could not be reached for comment.

https://theintercept.com/2020/04/03/zooms-encryption-is-not-suited-for-secrets-and-has-surprising-links-to-china-researchers-discover/

SSI RH – 1-2-3-Cyber Serious game de sensibilisation

1,2,3 Cyber est un jeu de société sur le thème de la cybersécurité,
permettant de sensibiliser les 11-14 ans de manière ludique aux risques d’Internet et aux bons réflexes et bonnes pratiques à adopter.

Ce jeu est le fruit d’une collaboration entre l’association CCJ et le cabinet de conseil Wavestone, avec la participation du dispositif Cybermalveillance.

https://github.com/wavestone-cdt/1-2-3-Cyber

SSI VEILLE – Qui contrôle Internet ?

Par Damien Leloup Publié le 01 septembre 2011 à 19h46 – Mis à jour le 14 mars 2012 à 18h47

Après la publication de notre article consacré au projet Commotion, qui permet de créer des réseaux informatiques non censurés et faciles à déployer dans des pays dictatoriaux, de nombreux lecteurs nous ont interpellés pour savoir qui contrôle aujourd’hui Internet. En raison de  sa nature décentralisée, Internet n’est pas « contrôlé » par un unique organisme, Etat, ou entreprise. Contrairement à une idée répandue, le réseau n’est pas non plus une « jungle » totalement libre : à tous les échelons, de nombreux organismes exercent ou peuvent exercer un contrôle ou une censure sur les informations qui y circulent.

https://www.lemonde.fr/technologies/article/2011/09/01/qui-controle-internet_1566544_651865.html#CP6LihRev4d6LPbl.99

SSI PDT – Operation Poisoned News – Mobile Malware via Local News Links

From Trend Micro

By Elliot Cao, Joseph C. Chen, William Gamazo Sanchez, Lilang Wu, and Ecular Xu

A recently discovered watering hole attack has been targeting iOS users in Hong Kong. The campaign uses links posted on multiple forums that supposedly lead to various news stories. While these links lead users to the actual news sites, they also use a hidden iframe to load and execute malicious code. The malicious code contains exploits that target vulnerabilities present in iOS 12.1 and 12.2. Users that click on these links with at-risk devices will download a new iOS malware variant, which we have called lightSpy (detected as IOS_LightSpy.A).

https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/