![]() ![]() The flaw was discovered by researchers from the group Sakura Samurai as part of a bug bounty program offered by Zoom, which acquired Keybase in May, 2020. Zoom said it has fixed the flaw in the latest versions of its software for Windows, macOS and Linux.Īccording to researcher John Jackson of Sakura Samurai, the Keybase flaw manifested itself in two ways. First: Jackson discovered that images that were copy and pasted into Keybase chats were not reliably deleted from a temporary folder, /uploadtemps, associated with the client application. We will not build any cryptographic backdoors to allow for the secret monitoring of meetings.“In general, when you would copy and paste in a Keybase chat, the folder would appear in (the uploadtemps) folder and then immediately get deleted,” Jackson told Security Ledger in a phone interview. We also do not have a means to insert our employees or others into meetings without being reflected in the participant list.Zoom has not and will not build a mechanism to decrypt live meetings for lawful intercept purposes.Zoom does not and will not proactively monitor meeting contents, but our trust and safety team will continue to use automated tools to look for evidence of abusive users based upon other available data.We will continue to work with users to enhance the reporting mechanisms available to meeting hosts to report unwanted and disruptive attendees. ![]() Zoom is also taking various steps in relation to user privacy. We can't be more specific than that, because we're just diving in. So, our shortest-term directive is to significantly improve our security effectiveness, by working on a product that's that much bigger than Keybase. Of course, if anything changes about Keybase’s availability, our users will get plenty of notice. Ultimately Keybase's future is in Zoom's hands, and we'll see where that takes us. There are no specific plans for the Keybase app yet. Initially, our single top priority is helping to make Zoom even more secure. In a separate blog post, Keybase explains what it will be doing: Keybase's experienced team will be a critical part of this mission. Our goal is to provide the most privacy possible for every use case, while also balancing the needs of our users and our commitment to preventing harmful behavior on our platform. This acquisition marks a key step for Zoom as we attempt to accomplish the creation of a truly private video communications platform that can scale to hundreds of millions of participants, while also having the flexibility to support Zoom's wide variety of uses. We are excited to integrate Keybase's team into the Zoom family to help us build end-to-end encryption that can reach current Zoom scalability". Since its launch in 2014, Keybase's team of exceptional engineers has built a secure messaging and file-sharing service leveraging their deep encryption and security expertise. In a statement about the acquisition, Zoom's Eric S Yuan says: "We are proud to announce the acquisition of Keybase, another milestone in Zoom’s 90-day plan to further strengthen the security of our video communications platform. A detailed draft cryptographic design is due to be published on Friday, May 22 ![]() Zoom has the bold ambition of creating an "equivalent or better security than existing consumer end-to-end encrypted messaging platforms". When end-to-end encryption arrives, meetings that use it will not support phone bridges, cloud recording or non-Zoom conference room systems. The problem with the current method of encryption is that, while it uses the industry-standard AES-GCM with 256-bit keys, some encryption keys are stored in the cloud to allow for interoperability with other systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |