 Skip to content
Do you have adblock enabled?
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(NPR)   Zoom CEO: Man, if I'd ever thought people would actually start using our crappy service, I might have spent a little bit of time thinking about, like, security and stuff   (npr.org) divider line
38
    More: Dumbass, Law enforcement agency, popular video conferencing service Zoom, Federal Bureau of Investigation, Eric Yuan, virtual meeting, Police, Zoom CEO, NPR All Things  
•       •       •

1045 clicks; posted to Main » on 08 Apr 2020 at 4:35 PM (1 hour ago)   |   Favorite   |   Watch    |   share:  Share on Twitter share via Email Share on Facebook   more»



38 Comments     (+0 »)
 
Log in (at the top of the page) to enable voting.
View Voting Results: Smartest and Funniest
 
edmo [TotalFark] [BareFark]
‘’ 2 hours ago  
It's always about getting it up and running. Security comes later. Always.
 
Unobtanium [TotalFark] [BareFark]
‘’ 1 hour ago  
"We're going to transform our business to a privacy-and-security-first mentality."

Thanks. Makes me feel much better.
 
LowbrowDeluxe
‘’ 1 hour ago  
Okay, Zoomer.
 
tricycleracer
‘’ 1 hour ago  
The Big 4 I work for laughed at a town hall question about using Zoom for clients meetings.
 
smed7 [TotalFark] [BareFark]
‘’ 1 hour ago  

edmo: It's always about getting it up and running. Security comes later. Always.


Hands down.  And deferring hardening & documentation can usually be traced back to some bean-counter who doesn't care how his computer works, only that it does.
 
The Pope of Manwich Village [TotalFark]
‘’ 1 hour ago  
Technology always outpaces ethics.
 
donh
‘’ 1 hour ago  
So he hires the guy that was yhere when The Facebooks farked it all up.  Great move dood!
 
Percise1
‘’ 1 hour ago  
Meh...
I use Zoom for a class that started as a lab and is now on-line, and the teacher is able to lock it somehow so random dipschits can't join. I don't know the specifics, but it seems to be a function. Maybe people just weren't using it to it's ability?
And no, I'd never use it for anything important or secure.
 
Aldon
‘’ 1 hour ago  
I like Zoom for casual, insecure small (<25) meetings but for an enterprise solution it is lacking in lots of areas, security is just one of them.

I think VTC software is going to be like web browsers in the next few years... you really can't have only one in an enterprise, one can't do everything you need well.
 
MycroftHolmes
‘’ 1 hour ago  

edmo: It's always about getting it up and running. Security comes later. Always.


Sometimes, not at all.  There are multiple billion dollar software companies that I am aware of require special , hardened versions of their software to pass standard pen tests.  The number of times I have seen medical devices or interfaces that have default, hardwired passwords is, well, the number is far greater than it should be.

When you are making a land grab to capture market share, or fighting off competition, you slam together your feature sets as quickly as possible, and never mind the technical debt. 

Security is usually on the bottom of the list, and stuff gets added to the top of the list all the time.
 
foo monkey [TotalFark]
‘’ 1 hour ago  
You can fry an egg on my mousepad during a Zoom session. My desktop singes my leg hair during a zoom session.
 
pdieten [BareFark]
‘’ 1 hour ago  

tricycleracer: The Big 4 I work for laughed at a town hall question about using Zoom for clients meetings.


If you're a Big 4 your company should be licensing a real enterprise collaboration package like Webex or similar, and can use it to invite your clients to meetings.
 
Lochsteppe [TotalFark]
‘’ 1 hour ago  
I'm using Zoom right now for office hours. No one's dropped by so far today, but no unsolicited nudity either. I suspect that doesn't happen nearly as often as salacious news stories make it seem like.

/Darn it
 
tricycleracer
‘’ 1 hour ago  

pdieten: tricycleracer: The Big 4 I work for laughed at a town hall question about using Zoom for clients meetings.

If you're a Big 4 your company should be licensing a real enterprise collaboration package like Webex or similar, and can use it to invite your clients to meetings.


We have like 5 options from WebEx to MS Teams to Google Hangouts and who knows what else.  Apparently some tax clients are specifically asking for Zoom meetings.
 
CheatCommando
‘’ 1 hour ago  

Percise1: Meh...
I use Zoom for a class that started as a lab and is now on-line, and the teacher is able to lock it somehow so random dipschits can't join. I don't know the specifics, but it seems to be a function. Maybe people just weren't using it to it's ability?
And no, I'd never use it for anything important or secure.


Oh come now, if you share information like that how will people who've never created anything more complicated than a TPS report get to complain and seem hip and bitter?
 
Strategeryz0r
‘’ 1 hour ago  
We use zoom for client and company meetings, and I have clients now asking to use something OTHER than zoom because of the all the news. Our CISO has started exploring other options because we're getting so many requests to not use zoom from clients it's unreal.
 
Tom_Slick [TotalFark]
‘’ 1 hour ago  

Percise1: Meh...
I use Zoom for a class that started as a lab and is now on-line, and the teacher is able to lock it somehow so random dipschits can't join. I don't know the specifics, but it seems to be a function. Maybe people just weren't using it to it's ability?
And no, I'd never use it for anything important or secure.


My company has used Zoom for years, it has always had that capability but you've had to be an expert user to know how to turn it on. Now they have made security easier to use.
 
morg [TotalFark]
‘’ 1 hour ago  
Is Zoom free and Webex/Skype cost money? I never use this stuff except at work.
 
kpaxoid
‘’ 1 hour ago  
Installed Zoom for the first time yesterday for a big teleconference.  Started it and verified video, audio, and mic were working.

Time for the big teleconference arrived and I started Zoom and entered the meeting code and password.

Zoom crashed immediately and restarted itself.

Repeat.

Repeat.

Zoom CEO has bigger problems than he imagines.
 
SumoJeb
‘’ 1 hour ago  
I hate zoom. I've been trying to join my penis flashers anonymous meeting via zoom all week, but I keep joining random business meetings instead!
 
iToad [TotalFark]
‘’ 1 hour ago  

MycroftHolmes: edmo: It's always about getting it up and running. Security comes later. Always.

Sometimes, not at all.  There are multiple billion dollar software companies that I am aware of require special , hardened versions of their software to pass standard pen tests.  The number of times I have seen medical devices or interfaces that have default, hardwired passwords is, well, the number is far greater than it should be.

When you are making a land grab to capture market share, or fighting off competition, you slam together your feature sets as quickly as possible, and never mind the technical debt. 

Security is usually on the bottom of the list, and stuff gets added to the top of the list all the time.


Like they say, move fast and break things. I'm sure that this development method will be very useful at companies that make software for medical devices, aircraft, spacecraft, or autonomous vehicles.

What is this "Software Quality Assurance" that you speak of?
 
Ant
‘’ 1 hour ago  

MycroftHolmes: The number of times I have seen medical devices or interfaces that have default, hardwired passwords is, well, the number is far greater than it should be.


My son's old insulin pump had questionable security on the wireless connection between the glucose meter and the pump. Someone could've easily given him a fatal overdose by intercepting the signal.
 
Bela_Bar-talk
‘’ 57 minutes ago  
I used Zoom for the first time on Monday for an online D&D session. It was a couple of firsts for me:
The first time I've played the game.
The first time I've used Zoom (or any thing like it)
That being said, everything went well.
 
little big man [TotalFark]
‘’ 56 minutes ago  
I worked for a startup company and one of our product's security holes would allow a bad actor to spit out a ton of spam using the company's legit email infrastructure.  We told the dev VP that it was really bad and it needed attention ASAP but he sat on it for a long, long time until one day that bad actor came and found the hole.  In one day, our product domain got blacklisted by every ISP/search engine under the sun and every CIO/CTO we did business with called wanting someone's nuts on a platter.  Never time to do it right, always time to do it over.
 
bluewave69
‘’ 55 minutes ago  
well to be fair id say 99% of small software firms would be found to have crappy security if half the planet started using it overnight.
 
Glockenspiel Hero [TotalFark] [BareFark]
‘’ 52 minutes ago  

edmo: It's always about getting it up and running. Security comes later. Always.


For our college, exactly.  I had just over a week to transition 300+ faculty to online learning, the vast majority of whom had never done it at all.  Some of them still had their admin assistants print their email.

Did I tell them about Zoom's security features?  Yes.  Specifically, I told them how to turn them off, because if given a choice between having 400+ classes with ~2500 students go well Monday morning or dealing with an occasional troll I know which was the right choice.

I'm going back now and explaining how to use passwords and waiting rooms because they and the students know what to do now, but sometimes ease of use really does need to trump security.
 
Percise1
‘’ 52 minutes ago  

CheatCommando: Percise1: Meh...
I use Zoom for a class that started as a lab and is now on-line, and the teacher is able to lock it somehow so random dipschits can't join. I don't know the specifics, but it seems to be a function. Maybe people just weren't using it to it's ability?
And no, I'd never use it for anything important or secure.

Oh come now, if you share information like that how will people who've never created anything more complicated than a TPS report get to complain and seem hip and bitter?


At least I'm fun at parties?

Tom_Slick: My company has used Zoom for years, it has always had that capability but you've had to be an expert user to know how to turn it on. Now they have made security easier to use.


Makes sense, I would have no idea either, but my experience started 9 days ago...
But yes, obviously enhanced features and ease of use would be ideal.
 
Percise1
‘’ 48 minutes ago  

Ant: MycroftHolmes: The number of times I have seen medical devices or interfaces that have default, hardwired passwords is, well, the number is far greater than it should be.

My son's old insulin pump had questionable security on the wireless connection between the glucose meter and the pump. Someone could've easily given him a fatal overdose by intercepting the signal.


It is depressing to think anyone would go there.
I have to ask though, why does that have to be wireless? The meter is attached, the pump is attached... 1 cable... I obviously don't get it. *shrug*
 
Glockenspiel Hero [TotalFark] [BareFark]
‘’ 48 minutes ago  

morg: Is Zoom free and Webex/Skype cost money? I never use this stuff except at work.


Zoom is free for short meetings (40 minutes)  The version you'll use as a school or a company isn't, although the pricing isn't bad at all for what you get.  Our SPSS site license (80 seats) is 50% more than the entire campus Zoom license.

WebEx and Skype are sort of free depending on what else you pay for- we have the former through our new phone switch and the latter (actually MS Teams) through a O365 subscription.
 
Random Anonymous Blackmail [TotalFark]
‘’ 46 minutes ago  
smed7
Hands down. And deferring hardening & documentation can usually be traced back to some bean-counter who doesn't care how his computer works, only that it does.

How much does security cost??? It's not in the budget.
 
Iworkformsn
‘’ 45 minutes ago  
"He also has hired Alex Stamos, who was Facebook's chief security officer during the 2016 presidential election, when Russia and others used that platform to spread disinformation."


Oh well, problem solved
 
oukewldave
‘’ 45 minutes ago  
My fairly large company recently switched to Zoom.  It's actually really nice, compared to the garbage we had before...
 
GrogSmash
‘’ 40 minutes ago  
Unfortunately, if securitity is a primary concern, from the start of the design phase, you can never really fix it.  You might be able to patch a few holes, but it's just putting lipstick on a pig... it isn't going to give you a $10k/night hooker.

Your only real option is v2.0, written from scratch.
 
GrogSmash
‘’ 38 minutes ago  

GrogSmash: Unfortunately, if securitity is a primary concern, from the start of the design phase, you can never really fix it.  You might be able to patch a few holes, but it's just putting lipstick on a pig... it isn't going to give you a $10k/night hooker.

Your only real option is v2.0, written from scratch.


Learn to preview numbnuts...

... if security isn't a primary concern...
 
Enigmamf [TotalFark] [BareFark]
‘’ 37 minutes ago  

Lochsteppe: I'm using Zoom right now for office hours. No one's dropped by so far today, but no unsolicited nudity either. I suspect that doesn't happen nearly as often as salacious news stories make it seem like.

/Darn it


The bigger the class the more likely some jerk will leak it to zoombombers.  And they're more likely to leak big lectures because that gives the kind of juvenile asshole who does this their kicks.
 
MycroftHolmes
‘’ 30 minutes ago  

iToad: MycroftHolmes: edmo: It's always about getting it up and running. Security comes later. Always.

Sometimes, not at all.  There are multiple billion dollar software companies that I am aware of require special , hardened versions of their software to pass standard pen tests.  The number of times I have seen medical devices or interfaces that have default, hardwired passwords is, well, the number is far greater than it should be.

When you are making a land grab to capture market share, or fighting off competition, you slam together your feature sets as quickly as possible, and never mind the technical debt. 

Security is usually on the bottom of the list, and stuff gets added to the top of the list all the time.

Like they say, move fast and break things. I'm sure that this development method will be very useful at companies that make software for medical devices, aircraft, spacecraft, or autonomous vehicles.

What is this "Software Quality Assurance" that you speak of?


We had a device that gave clinically incorrect therapy if you changed the display brightness.  This was one where we had outsourced the engineering to a third party.

The company I worked for no longer sells that device.

It was in the news awhie back that one of the major EMR (not Epic or Cerner) companies had been faking some of their interoperability tests with canned data.  This was a multi billion dollar company. 

The scrappy, make it work at any costs model of startups doesn't always evolve into a mature product.
 
MycroftHolmes
‘’ 24 minutes ago  

little big man: I worked for a startup company and one of our product's security holes would allow a bad actor to spit out a ton of spam using the company's legit email infrastructure.  We told the dev VP that it was really bad and it needed attention ASAP but he sat on it for a long, long time until one day that bad actor came and found the hole.  In one day, our product domain got blacklisted by every ISP/search engine under the sun and every CIO/CTO we did business with called wanting someone's nuts on a platter.  Never time to do it right, always time to do it over.


Luckily, the company I worked for never got exploited, but we used to do crap like store full database backup dumps of live clients on unencrypted public shares.  These were DB's with PHI and PII for literally tens of millions of patients.  The company was trying to transition from startup (they just got their Series B funding) to mid-growth mentality, but they didn't have time for infosec.  The one guy who was concerned about infosec eventually quit because he got so frustrated at leadership ignoring the issue.
 
Aldon
‘’ 9 minutes ago  
People think Zoom is great (so do I) until they have to use it for anything but a simple meeting and sharing slides.
 
Displayed 38 of 38 comments

Log in (at the top of the page) to enable voting.
View Voting Results: Smartest and Funniest

Redisplay/refresh comments
 
If you're having problems voting, quoting, or posting comments, try disabling any browser add-ons that might disable Javascript (NoScript, AdBlock, etc). See our FAQ.
 
   Forgot password? Create an account to make comments
  Use HTML Buttons
If you can see this, something's wrong with your browser's CSS support. (Or you're a spambot.)
 
Before adding a comment, please take a minute to review our posting rules and our legal/privacy policy.
By commenting, you agree to these terms. You might also want to take a look at our FAQ.

Continue Farking

If you like these links, you'll love

TotalFark

All the submissions, none of the calories.

learn more | sign up
On Twitter

In Other Media
X

  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.