Scott Mortimer @ScottMortimer@infosec.exchange

Have some POTARC to start your week.

Privacy Online Test And Resource Compendium

https://github.com/CHEF-KOCH/Online-Privacy-Test-Resource-List/blob/master/README.md

Setup up your own Jitsi Meet server in less than 15 minutes

Jitsi Meet is an open source video conferencing solution which allows users to setup and share video conferences from a single web page with no apps or downloads necessary.

https://www.brring.com/2020/04/04/setting-up-a-jitsi-server-in-less-than-15-minutes/

Bruce Schneier weighs-in on the Zoom crypto and privacy flaws.

"I'm sure lots more of these bad security decisions, sloppy coding mistakes, and random software vulnerabilities are coming."

https://www.schneier.com/blog/archives/2020/04/security_and_pr_1.html

Getting Started with WireGuard

https://miguelmota.com/blog/getting-started-with-wireguard/

"We find that Zoom has “rolled their own” encryption scheme, which has significant weaknesses. In addition, we identify potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys through China."

Move Fast & Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings - The Citizen Lab

https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/

Pandemic Virus Outbreak? Fine.

Months-Long Quarantine at Home? Fine.

But *THIS* is unacceptable: https://librespeed.org/results/?id=1d9sm6t

As mentioned by @maxeddy

So Wait, How Encrypted Are Zoom Meetings Really?

The service's mixed messages have frustrated cryptographers, as the US government and other sensitive organizations increasingly depend on it.

https://www.wired.com/story/zoom-security-encryption/

How an anti ad-blocker works: Reverse-engineering BlockAdBlock

How I reversed an ad-blocker blocker and learned some history about ad-blocking.

https://xy2.dev/article/re-bab/

By-the-way, I just want to say that I personally have no problem with Zoom as a service. I am just concerned that many people are gravitating to a service that keeps popping up in my new feeds as having some rather significant issues. In this day and age, it is important that we share relevant security-related information and stay informed.

‘War Dialing’ Tool Exposes Zoom’s Password Problems
https://krebsonsecurity.com/2020/04/war-dialing-tool-exposes-zooms-password-problems/

The internet is now rife with places where you can organize Zoom-bombing raids

https://www.zdnet.com/article/the-internet-is-now-rife-with-places-where-you-can-organize-zoom-bombing-raids/

Oh hohoho..this is some seriously ironic stuff. The country with probably the largest cyber- espionage capability in the world claims TCP/IP is so broken and insecure that they need to fork the Internet and start their own.
#forkoff

NATO Report Warns of New Authoritarian Chinese Splinternet

China’s plans to replace TCP/IP being pushed through at ITU level

https://www.infosecurity-magazine.com/news/nato-warns-new-authoritarian/

Really? Another Zoom problem pops up in my news feed? WTF.

New York Attorney General Looks Into Zoom’s Privacy Practices

As the videoconferencing platform’s popularity has surged, Zoom has scrambled to address a series of data privacy and security problems.

https://www.nytimes.com/2020/03/30/technology/new-york-attorney-general-zoom-privacy.html