Follow

mind-bogglingly shortsighted zoom security flaw 

> Zoom defends the “workaround” as a “legitimate solution to a poor user experience, enabling our users to have seamless, one-click-to-join meetings, which is our key product differentiator.”

I'm agog that Zoom is defending their use of a hidden localhost web server to get around A SINGLE CLICK.

zoom shit; code block (bash) 

seems to work to block the localhost server from starting each time. The only "downside" is that you get prompted to open zoom each time. utterly infuriating.

# To prevent the vulnerable server from running on your machine
# (this does not impact Zoom functionality), run these two lines in your Terminal.

pkill "ZoomOpener"; rm -rf ~/.zoomus; touch ~/.zoomus && chmod 000 ~/.zoomus;

pkill "RingCentralOpener"; rm -rf ~/.ringcentralopener; touch ~/.ringcentralopener && chmod 000 ~/.ringcentralopener;

# (You may need to run these lines for each user on your machine.)

zoom shit; code block (bash) 

Explanation: removes the folders containing the hidden web server that opened holes in the OS's firewall. Creates empty files with the same name. Changes permissions on the files so that they can't be overwritten.

mind-bogglingly shortsighted zoom security flaw 

I know I shouldn't be surprised that for-profit enterprise-level software would prioritize 2% fewer angry calls from red-faced C-suite types to opening a massive security hole.

BUT STILL.

I'm sure they have reasonable engineers working for them. This is probably one of those goddamn things that devs pushed back on that PMs caved to higher-ups and allowed.

Sign in to participate in the conversation
Sunbeam City 🌻

Sunbeam City is a anticapitalist, antifascist solarpunk instance that is run collectively.