I find the article confusing and somewhat sensationalist.

The main thrust of the article describes a bug bounty, funded by Dropbox (an investor in Zoom) that discovered critical (ie, take over the host's computer) bugs that were acknowledged and fixed in 2019. But this is interspersed with a very different security issue, meeting-bombing that are being addressed with feature upgrades (such as a waiting-room facility) in 2020.

Having said that, the response from Zoom management to all of this still appears ... unsatisfying. The main reason why Zoom has gone viral is because if its free option which other players (Microsoft Teams, Google Meet, Webex) don't have. Surprising since it's usually Google that dominates with the freemium model (GDocs, Gmail, Drive etc) but not here,

- Evan


On Tue, 21 Apr 2020 at 15:38, D. Hugh Redelmeier via talk <talk@gtalug.org> wrote:
This talks about the (bad) history of security at Zoom.
<https://www.nytimes.com/2020/04/20/technology/zoom-security-dropbox-hackers.html>

---
Post to this mailing list talk@gtalug.org
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk


--
Evan Leibovitch, Toronto Canada
@evanleibovitch or @el56