6/13/2023 0 Comments Flaws in deleted zoom keybase kept![]() ![]() The Keybase service will be part of Zoom's paid offering, not the free service. "Teaming up with Zoom really gives us an amazing opportunity to apply all our technology and all our expertise at a scale that's much larger." "These are subtle problems and we've been working on this problem for roughly five years, and nothing else," said Krohn. Yuan said after he talked with Krohn and dug into Keybase's software, he was convinced this was the right deal. In early April, Yuan hired former Facebook security chief Alex Stamos as a consultant to help the company beef up its efforts after apologizing to users for falling "short of the community's - and our own - privacy and security expectations." Within days, Stamos was on the phone with Keybase co-founder Max Krohn, and the teams started working toward a deal. Zoom has acknowledged that it was unprepared for the sudden spike in usage, which has surged thirtyfold since the end of December as millions of office workers were forced to comply with lockdown orders. Yuan has made security his primary focus over the past month, after Zoom was hammered by critics for allowing "zoombombings" from unwelcome guests, allegedly misleading investors about its level of encryption, and revelations that its app shares personal data with Facebook. Yuan said it's critical that users know that the encryption key is not on Zoom's servers, so the company has no access to the contents of the call. That setting will prevent anyone from calling in by phone, which is one way people can access meetings, and will disable cloud-based recording of the chat. When Keybase is implemented, the Zoom user who schedules a meeting will be able to choose end-to-end encryption. Zoom CEO Eric Yuan told CNBC the company needed a solution for users who are demanding the highest level of privacy and certainty that uninvited participants have no access to their conversations. The acquisition of the 25-person start-up is the latest move in a 90-day plan that Zoom announced on April 1 to fix its security flaws. Personal Loans for 670 Credit Score or Lower ![]() Personal Loans for 580 Credit Score or Lower However, in the context of an end-to-end encrypted communications application like Keybase, the failure takes on added weight, Jackson wrote.Best Debt Consolidation Loans for Bad Credit In most cases, the failure to remove files from cache after they were deleted would count as a "low priority" security flaw. Users can help keep themselves secure by applying current updates or downloading the latest Keybase software with all current security updates," the spokesman said. "We addressed the issue identified by the Sakura Samurai researchers on our Keybase platform in version 5.6.0 for Windows and macOS and version 5.6.1 for Linux. In a statement, a Zoom spokesman said that the company appreciates the work of the researchers and takes privacy and security "very seriously." The application used a custom extension to name the files, but they were easily viewable directly or simply by changing the custom file extension to the PNG image format, researcher John Jackson told Security Ledger. Sakura Samurai researchers Aubrey Cottle, Robert Willis, and Jackson Henry discovered an unencrypted directory, /Cache, associated with the Keybase client that contained a comprehensive record of images from encrypted chat sessions. It comes as millions of users have flocked to apps like Keybase, Signal and Telegram in recent months. However, it could put their security, privacy and safety at risk, especially for users living under authoritarian regimes in which apps like Keybase and Signal are increasingly relied on as a way to conduct conversations out of earshot of law enforcement or security services. The flaw in the encrypted messaging application, CVE-2021-23827 does not expose Keybase users to remote compromise. Chicksdaddy writes: The Security Ledger reports that a flaw in Zoom's Keybase secure chat application left copies of images contained in secure communications on Keybase users' computers after they were supposedly deleted, according to researchers from the security research group Sakura Samurai. ![]()
0 Comments
Leave a Reply. |