Your Mac could be hijacked through major security flaw in Zoom conferencing

first_img 14 Photos Now playing: Watch this: The top 3 upgrades in MacOS Catalina 0 4:39 Apple Aug 31 • iPhone XR vs. iPhone 8 Plus: Which iPhone should you buy? In a statement, Zoom said the local web server is a workaround for Apple’s Safari 12 web browser, introduced last September.”Zoom installs a local web server on Mac devices running the Zoom client,” the statement reads. “This is a workaround to an architecture change introduced in Safari 12 that requires a user to accept launching Zoom before every meeting. The local web server automatically accepts the peripheral access on behalf of the user to avoid this extra click before joining a meeting. We feel that this is a legitimate solution to a poor user experience, enabling our users to have seamless, one-click-to-join meetings, which is our key product differentiator.”In regard to a potential denial of service attack, Zoom says it has no record of such a weakness being exploited, and says it fixed that security flaw in May. Along with the likes of Slack, Uber and Pinterest, Zoom is one of many tech companies to go public in 2019. It raised $356 million upon its April 18 IPO, with its shares trading as high as $66 on that day. The stock has risen since, currently sitting at around $90.70. Post a comment Aug 31 • iPhone 11, Apple Watch 5 and more: The final rumors Enlarge ImageZoom says the flaw was born out of a workaround for Safari 12. Sarah Tew/CNET Your computer’s webcam has always been a gateway for potential security intrusion, which is why people like Mark Zuckerberg and ex-FBI head James Comey put tape over theirs. On Monday, security researcher Jonathan Leitschuh gave Mac users another reason to fret over their webcams — there’s a security flaw in the Zoom video-conferencing app.Zoom is most notable for its click-to-join feature, through which clicking on a browser link takes you directly to a video meeting in Zoom’s app. But Leitschuh in a Medium post explained that he months ago discovered Zoom achieves this in insecure ways, allowing websites to join you to a call as well as activating your webcam without your permission.He added that this would allow any webpage to denial-of-service a Mac by repeatedly joining you to an invalid call. Uninstalling the Zoom app from your Mac isn’t enough to fix the problem, either. Zoom achieves its click-to-join function by installing a web server on your computer — which can reinstall Zoom without your permission.”If you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you,” Leitschuh writes, “without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.”1-mrgy9jojkkjsrp-xjsyomwHere’s the first setting you should change in Zoom. Jonathan Leitschuh/Medium For those of you who have the Zoom app installed on your Mac, Leitschuh, in his Medium post, lists directions to neutralize the local server in his Medium post. You should also activate the Turn off my video setting when joining a meeting, as seen above.The researcher said he contacted Zoom on March 26, giving the company a public disclosure deadline of 90 days. He said Zoom patched the issue, disabling the ability of a webpage to automatically turn on your webcam, but still this partial fix regressed on July 7, allowing webcams to once again be turned on without permission. reading • Your Mac could be hijacked through major security flaw in Zoom conferencing app Aug 31 • Verizon vs AT&T vs T-Mobile vs Sprint: Choose the best 5G carrier • See All Share your voice Aug 31 • Your phone screen is gross. Here’s how to clean it Apple Tags Computers Security Apple Mac Pro: Expensive, sleek and definitely not for grating cheeselast_img read more

Court takes charges into cognizance over assaulting woman by policemen

first_imgA Jhenaidah court on Tuesday took cognizance of the charges against eight police personnel over assaulting woman, demanding extortion and giving threat to evict a family from their land, reports UNB.The court also ordered Police Bureau of Investigation (PBI) to investigate the incident and submit its report within 30 days.Golam Sheikh of Hamdampur village of Shailkupa upazila filed a complaint petition with the court of Shailkupa judicial magistrate Kazi Ashrafuzzaman against sub-inspector Ilias Mollah of Kochua investigation centre and seven others police personnel.Later, the court took the cognizance of the charges and ordered PBI to look into the matter.The court also ordered the authorities concern to ensure the security to the defendants.According to the court statement, the accused police personnel went to the ancestral home of Golam Sheikh and tried to evict them.The accused also assaulted the wife of Golam Sheikh while she was trying to protest the cops.The police personnel also carried out vandalism at the home and demanded extortion of Tk 100,000 from them.last_img read more

Disaster Relief Bill Should Finally Bring 4 Billion To Texas Woman Accuses

first_imgTuesday, June 4, 2019Top afternoon stories:Air Force photo by Tech. Sgt. Larry E. Reid Jr.An aerial view of the flooding caused by Hurricane Harvey in Houston, Texas, Aug. 31, 2017.Disaster Relief Bill Should Finally Bring $4 Billion To TexasThe U.S. House of Representatives passed a $19.1 billion disaster relief bill Monday evening, which President Donald Trump is expected to sign. A key provision of the bill is a White House “shot clock,” implemented by Texas Senator John Cornyn, which would require the Office of Management and Budget to release more than $4 billion in disaster aid owed to Texas within a 90-day window. After Congress approved more than $16 billion in disaster relief funds in early 2018, efforts by Texas representatives to secure the state’s share have been frustrated by bureaucratic hurdles in OMB and the U.S. Department of Housing and Urban Development.U.S. Rep. Lizzie Pannill Fletcher, a Houston Democrat, and U.S. Rep. Randy Weber, a Friendswood Republican, recently introduced a bill with similar language to Cornyn’s provision demanding that HUD release the long overdue $4 billion to Houston-area districts still recovering from Hurricane Harvey.John L. Mone/APCardinal Daniel Dinardo.Woman Accuses Cardinal DiNardo Of Dismissing Sex Abuse CaseA Texas woman has accused Cardinal Daniel DiNardo, head of the Archdiocese of Galveston-Houston and the U.S. Conference of Catholic Bishops, of dismissing a sex abuse case that involved a local highly-ranked clergy member.Laura Pontikes’ first report to the archdiocese about Monsignor Frank Rossi drawing her into a relationship that entailed sexual encounters had occurred in April 2016, according to The Associated Press. In December of that year, Pontikes met with DiNardo in Houston to talk to him about the relationship and says the cardinal declared her a “victim” of the priest.Pontikes says she was assured Rossi would never be a pastor or counsel women again, but subsequently found out that DiNardo had allowed the priest to take a new job as pastor in east Texas.The archdiocese acknowledged an inappropriate physical relationship between Rossi and Pontikes, but asserted that it was consensual and didn’t include sexual intercourse. In a written statement to AP, it defended its handling of the case, saying Rossi was immediately placed on leave and went for counseling after Pontikes reported him.Rossi’s alleged sexual relationship with Pontikes is now the subject of a criminal investigation in Houston.AP Photo/James MacPhersonA protest encampment along the route of the Dakota Access oil pipeline in North Dakota in 2017.Pipeline Protesters Could Face 20 Years In PrisonProtesters could face up to 20 years in prison for interfering with oil and gas pipelines under a new proposal from the Trump Administration.The plan, if approved by Congress, would go beyond a similar crackdown Texas lawmakers approved during the recent state legislative session.It’s already against federal law to damage or destroy certain pipelines or pipeline facilities, namely those that are used in interstate or international commerce. But a proposal to Congress from the U.S. Department of Transportation would also make it illegal to vandalize or disrupt pipelines.The possible 20-year sentence is tougher than the 10 years protesters could soon face under a Texas bill headed to Gov. Greg Abbott’s desk.The Trump Administration’s pitch to Congress is part of a much broader proposal aimed at enhancing pipeline safety across the country. Sharelast_img read more