Logged-in users will generate public cryptographic identities that are stored in a repository on Zoom’s network and can be used to establish trust relationships between meeting attendees. Zoom will offer an end-to-end encrypted meeting mode to all accounts. However, for hosts who seek to prioritize privacy over compatibility, we will create a new solution. Additionally, some features that are widely used by Zoom clients, such as support for attendees to call into a phone bridge or use in-room meeting systems offered by other companies, will always require Zoom to keep some encryption keys in the cloud. However, the encryption keys for each meeting are generated by Zoom’s servers. With the recent Zoom 5.0 release, Zoom clients now support encrypting audio, video, chat, and screen sharing content using industry-standard 256-bit AES-GCM. It is not decrypted until it reaches the recipients’ devices. Today, audio and video content flowing between Zoom clients (e.g., Zoom Rooms, laptop computers, and smartphones running the Zoom app) is encrypted at each sending client device. Keybase’s experienced team will be a critical part of this mission. Our goal is to provide the most privacy possible for every use case, while also balancing the needs of our users and our commitment to preventing harmful behavior on our platform. This acquisition marks a key step for Zoom as we attempt to accomplish the creation of a truly private video communications platform that can scale to hundreds of millions of participants, while also having the flexibility to support Zoom’s wide variety of uses. We are excited to integrate Keybase’s team into the Zoom family to help us build end-to-end encryption that can reach current Zoom scalability. Since its launch in 2014, Keybase’s team of exceptional engineers has built a secure messaging and file-sharing service leveraging their deep encryption and security expertise. This is a positive indication of how Zoom is treating Keybase following its acquisition and a step to attenuate the worries that the community had concerning the real intentions of the video conference company.We are proud to announce the acquisition of Keybase, another milestone in Zoom’s 90-day plan to further strengthen the security of our video communications platform. The bug bounty received by the Sakura Samurai team for this finding was $1,000, while the hacking group commented that Zoom was very responsive to their reports. IN ZOOM KEYBASE APP CHAT FROM FULLThe patched releases came out on January 23, 2021, so it’s been a full month already. IN ZOOM KEYBASE APP CHAT FROM UPDATEIf you are using an earlier version, make sure to update your Keybase client immediately. IN ZOOM KEYBASE APP CHAT FROM WINDOWSThus, CVE-2020-23827 has already been reported to the firm and subsequently fixed with the release of Keybase 5.6.0 for Windows and Keybase 5.6.1 for macOS and Linux. The discovery of the flaws came thanks to Zoom's bug bounty hunting program when it acquired the project back in May 2020. These users may have their devices seized by the police for analysis so that the “physical access” part wouldn’t be far-fetched for a significant portion of Keybase’s userbase. This is very bad, especially for users who have picked Keybase specifically to stay safe from authoritarian regimes. Thus, if an attacker manages to establish local access onto the user’s machine, they could potentially access files that have supposedly been securely erased on Keybase.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |