Thread: Can you legally turn a commercial shed into a house?
View Single Post
Old 04-06-2020, 01:59 PM   #252 (permalink)
freebeard
Master EcoModder
 
freebeard's Avatar
 
Join Date: Aug 2012
Location: northwest of normal
Posts: 27,649
Thanks: 7,764
Thanked 8,575 Times in 7,061 Posts
Quote:
Also, she wrote "Disable `File-Transfer' so there is no digital virus sharing."

Who says "Digital virus?!"
The only time I made the kind of money most Americas expect as their due, was fighting the virii, worms and trojans that Bill Gates exposed the world's computers to.

Quote:
Security: GHOST Vulnerability - Zoom Help Center
https://support.zoom.us/hc/en-us/art...-Vulnerability
Overview. The GHOST vulnerability is a 'buffer overflow' bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.
https://gbhackers.com/zoom-vulnerability/
Quote:
Zoom client for Windows supports for Universal Naming Convention (UNC), which is the feature that converts the URLs sent in the chat into hyperlinks.

So if the user click’s on the link it will open that with the default browser, but the problem resides in how the Zoom handles URLs.

A security researcher who goes by Twitter handles Mitch (@_g0dmode) discovered that Zoom client also converts the Windows networking UNC paths into a clickable URL.

If someone click’s on the UNC path URL then Windows will try to establish a connection with the remote site and windows will send the user’s login name and their NTLM password hash, by using the tools like John the Ripper, Rainbow, Hashcat crack attackers can capture the login credentials.
....
The problem is with the AuthorizationExecuteWithPrivileges API validation that fails to validate the binary that will be executed.

So a low-level user can inject the Zoom installer with malicious code to obtain the highest root privileges.

The second bug is with the Zoom module that handles webcam and microphone on Macs, an attacker could inject malicious code into Zoom that tricks the application to give access to the attacker also for the same session that webcam and microphone connected.

The vulnerabilities have been reported to Zoom by the researchers and no fix was provided yet.
__________________
.
.Without freedom of speech we wouldn't know who all the idiots are. -- anonymous poster
____________________
.
."We're deeply sorry." -- Pfizer
  Reply With Quote