Last week, Google sent an email to employees whose work laptops had the Zoom app installed that cited its “security vulnerabilities” and warned that the videoconferencing software on employee laptops would stop working starting this week.
. . . “Recently, our security team informed employees using Zoom Desktop Client that it will no longer run on corporate computers as it does not meet our security standards for apps used by our employees. https://www.buzzfeednews.com/article/pranavdixit/google-bans…
Personal use is not banned, but corporate assets are not to use Zoom, as I understand the story.
On another note, I am not encouraged that Zoom hired the former CSO of Facebook. Is Facebook’s reputation that of respect for privacy and security? No. But, if I were hoping to establish the world’s largest surveillance network despite bad press, that’s who I would have hired. Perfect resume, really.
Maybe Zoom will be just as successful as Facebook, maybe more. I have no position, one way or another, in either, nor do I intend to. But lots of people here have real money in Zoom, and this story marks an important moment.
Google is a Zoom competitor, not so surprising that they banned Zoom, or at least the desktop client. I’m sure Cisco and Microsoft will do the same, if they haven’t already… It’s like Pepsi banning Vanilla Coke or whatever…
Having said that, two points:
1 - Zoom screwed up, clearly. The CEO has been quite open about it, there is no debate. They dropped the ball on security, and they are seeing a well deserved backlash. We can make excuses (unexpected massive growth, etc., etc.), but whatever. Bottom line: it was a huge fail.
2 - To their credit, Zoom’s CEO has thrown everything and the kitchen sink at security now. It has actually been quite impressive to see the pivot, and it isn’t just talk. The bugs and/or features they’ve fixed just over the past couple of weeks is quite impressive. I even see skeptical security analysts starting to say that what Zoom is doing - and doing quickly - is actually very positive.
So let’s just see how it all plays out. I have to say when this first hit, I sold out of my position in Zoom. There were too many issues, and I wasn’t really expecting too much to change, just some happy talk about taking security seriously.
But I’ve recently bought back in, simply because of what Zoom is doing as an organization to correct this. I’ve never doubted the opportunity or their position vis-a-vis the competition, but I was worried about their commitment to security. They are clearly taking this very seriously, it’s not just talk, and the results so far are impressive.
1 - Zoom screwed up, clearly. The CEO has been quite open about it, there is no debate. They dropped the ball on security, and they are seeing a well deserved backlash. We can make excuses (unexpected massive growth, etc., etc.), but whatever. Bottom line: it was a huge fail.
It certainly has been a big impact in the press, but I wonder how much of a real security fail it was. OK, Zoombombing is embarrassing and colorful and annoying to the bombed, but as a security flaw it was at best the wrong choice of default setting for new users, not in the flaw of the actual product. And the China servers seems to be mostly speculation of what might happen and what options there are to control it than it is a question of any material actually being compromised. Moreover, it seems that for every example where there is a supposed security weakness in a particular product, there is another product which does not have that weakness, i.e., it is not a question of them having to develop some new capability from scratch, but just think about their packaging.
And the China servers seems to be mostly speculation of what might happen and what options there are to control it than it is a question of any material actually being compromised.
As opposed to “actual” security breaches such at Target, Marriott, Equifax and others.