• chevron_right

      Why it does and doesn’t matter if Google, Microsoft, or Zoom certify your webcam

      news.movim.eu / ArsTechnica · Tuesday, 14 March, 2023 - 10:40

    Logitech Brio 500 webcamera docked on a monitor

    Enlarge / Logitech really wants you to know that its Brio 500 webcam works with Meet, Teams, Zoom, and Chromebooks. (credit: Logitech/Amazon )

    Logitech made a peculiar announcement in January.

    It proudly declared that its MX Master 3S wireless mouse, along with some of its other peripherals, had been certified to work with Intel Evo laptops. (Evo laptops are Intel-certified premium ultralights meeting certain criteria , like providing at least eight hours of battery life with a QHD display.) Imagine my shock when I realized I had been using that very mouse with a Dell XPS 13 (an Evo laptop) for almost eight months without Intel's blessing.

    Of course, even before the mouse gained Intel's stamp of approval, I had enjoyed hours of problem-free use. The same can be said of every functioning USB webcam I'm ever plugged into a computer. But that hasn't stopped countless peripheral makers from touting that their devices have been certified for Google Meet, Microsoft Teams, and Zoom.

    Read 59 remaining paragraphs | Comments

    • chevron_right

      Echappez-vous plus rapidement des réunions interminables

      news.movim.eu / Korben · Sunday, 19 February, 2023 - 08:00 · 1 minute

    Le plus gros progrès social qu’on a eu depuis le Covid, ce n’est pas seulement de ne plus faire la bise le matin à nos collègues qui puent de la gueule. C’est également la possibilité de télétravailler.

    Mais qui dit télétravail dit Visio Conférences obligatoires. C’est relou, mais ça rassure les chefs qui peuvent comme ça, s’assurer que vous êtes bien enchainé chez vous, à votre bureau, et pas en train de bosser sur une plage en Martinique.

    Seulement, les réunions en ligne, c’est super chiant et la plupart du temps, ça ne sert à rien. Y’a déjà du mail, du Slack voire des petits coups fils rapides qui sont beaucoup plus efficaces. Ce que je vous propose aujourd’hui, c’est donc un outil pour Windows qui va vous permettre de vous échapper plus rapidement de ces réunions sans passer pour la dernière des feignasses impolies.

    Cela s’appelle AutoLeaveMeeting et comme son nom l’indique, ça vous permet de vous barrer automatiquement lorsque la réunion se termine. L’outil surveille si du son provient de Zoom, Teams, Skype, Webex Meetings…etc. Et dès que plus personne ne cause ou qu’il y a un gros blanc, PAF, ça kill le programme de visioconférences.

    Évidemment, vous pouvez régler le délai de silence acceptable avant la fermeture automatique du soft.

    Comme ça, vous pouvez vous barrer faire autre chose, ou ne plus prêter attention à la réunion et au logiciel de Visio-conf et vous déconnecter comme un boss quand c’est terminé.

    Au top ! Si vous avez d’autres astuces pour télétravailleurs en dépression, ça m’intéresse :).

    • chevron_right

      Zoom patches critical vulnerability again after prior fix was bypassed

      news.movim.eu / ArsTechnica · Thursday, 18 August, 2022 - 16:39

    A critical vulnerability in Zoom for MacOS, patched once last weekend, could still be bypassed as of Wednesday. Users should update again.

    Enlarge / A critical vulnerability in Zoom for MacOS, patched once last weekend, could still be bypassed as of Wednesday. Users should update again. (credit: Getty Images)

    It's time for Zoom users on Mac to update—again.

    After Zoom patched a vulnerability in its Mac auto-update utility that could give malicious actors root access earlier this week, the video conferencing software company issued another patch Wednesday , noting that the prior fix could be bypassed.

    Zoom users on macOS should download and run version 5.11.6 (9890), released August 17. You can also check Zoom's menu bar for updates. Waiting for an automatic update could leave you waiting days while this exploit is publicly known.

    Read 2 remaining paragraphs | Comments

    • chevron_right

      Update Zoom for Mac now to avoid root-access vulnerability

      news.movim.eu / ArsTechnica · Monday, 15 August, 2022 - 16:21 · 1 minute

    A critical vulnerability in Zoom for Mac OS allowed unauthorized users to downgrade Zoom or even gain root access. It has been fixed, and users should update now.

    Enlarge / A critical vulnerability in Zoom for Mac OS allowed unauthorized users to downgrade Zoom or even gain root access. It has been fixed, and users should update now. (credit: Getty Images)

    If you're using Zoom on a Mac, it's time for a manual update. The video conferencing software's latest update fixes an auto-update vulnerability that could have allowed malicious programs to use its elevated installing powers, granting escalated privileges and control of the system.

    The vulnerability was first discovered by Patrick Wardle , founder of the Objective-See Foundation , a nonprofit Mac OS security group. Wardle detailed in a talk at Def Con last week how Zoom's installer asks for a user password when installing or uninstalling, but its auto-update function, enabled by default, doesn't need one. Wardle found that Zoom's updater is owned by and runs as the root user.

    The gist of how Zoom's auto-update utility allows for privilege escalation exploits, from Patrick Wardle's Def Con talk.

    The gist of how Zoom's auto-update utility allows for privilege escalation exploits, from Patrick Wardle's Def Con talk.

    It seemed secure, as only Zoom clients could connect to the privileged daemon, and only packages signed by Zoom could be extracted. The problem is that by simply passing the verification checker the name of the package it was looking for (" Zoom Video ... Certification Authority Apple Root CA.pkg "), this check could be bypassed. That meant malicious actors could force Zoom to downgrade to a buggier, less-secure version or even pass it an entirely different package that could give them root access to the system.

    Read 3 remaining paragraphs | Comments

    • chevron_right

      On a testé la solution d’Apple pour transformer son iPhone en webcam

      news.movim.eu / Numerama · Sunday, 24 July, 2022 - 14:04

    macOS Ventura et iOS 16, qui sortiront cet automne, introduisent une nouvelle capacité nommée « Continuity Camera ». Elle permet de faire passer l'appareil photo de son iPhone pour une webcam, afin de l'utiliser dans les applications dédiées aux appels vidéo. [Lire la suite]

    Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

    • chevron_right

      Critical Zoom vulnerabilities fixed last week required no user interaction

      news.movim.eu / ArsTechnica · Thursday, 26 May, 2022 - 00:10

    Critical Zoom vulnerabilities fixed last week required no user interaction

    Enlarge (credit: Zoom)

    Google's Project Zero vulnerability research team detailed critical vulnerabilities Zoom patched last week making that made it possible for hackers to execute zero-click attacks that remotely ran malicious code on devices running the messaging software.

    Tracked as CVE-2022-22786 and CVE-2022-22784, the vulnerabilities made it possible to perform attacks even when the victim took no action other than to have the client open. As detailed on Tuesday by Google Project Zero researcher Ivan Fratric, inconsistencies in how the Zoom client and Zoom servers parse XMPP messages made it possible to "smuggle" content in them that usually would be blocked. By combining those flaws with a glitch in the way Zoom’s code-signing verification works, Fratric achieved full code execution.

    “User interaction is not required for a successful attack,” the researcher wrote. “The only ability an attacker needs is to be able to send messages to the victim over Zoom chat over XMPP protocol.” Fratric continued:

    Read 2 remaining paragraphs | Comments

    index?i=-eIkQ3zIk8A:kzTKzhMAbfU:V_sGLiPBpWU index?i=-eIkQ3zIk8A:kzTKzhMAbfU:F7zBnMyn0Lo index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
    • chevron_right

      Zoom vend un outil pour analyser nos émotions, et ça ne plaît pas à tout le monde

      news.movim.eu / Numerama · Saturday, 14 May, 2022 - 09:35

    Le logiciel de visio-conférence a lancé un programme d'analyse par intelligence artificielle des émotions. Le projet est très mal reçu, et s'appuie sur de nombreux points problématiques. [Lire la suite]

    Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

    • chevron_right

      Il est possible d’usurper Google Docs ou Zoom pour hacker quelqu’un

      news.movim.eu / Numerama · Friday, 13 May, 2022 - 17:45

    Google Docs

    Des experts en cybersécurité ont découvert que les URL personnalisés de Google Docs, Zoom ou Box peuvent être copiés ou modifiés à volonté. Un pirate informatique pourrait envoyer un lien sans que la victime suspecte un piège dans l'adresse. [Lire la suite]

    Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

    • chevron_right

      Helpful advisory in job description

      debacle · Thursday, 27 May, 2021 - 08:00 edit

    In some work environments it is - unfortunately - not yet possible to avoid the use of certain shady, non-free services. Even in the area of #freesoftware. Of course, many of us would prefer not to use #Zoom or #Slack etc.

    Still, many #job description do not contain any hint, that such tools are used at work. (I'm not looking for a job, so I might have missed a new trend here.) Therefore kudos to #OTS (Open Tech Strategies) for including this warning in their job posting on the #Debian jobs mailing list:

    Please note that some of our clients use proprietary communications tools, e.g., Zoom, Google Docs, Slack, etc, and therefore applicants need to be willing to use such tools when interacting with those clients.

    https://lists.debian.org/debian-jobs/2021/05/msg00001.html

    Nice!