recentpopularlog in

Response to Video-On Concern - Zoom Blog
Setting aside the rank stupidity of the implementation, this is pretty much a textbook case of how not to respond to a security disclosure by a researcher.
Pitch-perfect: bungled response ("security guy is out, we'll let him know"), adversarial response to researcher, dissembling explanations (borderline ludicrous, frankly), bungled release, releasing a regression, tone-deaf and defensive public messaging, and advertising their commitment to hiding their security issues.
All of which is evidence that they didn't really have a response plan.

Fortunately they managed to avoid: threatening/initiating a lawsuit, typically a c/d, against the investigator and condemning the infosec community in general.
zoom  privacy  infosec  security 
11 days ago by po

Copy this bookmark:

to read