As the company has moved to address these issues, having a team of encryption experts on staff should help the company build a more secure product. The company has faced a number of security issues in the last couple of months as demand as soared and exposed some security weaknesses in the platform. Keybase, which has been building encryption products for several years including secure file sharing and collaboration tools, should give Zoom some security credibility as it goes through pandemic demand growing pains. So Zoom is enlisting Keybase, which has experience managing encryption keys over the internet.Zoom announced this morning that it has acquired Keybase, a startup with encryption expertise. Initially, our single top priority is helping to make Zoom even more secure. Previously, Zoom was using an inferior type of encryption using 128-bit AES keys, however, Zoom’s 5.0 update added support for industry-standard AES- GCM with 256-bit keys. Since 2017, Keybase has been offering its own end-to-end encrypted chat system, which works on PCs. There are no specific plans for the Keybase app yet. Now Zoom is buying Keybase, it can brush off blows from rivals Microsoft Teams and Google Meet, which have both been trying to capitalize on Zoom’s security misfortunes. A serious flaw in Zooms Keybase secure chat application left copies of images contained in secure communications on Keybase users computers after they were supposedly deleted. “If Zoom basically can take Keybase's architecture and encryption technology and quickly implements it, it's a huge win,” says Ian Thornton-Trump, CISO at Cyjax. “Sometimes it's easier to buy your way out of a security problem.” MORE FROM FORBES Zoom's 200 Million Users Are Facing A Serious New Threat By Kate O'Flaherty Flaws in Zoom’s Keybase App Kept Chat Images From Being Deleted. Flaws in Zoom’s Keybase App Kept Chat Images From Being Deleted. "Zoom's privacy updates have certainly been of interest lately and this new add on is by no means a small one,” says Jake Moore, cybersecurity specialist at ESET. “In fact it brings it back up in line with other more security and privacy focused companies.”Ī bold move by Zoom, and it perhaps its most significant so far. Hopefully Zoom will bring end-to-end encryption to the entire user base, including free users. Currently I wouldn’t recommend Zoom for very sensitive meetings or chats, but with end-to-end encryption that could change.Chicksdaddy writes: The Security Ledger reports that a flaw in Zoom's Keybase secure chat application left copies of images contained in secure communications on Keybase users' computers after they were supposedly deleted, according to researchers from the security research group Sakura Samurai. The flaw in the encrypted messaging application, CVE-2021-23827 does not expose Keybase users to remote compromise. Keybase offers an end-to-end encrypted chat and cloud storage system. However, it could put their security, privacy and safety at risk, especially for users living under authoritarian regimes in which apps like Keybase and Signal are increasingly relied on as a way to conduct conversations out of earshot of law enforcement or security services. I firstly found this app on the Zoom App Marketplace and I got rapidly convinced. It comes as millions of users have flocked to apps like Keybase, Signal and Telegram in recent months. Sakura Samurai researchers Aubrey Cottle, Robert Willis, and Jackson Henry discovered an unencrypted directory, /Cache, associated with the Keybase client that contained a comprehensive record of images from encrypted chat sessions. In a statement, a Zoom spokesman said that the company appreciates the work of the researchers and takes privacy and security 'very seriously.' The application used a custom extension to name the files, but they were easily viewable directly or simply by changing the custom file extension to the PNG image format, researcher John Jackson told Security Ledger. 'We addressed the issue identified by the Sakura Samurai researchers on our Keybase platform in version 5.6.0 for Windows and macOS and version 5.6.1 for Linux. Users can help keep themselves secure by applying current updates or downloading the latest Keybase software with all current security updates,' the spokesman said. In zoom keybase app chat images software# In most cases, the failure to remove files from cache after they were deleted would count as a 'low priority' security flaw. However, in the context of an end-to-end encrypted communications application like Keybase, the failure takes on added weight, Jackson wrote. In zoom keybase app chat images windows#.In zoom keybase app chat images software#.In zoom keybase app chat images update#.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |