On Zoom

7/10/19: I do not use Zoom. Zoom installing a hidden web server that would could automatically launch video calls and would not get uninstalled with app, in fact it seems it would stay active and automatically install the app upon clicking on links to zoom calls. This is forcibly fixed by an Apple silent update (normally reserved for malware). The lax attitude to security does not bode well for the future.

Update 3/27/20: Zoom sharing data with Facebook without letting users know, and even for non-Facebook users; and Zoom attention-tracking, and how admins can track users. This was fixed in the iOS app (my understanding is that only the iOS app was tested for this leak; not sure if the findings apply to the app other platforms).

Update 3/30/20: haven’t had time to read carefully about this alleged bug in Zoom that allows stealing Window passwords 

Update 4/1/20: Zoom redefines the meaning of end-to-end encryption. I haven’t read this report of two more security bugs carefully either, but does not look reassuring; at least some changes to the macOS installer that avoided asking for an admin password have been implemented (4/2/20).

On Adobe, Flash & Reader

Another critical vulnerability in Adobe Flash player, required for example by JHU to take mandatory professional-learning materials. I use an isolated Windows virtual machine on OS X just for Adobe Flash player…and still I wish I did not have to use it, ever. See Steve Jobs’ thoughts on Flash.
Update: now it seems Flash won’t be compatible with Safari anymore…anyone still using it? Some stats here…

You thought Adobe Reader was safe? Here are some news about vulnerabilities

JHU Hub news

You may read the JHU newsletter Hub following this link without being individually tracked by Hopkins, as you are when you click links in the daily e-mails from JHU, where links are all individualized per user (at least, as per Feb. 2017, and at least Jan 2020…).
The webserver serving this page does not belong to JHU, and I believe it does not log outgoing links (as by default, since it does not need to do anything: the webserver serving the target page needs to serve it).

Designed and hosted by Prisma Analytics Inc.