Jul 22, 2019 Let’s Talk About Collaboration Security
Recent stories should cause organizations to take another look at collaboration security.
The focus of the collaboration industry over the last few weeks has been around security.
The firestorm started when security researcher Jonathan Leitschuh published a detailed write-up covering vulnerabilities he had discovered in the Zoom video conferencing service that allowed for potential denial-of-service attacks, unwanted joining of meetings (potentially with microphone and camera activated), and perhaps most disturbingly, a resident Web server that was left behind on uninstall, enabling the re-installation of the Zoom client, and the joining of a person to a Zoom meeting, without a user’s consent.
No Jitter’s Beth Schultz covered the story, and Zoom’s response here while contributor and fellow analyst Dave Michels, of TalkingPointz, provided a thoughtful look back at Zoom’s response and the continued questions raised by the incident here.
The security stories continued last week with Slack’s announcement that it was resetting all user passwords for accounts it believes were compromised in a 2015 data breach, and a new post by Cisco Distinguished Security Engineer Jeremy Laurenson on how allowing guest accounts with Microsoft Teams means organizations lose control of data shared into someone else’s Teams instance. Jeremy’s post echoes concerns related to guest accounts that I touched on in a No Jitter post back in May 2018.
Read the rest of this post at NoJitter.com