Skip to main content

How to Mitigate Zoom Hijacking



While in a Zoom meeting for assisting students during a turbulent time, after about 20 minutes, it was quickly taken over by 'pranksters' with inappropriate images.

There was a flurry of the event hosts trying to pull up the settings to remove the troublemakers. The meeting was quickly retooled to put everyone on mute for the next round.

A lot of people have been quickly thrust into this world of web conferencing, and selected Zoom, a software that works, but with little to no security. There's certainly no end to end encryption. 

Why is this serious? Because video streaming uses UDP packets, and an attacker doesn't need all of them to get the gist of the information being transferred.

I don't want to see people scramble to reestablish professionalism, so I made a quick guide.

I downloaded this spyware Zoom onto a test phone and laptop to set up a test meeting:

Auphelia Degardess is the name of the phone, and the one with the visual of myself. Mirren Vuilaassen is the laptop. In retrospect, I should have used plainer names. I enjoy fake names.

This setup is having the laptop (Mirren) be the meeting host.


The yellow outline indicates  someone who is talking. What If I'm saying something inappropriate, like "We don't have to be best friends for me to give you a job referral?"


Absolutely barbaric, I know.

Right click, stop video. 

What if I share something inappropriate to the group, such as...

That's Coco.

See the green bar at the top? That is toggled by pressing the ALT key.


Hit 'View Options' and 'Stop Participant's Sharing'


What if they are acting foolish in the chat room?




Forgive my misspelling.

Thing is, you can't delete messages in there, not that I've found. You can remove the perpetrator.


A small option that says 'remove' will appear over guests.


Bye!


If Auphelia tries to return, they will not be able to.


There are some other, simple rules you can follow, such as private meeting rooms and sending your links privately to people you want to join. As someone who has been on the internet far too long, there are other ways to know if someone who enters your chat is about to be a pain:

A big one is someone going "I have a question" - If someone is stalling for the 'joke', they're probably going to say something inappropriate.

Don't hesitate to push people out quickly. If they wanted to stick around, they should have behaved properly.

(By the way; I was extremely serious about my Zoom Bouncer concept.)
Protect your Parents -

Comments

Popular posts from this blog

Azure Networking Options - Core Cloud Services

I have done a lot of AWS things on here. Time to give Azure some attention. After all, since employers don't think Cisco or COMPTIA certifications are important, maybe Microsoft ones are?

First, let's really think about why these are the two biggest cloud services providers in the world:

They've been doing internet things for a long time.Amazon launched in 1995, a virtual bookstore.
Microsoft, well, you know. 

They've lived, breathed, and frankly, created, infrastructure that we use today, that they're selling to us today. Of course the Store of Everything and the Company of Everything would encourage us to put everything in their hands.

Also: Azure has a lot less silly names for modules. Important. I appreciate straightforwardness.


I said 'a lot less', not '100% sensible names'

Microsoft has a clear set of Azure Fundamentals that anyone can interact with. Let's talk about networking basics, basically to say, again, "Hi, employers, I have an …

Grace Hopper Celebration 2019 (GHC19)

From Aicha Evans' speech at the Keynote.
September 6th - I receive an email from Anita B Organization, saying "We read your application, we like your website, and here's a free ticket to GHC 2019 in Orlando, Florida!"


After a few more questions, it seemed everything was on the up and up, and so I accepted - and that's what this post is about!

For those who don't know, Grace Hopper Celebration is the largest gathering of Women in Technology in the world.

On a personal note, This is the first trip I've taken without my parents. Sure, they've left me behind to go on vacations, but I've never left them. I was totally worried! But you know what happened?

I met a lot of cool people in Orlando, learned a lot of neat things, and had a blast just walking around airports for upwards of 8 hours.

New Delta Sky Club on Wikimedia I really, really love airports! And I survived.

I know in the past, I've wormed my way out of jobs despite being interested simpl…

Search and Infiltrate: How to Deeply Investigate a Company's People

Latest Update - 12/2/2019


This is a bit of an impromptu post after reading this article.

I had a small thread about this on Twitter, a blog post is a lot better to get the information out in a clear way.

Have you ever used Recruitin.net, came across a group of people who match Your Dream Company, Dream Location, and do your Dream Job on LinkedIn...and they're not active?

What was the POINT, am I right?  A place for professionals to network, but they're not active ...because they have a job to do! You want to be like that!

Unfortunately, in this day and age, unless you have a 'relationship' with someone, they're not going to help you.

Hm. 

(Note: 'relationship' is different than relationship).

I'm not here to talk bad about recruiters - They have a difficult job, I know I couldn't do it! - And even they want a relationship before they place you somewhere, competency be damned.

What do you do instead?

This:

(Note; I'm using my own URL for this an…