Zoom security bug lets attackers steal Windows passwords

AChafukira • April 9, 2020

Zoom , the videoconferencing software that’s skyrocketed in popularity as much of the globe sits at home due to the  coronavirus outbreak , is quickly turning into a privacy and security nightmare.

BleepingComputer  reports about a newly found vulnerability in Zoom that allows an attacker to steal Windows login credentials from other users. The problem lies with the way Zoom’s chat handles links, as it converts Windows networking UNC (Universal Naming Convention) paths into clickable links. If a user clicks on such a link, Windows will leak the user’s Windows login name and password.

The good thing is that the password is hashed; but the bad thing is that it is in many cases simple to reveal it using password recovery tools such as Hashcat.

The vulnerability was first found by security researcher  @_g0dmode  and verified by security researcher  Matthew Hickey. Additionally, Hickey told the news outlet that this vulnerability can be used to launch programs on a victim’s computer when they click on a link, though Windows will (by default) at least give a security warning before launching the program.

As far as security vulnerabilities go, this one is pretty bad, as it doesn’t require a lot of knowledge to exploit. It does require the victim to actually click on a link, and it can be mitigated by tinkering with Windows’ security settings, but it’s definitely something Zoom should fix by changing the way the platform’s chat handles UNC links.

In the meantime, for a quick fix, go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers and set to “Deny all”.

Mashable has contacted Zoom for comment on this story, and we’ll update it when we hear back.

This is not the only privacy/security-related issue that has been unearthed at Zoom in the past couple of weeks. Just yesterday, The Intercept  reported  that Zoom doesn’t actually use an end-to-end encrypted connection for its calls, despite claiming to do so. There’s also the  issue  of leaking users’ emails and photos to unrelated parties, and the fact that the company’s iOS app, until recently,  sent data to Facebook  for no good reason.

Zoom software also has a couple of  worrying  privacy features, and although this isn’t Zoom’s fault, it’s worth noting that  hackers  are using the app’s newfound popularity to trick users into downloading malware.

CREDITS:  STAN SCHROEDER | Mashable

Selling Houses While Black

By Olga Labovich January 18, 2023
About 6 percent of real estate agents and brokers in the United States are Black. Their white peers make almost three times as much, according to data and surveys. Tye Williams feels the heat. It’s 95 degrees out, and the North Carolina sun is beating like a drum. He’s in a full suit and tie Continue Reading The post Selling Houses While Black appeared first on National Association of Real Estate Brokers.

NAREB releases Annual State of Housing in Black America report at Black Wealth Summit featuring Lawmakers, Agency Heads, Policymakers & Experts

By Olga Labovich November 30, 2022
WHO: U.S. Senator Sherrod Brown (D-OH) Lydia Pope, President NAREB Alanna McCargo, President, Ginnie Mae Lisa Rice, President & CEO National Fair Housing Alliance Sandra Thompson, Director, Federal Housing Finance Agency Teresa Bryce Bazemore, CEO, Federal Home Loan Bank of San Francisco Katrina Jones, VP, Racial Equity Strategy & Impact, Fannie Mae Pamela Perry, VP, Continue Reading The post NAREB RELEASES ANNUAL STATE OF HOUSING IN BLACK AMERICA REPORT AT BLACK WEALTH SUMMIT FEATURING LAWMAKERS, AGENCY HEADS, POLICYMAKERS & EXPERTS appeared first on National Association of Real Estate Brokers.

Reckoning with the past: Associations apologize for discriminatory practices

By Olga Labovich November 14, 2022
The California Association of Realtors is the most recent association to express regrets for past practices that marginalized groups based on race or ethnicity. Key points: Real estate associations in Atlanta, Minneapolis, Chicago and St. Louis have also offered formal apologies for past discriminatory practices. Practices and policies included endorsing restrictive covenants and redlining, making Continue Reading The post Reckoning with the past: Associations apologize for discriminatory practices appeared first on National Association of Real Estate Brokers.

NAREB: Supporting ‘Democracy In Housing’ for consumers, agents

By Olga Labovich November 14, 2022
Lydia Pope, who leads the National Association of Real Estate Brokers, discusses narrowing the racial gap in homeownership and opening doors for Black agents Key points: NAREB, founded in 1947, is the nation’s oldest trade association for Black real estate professionals. ‘Our goal is equal housing,’ said Pope, whose own real estate career spans nearly Continue Reading The post NAREB: Supporting ‘democracy in housing’ for consumers, agents appeared first on National Association of Real Estate Brokers.

Clyburn Re-Ups Support For G.I. Bill Restoration Act On This Veteran’s Day

By Olga Labovich November 11, 2022
Americans disagree on many social issues, but one we’re strongly united on is appreciation for our fellow countrymen and women who have served in our nation’s military – especially today, Veteran’s Day. It’s likely that the greatest expression of gratitude our nation has ever given to those who have worn the uniform is the Servicemen’s Readjustment Continue Reading The post Clyburn Re-Ups Support For G.I. Bill Restoration Act On This Veteran’s Day appeared first on National Association of Real Estate Brokers.

When the demography of the members is considered

By Olga Labovich October 15, 2022
Our mission at Bankrate is to assist our clients in making smarter monetary decisions. Apart from ensuring every editorial policy is met, we have referenced some of our products from our partners in this post. We have explained how we generate revenue here. The National Association of Real Estate Brokers (NAREB) is a trade network Continue Reading The post When the demography of the members is considered appeared first on National Association of Real Estate Brokers.

What is a Realtist?

By Olga Labovich September 15, 2022
Whether you’re looking to buy or sell a home, you’ll see a wide range of terms attached to professionals who can help with the transaction. As you work to understand the difference between a broker and an agent, you may also wonder what a Realtist does. What is a Realtist? A Realtist is a real estate Continue Reading The post What is a Realtist? appeared first on National Association of Real Estate Brokers.

What is the National Association of Real Estate Brokers (NAREB)?

By Olga Labovich September 14, 2022
The National Association of Real Estate Brokers (NAREB) is a trade organization and network of Black real estate professionals known for promoting “democracy in housing” and advocating for public policies that “protect and expand sustainable homeownership.” The organization’s members, who go by the title of Realtist, are spread throughout chapters across the United States. NAREB’s Continue Reading The post What is the National Association of Real Estate Brokers (NAREB)? appeared first on National Association of Real Estate Brokers.

NAREB Calls on White House and Congress to Boost Black Homeownership and Close Wealth Gap

By Olga Labovich September 7, 2022
Organization Will Hold Elected Officials Accountable The National Association of Real Estate Brokers (NAREB) called on the White House and Congress to enact legislation aimed at increasing Black homeownership after provisions approved by the House were excluded from the Inflation Reduction Act, which Congress passed and was signed into law by President Biden. Rep. Maxine Continue Reading The post NAREB Calls on White House and Congress to Boost Black Homeownership and Close Wealth Gap appeared first on National Association of Real Estate Brokers.

For 75 Years, NAREB Has Advocated for Black Homeownership

By Olga Labovich August 2, 2022
Annual Convention Returns to Tampa Where Organization was Founded The National Association of Real Estate Brokers (NAREB) kicks off its national convention in Tampa this week, as the organization celebrates its 75th anniversary. Founded in 1947 with the goal of securing equal housing opportunities for all Americans, NAREB advocates for policies and practices that increase Continue Reading The post For 75 Years, NAREB Has Advocated for Black Homeownership appeared first on National Association of Real Estate Brokers.
More Posts
Share by: