Profile picture
Will Dormann
@wdormann
, 4 tweets, 3 min read Read on Twitter
@johannh Let's be quite clear here:
Zoom intentionally created a vulnerability to work around a security improvement in Safari. This was done to save the user a single click.
@johannh Also note that because Zoom decided that requiring a single click from the user is unacceptable, the vulnerability that they chose to create as a workaround also means that receiving a simple email can result in your camera and microphone being turned on. Neat.
@johannh And on the Windows side of things, both Internet Explorer and Edge also launch Zoom without prompting (albeit not apparently via a process listening on localhost). Chrome and Firefox behave sanely in that the user is prompted before a 3rd-party application is launched.
@johannh Why do Edge and IE not prompt before launching Zoom, one might ask.
Good question. The installer for Zoom explicitly sets the WarnOnOpen registry value to 0 for the zoommtg protocol. Edge and IE both obey this registry directive, and happily launch the associated app w/o warn.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Will Dormann
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related threads

Profile picture
Nick Wallis
@nickwallis
Morning. Day 17 of the Horizon trial, part of the Bates v Post Office litigation (more info: postofficetrial.com). Last day of cross-examination for expert IT witness Jason Coyne, pictured arriving with a member of Freeths, the claimants’ legal team. Live tweets follow.
Judge starts by handing down judgment number 5 - reasons for decision on awarding costs to claimants re Common Issues trial and refusal to give permission to Post Office to appeal CI judgment.
I have a paper copy and will get an email copy later. I’ll post it up at lunchtime.
Just my regular warning that what I am tweeting is a description and/or summary of what is happening and being said in court. Nothing is a direct quote unless it is in “direct quotes”.
Read 194 tweets
Profile picture
Lemon Slayer
@LemonSlayerUS
Icymi
This is the 176 page "𝙍𝙚𝙙𝙖𝙘𝙩𝙚𝙙 𝙁𝙞𝙣𝙙𝙞𝙣𝙜𝙨 𝙤𝙛 𝙁𝙖𝙘𝙩 𝙖𝙣𝙙 𝙍𝙚𝙘𝙤𝙢𝙢𝙚𝙣𝙙𝙖𝙩𝙞𝙤𝙣𝙨" document on 𝙩𝙝𝙚 𝙉𝙞𝙜𝙚𝙧 𝘼𝙢𝙗𝙪𝙨𝙝 𝙧𝙚𝙥𝙤𝙧𝙩:

esd.whs.mil/Portals/54/Doc…
Interesting tidbit: On page 1 of the redacted Niger Ambush report, while describing members of the investigating team that includes both the @FBI and the @CIA, they redacted the name of a 3rd US IC organization. Namely the @NSAGov .
Read 144 tweets
Profile picture
CSM
@usacsmret
James Comey's Unpaid "Special Government Employee" Daniel Richman... theconservativetreehouse.com/2019/04/23/jam… via @thelastrefuge2
When considering who were the FBI contractors, with special program access to the NSA database, conducting unauthorized searches and extracting results… there’s a specific type of contractor described by FISA Judge Rosemary Collyer.
One who was able to work around the security protocols: “systems …. that do not interface with NSA’s query audit system“. In 2018 congressman Jim Jordan made mention of an issue where James Comey had a special employee on assignment ‘off-the-books’.
Read 9 tweets
Profile picture
Ms. Entropy / سيدة الفتنة
@MsEntropy
“Families of these ISIS terrorists should be held responsible for not turning them in.”
thatismypoint.jpg
Yes, media double standards for “terrorist” acts exist. The record is quite clear.

Here, for example, is some great work done by former colleagues on the subject.

papers.ssrn.com/sol3/papers.cf…
Read 5 tweets
Profile picture
Beth Dean
@bethdean
Gather round friends, enough of you have asked that I'm finally ready to tell the story of how I bought my house from a crazy person. It's important to note, buying a house in the Bay Area is an exhausting and demoralizing process to begin with.
I found a condo in a pretty unique location, and right away it was clear something wasn't right. The view was amazing, but it just looked like the seller wasn't trying. Disinterested agent in the open house, place wasn't staged, toilet seats up in the photos etc.
The disclosures revealed the buyer was in bankruptcy (though he was selling the house, not the bank, important distinction) and the marketing window was short so this was a highly motivate seller. I liked the view and how private it was, so I put in an extremely lowball offer.
Read 33 tweets
Profile picture
Mr. Azam
@mrazamtweet
#b Excellence is overrated, competence is underrated.
Competence is knowing what to do in a situation and how to do it. It is not the same as excellence.
Excellence is dependent on other people, like judges, examiners, teachers, assessors, inspectors, auditors. But we can't control these people and whether they think we're excellent or not.
Read 12 tweets

Trending hashtags

#Büyükçekmece #Oğuzboyunu #Yunan #done #Maya #RussiaWarCrimes #nonmonogamous #b #Göktürk #lineup #histsex #schoolstrike4climate #feeltheeeagle #fanfiction #YourLittleSecret #Jerusalem #Israel #iran_war_Crimes #prop10 #ExtinctionRebellion #bozguna #güneş #r19 #DrlytleNG #DenverBotanicalGardens
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!