From eb0ca616c6e7fbd9efe8e4224da0e3d3a9ee97c8 Mon Sep 17 00:00:00 2001 From: Rohan Kumar Date: Thu, 27 Oct 2022 11:20:19 -0700 Subject: [PATCH] fix bad microdata --- content/posts/floss-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/posts/floss-security.md b/content/posts/floss-security.md index c850aea..5af986e 100644 --- a/content/posts/floss-security.md +++ b/content/posts/floss-security.md @@ -114,7 +114,7 @@ For more information, we turn to [**core dumps**](https://en.wikipedia.org/wiki/ In 2020, Zoom Video Communications came under scrutiny for marketing its "Zoom" software as a secure, end-to-end encrypted solution for video conferencing. Zoom's documentation claimed that it used "AES-256" encryption. Without source code, did we have to take the docs at their word? -{{}}The Citizen Lab didn't. On , it published {{}} (application/pdf){{}} revealing critical flaws in Zoom's encryption. It utilized Wireshark and [mitmproxy](https://mitmproxy.org/) to analyze networking activity, and inspected core dumps to learn about its encryption implementation. The Citizen Lab's researchers found that Zoom actually used an incredibly flawed implementation of a weak version of AES-128 (ECB mode), and easily bypassed it. +{{}}The Citizen Lab didn't. On , it published {{}} (application/pdf){{}} revealing critical flaws in Zoom's encryption. It utilized Wireshark and [mitmproxy](https://mitmproxy.org/) to analyze networking activity, and inspected core dumps to learn about its encryption implementation. The Citizen Lab's researchers found that Zoom actually used an incredibly flawed implementation of a weak version of AES-128 (ECB mode), and easily bypassed it. Syscall tracing, packet sniffing, and core dumps are great, but they rely on manual execution which might not hit all the desired code paths. Fortunately, there are other forms of analysis available.