fmaury/seirdy.one
1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-11-10 00:12:09 +00:00
Code Issues Projects Releases Wiki Activity

fix bad microdata

Browse source
This commit is contained in:
Rohan Kumar 2022-10-27 11:20:19 -07:00
parent 491ba7a48e
commit eb0ca616c6
No known key found for this signature in database
GPG key ID: 1E892DB2A5F84479
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
content/posts/floss-security.md
View file

@ -114,7 +114,7 @@ For more information, we turn to [**core dumps**](https://en.wikipedia.org/wiki/
In 2020, Zoom Video Communications came under scrutiny for marketing its "Zoom" software as a secure, end-to-end encrypted solution for video conferencing. Zoom's documentation claimed that it used "AES-256" encryption. Without source code, did we have to take the docs at their word?
{{<mention-work itemtype="TechArticle">}}<a itemtype="https://schema.org/Organization" itemprop="publisher" href="https://citizenlab.ca/">The Citizen Lab</a> didn't. On <time class="dt-published published" itemprop="datePublished">2020-04-03</time>, it published {{<cited-work url="https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/" name="Move Fast and Roll Your Own Crypto" extraName="headline">}} (<span itemprop="encodingFormat">application/pdf</span>){{</mention-work>}} revealing critical flaws in Zoom's encryption. It utilized Wireshark and [mitmproxy](https://mitmproxy.org/) to analyze networking activity, and inspected core dumps to learn about its encryption implementation. The Citizen Lab's researchers found that Zoom actually used an incredibly flawed implementation of a weak version of AES-128 (ECB mode), and easily bypassed it.
{{<mention-work itemtype="TechArticle">}}<a itemscope="" itemtype="https://schema.org/Organization" itemprop="publisher" href="https://citizenlab.ca/">The Citizen Lab</a> didn't. On <time class="dt-published published" itemprop="datePublished">2020-04-03</time>, it published {{<cited-work url="https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/" name="Move Fast and Roll Your Own Crypto" extraName="headline">}} (<span itemprop="encodingFormat">application/pdf</span>){{</mention-work>}} revealing critical flaws in Zoom's encryption. It utilized Wireshark and [mitmproxy](https://mitmproxy.org/) to analyze networking activity, and inspected core dumps to learn about its encryption implementation. The Citizen Lab's researchers found that Zoom actually used an incredibly flawed implementation of a weak version of AES-128 (ECB mode), and easily bypassed it.
Syscall tracing, packet sniffing, and core dumps are great, but they rely on manual execution which might not hit all the desired code paths. Fortunately, there are other forms of analysis available.