In This Issue


Zoom video conferencing on Mac has a massive privacy hole

Looks like there's a large and intentional privacy vulnerability in the Mac version of everyone's favourite video conference app, Zoom. From The Verge, "any website can open up a video-enabled call on a Mac with the Zoom app installed" - get someone to visit your website and you've got access to their webcam! It's possible because "the Zoom app apparently installs a web server on Macs that accepts requests regular browsers wouldn't. In fact, if you uninstall Zoom, that web server persists and can reinstall Zoom without your intervention". All the technical details of this vulnerability is available in a blog post by Jonathan Leitschuh.

Android apps manage to sniff private data off your device even if you tell them not to

A study of 88,000 apps on the Google Play Store found that over 1,000 of them still manage to get personal info out of your device, even if you specifically block them from doing so. One example was the Shutterfly app, which was sending location data of all your photos back to their servers despite having GPS disabled. Another example are apps searching unencrypted data on an SD card for personal info other apps that do have access placed there. The study's intro is only a page long and will make you go into deep tinfoil hat privacy nutter territory.

Instagram adds new moderation tools to combat cyberbullying

Instagram is rolling out some “new” moderation tools to keep the mongrel users away. First up, Insta's gonna use some artificial intelligence black box algorithm to detect if the message you're gonna post is mean and if it is, tell you to reconsider posting it. Instagram is also going to implement one of my favourite features from the vBulletin forum days - shadow banning. Whoever gets shadow banned can post a bunch of shit but nobody sees it, effectively leaving them to yell into the digital void for eternity. It was incredibly effective on old school forums, will probably work well on Instagram too.

Not News

The free version of Slack hoards all your messages and isn’t very secure

Seeing as this issue is full of info sec related bullshit, here's a thought experience - how much shit would you be in if the contents of your Slack channels got leaked and were released to the public without any context? Unknown to me, Slack keeps everything you say in a free Slack channel, despite only showing the last 10,000 messages. Oh and it's all unencrypted too (that costs extra). I have a few informal Slack channels that are pretty much me and some mates shooting the shit and talking crap that if got loose would be very embarrassing. Maybe I shouldn't type things into Slack I'd regret being made public.


🎶 Shark Fin Blues - The Drones

😁 The Sizzle is curated by Anthony "@decryption" Agius and emailed every weekday afternoon. Join us on Slack and chat with other Sizzle subscribers.

The Sizzle is created on Wathaurong land and acknowledges the traditional owners of country throughout Australia, recognising their continuing connection to land, water and community. I pay my respect to them and their cultures and to elders both past and present.​