I spend a good deal of my time reviewing the security of software — mainly the cryptography parts these days. I could thus tell you some stories about bad practice, but I won’t.
But today I have seen one of the worst implementations of security, and where lazy developers have simplified something, in order to make things simple for themselves. . Often security is seen as secondary, and the Zoom zero-day vulnerability is one of the worst I have seen [here].
Basically, Zoom installs a Web server on your computer, and which runs on port 19421:
meuser@MacBook-Pro-3:~/Downloads$ lsof -i :19421COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ZoomOpene 632 meuser 7u IPv4 0xae3b325b7648aa7 0t0 TCP localhost:19421 (LISTEN)
An NMAP scan doesn’t pick it up:
meuser@MacBook-Pro-3:~/Downloads$ nmap 127.0.0.1Starting Nmap 6.40 ( http://nmap.org ) at 2019-07-09 11:52 BST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0047s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
88/tcp open kerberos-sec
445/tcp open microsoft-ds
548/tcp open afp
631/tcp open ipp
1023/tcp open netvenuechat
49165/tcp open unknown
