| ▲ | lrvick 6 days ago | |||||||||||||||||||||||||||||||
To try to convince my employer at the time to drop Zoom, I decided to see how many security vulns I could find in 2-3 hours. Found 12 confirmed bugs in that window using only binwalk and osint. The worst was that I noticed the zoom.us godaddy account password reset email address was the personal gmail account of Eric S Yuan, the CEO. So, I tried to do a password reset on his gmail account. No 2FA, and only needed to answer two reset questions. Hometown, and phone number. Got those from public data and got my reset link, and thus, the ability to control the zoom.us domain name. They were unable to find a single English speaking security team member to explain these bugs to, and it took them 3 months to confirm them and pay me $800 in bug bounties, total, for all 12 bugs. The one bright side is this did convince my employer to drop them. | ||||||||||||||||||||||||||||||||
| ▲ | jaxefayo 6 days ago | parent | next [-] | |||||||||||||||||||||||||||||||
How long ago was this? A few years ago they were hiring aggressively for security team members in the US, including a dedicated fuzzing team. I’m guessing this was from early on when Zoom was just getting popular? | ||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||
| ▲ | 5 days ago | parent | prev | next [-] | |||||||||||||||||||||||||||||||
| [deleted] | ||||||||||||||||||||||||||||||||
| ▲ | popcalc 5 days ago | parent | prev [-] | |||||||||||||||||||||||||||||||
You're admitting to committing a felony? | ||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||