Subj : Zoom anyone?
To : Richard Menedetter
From : August Abolins
Date : Sat May 09 2020 11:13 pm
Hello Richard!
** On Sunday 03.05.20 - 08:52, Richard Menedetter wrote to Borax Man:
RM> I go to my website and can do videoconferences.
RM> On Linux, Windows, whatever.
RM> No need to install anything. GREAT!
[snip]
RM> And simply pointing your browser at a URL to start your videoconference
RM> is a GREAT way, when compared to having to install a dedicated app for
RM> something that you might only use occasionally.
It is prudent to not allow web apps control hardware on your pc:
https://www.theregister.co.uk/2020/04/07/apple_safari_camera_hack/
" The increasing capability of applications that run in the browser means
that web browsers have extensive permissions which are then guarded by the
browser, not the operating system. If you have given Safari permission to
access the camera in order to use the likes of Skype or Zoom, then it is
Safari that controls whether or not a malicious site gets those same
permissions. "
" A bit of work with browser history and iFrames, and "we now have a
sandboxed iframe with the blob://skype.com href and arbitrary JavaScript
content. A simple window.open() popup is the final step to glory," said
Pickren - glory being in this case a payout for him, and a reminder to the
rest of us that giving the web browser super powers is not without risk. "
../|ug
--- OpenXP 5.0.43
* Origin: (2:221/1.58)