For the folks who are setting up Zoom for communication and Ellen Degeneres' Game of Games show, please read.
I noticed a lot of people using the app and decided to test it out today on my Windows computer and Android phone. Of course I did a search to check out what other tech sites had to say and found this article from Bleeping Computer.
The app can still be installed and used safely on a Windows computer, but there are extra steps that you must take when installing the program. Bleeping Computer details them in the article.
Unfortunately, Zoom Video Communications doesn't seem to mention any of this on their web site, or their Facebook page. I did a search for "unc path injection" and came up blank on their support page. In addition there's this from BleepingComputer:
"BleepingComputer has contacted Zoom about this vulnerability but has not heard back at this time."
So, yeah. There are better options out there for Windows users. I'll be experimenting today and let you know what I find.
Helpful tip for internet safety!
If you get an email or message that asks you to click on a link to log on to an account (anywhere):
Don't click on the link inside the email or message. Go to the website by clicking directly on a bookmarked link (if you have one) or typing in the original site address into your address bar as shown below and log in.
Going to the website from a bookmark or typing the web address into your URL bar is your best bet. If there is a message for you, it will more than likely be waiting for you at the web site. If not, go through the original web site to find customer service and ask about the email or message.
This is not a foolproof method: You can also click on the email's header to get the information you need to determine if it is from a false sender. I've provided two examples below - One real (Microsoft) and one false (eHarmony). The eHarmony is an egregious example of a fake email.
But, that is not a foolproof method. You can't always tell who sent the email if it has been anonymized, so be careful if you chose to use it.
Ars Technica has a great article on parsing down email headers. It's a ton of information. Normally we leave it to our email servers to do the heavy lifting when it comes to spam and malicious emails. They can parse and sort better and faster than we can. Check out the article on Ars Technica if you are interested in how email sorting works. It's good and it has changed a lot since the early days of the internet.