变焦对焦
背景 (The Background)
Since my last article, the world has massively changed. Some changes are for the better; some, not so much. On the bright side, people have suddenly realized that we’re all “internet locals” now, so we can hang out together virtually and do some really cool stuff! Musicians are doing free concerts or assembling distributed recordings into neato ukelele videos; adults are attending virtual game nights, artists are creating cool artwork, teachers are porting their classwork into virtual classes and much, much more.
自从我上一篇文章以来,世界发生了巨大变化。 一些变化使情况变得更好。 一些,不是很多。 好的一面是,人们突然意识到我们现在都是“互联网本地人”,因此我们可以虚拟地闲逛并做一些非常酷的事情! 音乐家正在做免费音乐会或将分发的唱片组合成尼托乌克丽丽的视频 ; 成人正在参加虚拟游戏之夜 ,艺术家正在创作很酷的艺术品,老师正在将他们的课堂内容移植到虚拟班级等等。
And what do most all of these activities have in common right now? That’s easy: Zoom. Zoom is the name of the application that helps folks to meet-up virtually, video chat, and broadcast webinars. It’s kind of like Skype but on steroids and it’s suddenly very, VERY popular.
现在,所有这些活动大多数都有什么共同点? 这很容易:缩放。 Zoom是该应用程序的名称,它可以帮助人们进行虚拟聚会,视频聊天和广播网络研讨会。 它有点像Skype,但在类固醇上非常受欢迎。
Recently, it’s also VERY criticized. A growing chorus of security professionals and educators are reporting that Zoom is, among other things: “ malware”, a “privacy risk”, lying about their meetings being end-to-end encrypted and worse. Here’s a scathing article from CNET. Here’s another from The Washington Post. And one from NPR. And another from Vice.
最近,它也非常受到批评。 越来越多的安全专业人士和教育者汇聚一堂,报告称Zoom除其他因素外还包括:“ 恶意软件 ”,“ 隐私风险 ”,这是因为他们的会议是端到端加密的 ,甚至更糟。 这是CNET的严厉文章。 这是《华盛顿邮报》的另一篇文章 。 还有NPR的一位。 另一个来自副 。
You get the point.
你明白了。
People are fearful, worried and protective of their privacy and it sure does seem like Zoom is trying to undermine it if you read the press and the articles written by security professionals. While I don’t think Zoom is malware, I can’t argue with most of the criticism I’ve linked to. These folks all have a legitimate beef with Zoom and the problems they’ve discovered with the company’s software are real. However, that doesn’t stop me from using the software to teach my improv classes.
人们对自己的隐私感到恐惧,担忧和保护,如果您阅读安全专家的新闻和文章,Zoom似乎确实试图破坏它。 尽管我不认为Zoom是恶意软件,但我无法与我所链接的大多数批评意见相提并论。 这些人都对Zoom持肯定态度,他们在公司软件中发现的问题是真实的。 但是,这并不能阻止我使用该软件教授即兴课程 。
Wait, what?!?
等等,什么?!?
恶意软件与 马虎软件 (Malicious Software Vs. Sloppy Software)
All of the worthy criticism being leveled at Zoom is, honestly, right on schedule. Prior to the pandemic hitting, Zoom was more of a nitch player in the video conferencing market. Then, as soon as millions of people started using their software, it became a target for hackers.
坦率地说,对Zoom提出的所有值得批评的评论都是如期进行的。 在大流行爆发之前,Zoom在视频会议市场上只是一个小人物。 然后,一旦成千上万的人开始使用他们的软件,它就成为黑客的目标。
Only, that’s not unique to Zoom: it happens to ANY popular software title or platform. Frankly, it’s a rite-of-passage and considered a mark that you’ve arrived on the world stage.
只是,这并不是Zoom独有的:它发生在任何流行的软件标题或平台上。 坦白地说,这是一种通行仪式,并被视为您已登上世界舞台的标志。
As hackers started to pick apart the Zoom software and exploit its weaknesses and as security researchers began to uncover some of the application’s shortcomings, it gave the public a chance to see how the company would respond. If it wasn’t clear before — and it should have been — it’s certainly clear now clear from the company’s most recent responses: Zoom didn’t create malicious software designed with malice to harvest user data or expose their users’ privacy. Instead, they took a different, far-less-evil path:
随着黑客开始拆解Zoom软件并利用其弱点,以及安全研究人员开始发现该应用程序的某些缺点,它使公众有机会了解该公司将如何应对。 如果以前(应该是以前)不清楚,现在可以从该公司的最新答复中清楚地知道:Zoom并未创建恶意设计的恶意软件来收集用户数据或暴露用户的隐私。 取而代之的是,他们走了一条不同的,更少邪恶的道路:
They just made sloppy software that was designed for speed.
他们只是制作了为速度而设计的草率软件。
It’s a huge difference and something that’s important for the public to keep in mind. Also — and this is key — they didn’t design their software to be used by every school district and work-from-home employee in the world nearly overnight. But that happened as well. And that kind of explosive growth puts a tremendous strain and spotlight on a company.
这是巨大的差异,对于公众而言,重要的一点是要牢记。 而且-这是关键-他们没有设计自己的软件,几乎是在一夜之间被全世界每个学区和在家工作的员工所使用。 但这也发生了。 这种爆炸性的增长给公司带来了巨大的压力和关注。
So, how did the company respond in the face of all of this pressure?
那么,面对所有这些压力,公司如何应对?
Exactly as security-minded people might have hoped. The company shifted quickly and began deploying security updates and improvements to its product on a regular basis to address their software’s shortcomings. The CEO went public with his desire to hear the complaints, listen to them, and then pivot to address them. The company’s new changes include new security controls, changing their iOS app to not interface with Facebook, hiring Facebook’s previous and well-respected security chief, and a rather massive and transparent update about security from the CEO. I’m guessing more is coming.
就像安全意识强的人们所希望的那样。 该公司Swift采取了行动,并开始定期对其产品进行安全更新和改进,以解决其软件的缺点。 首席执行官公开表达了自己的愿望,希望听取他们的意见,听取他们的意见,然后再解决这些问题。 该公司的新变化包括新的安全控制措施 ,将其iOS应用程序更改为不与Facebook交互 ,聘用了Facebook先前受人尊敬的安全负责人 ,以及首席执行官对安全性进行了相当大规模和透明的更新 。 我猜还会有更多。
Which is to say: the company is listening. And they’re demonstrating by their actions that they’re doing all of the right things. For now.
就是说:公司在听。 他们通过自己的行动证明自己在做所有正确的事情。 目前。
隐私与 安全 (Privacy Vs. Security)
Before we get to how to lock down your Zoom meetings, it’s really important to remember that security and privacy aren’t the same things:
在讨论如何锁定您的Zoom会议之前,请务必记住安全性和私密性不是一回事:
Privacy, as defined by Mirriam Webster, is freedom from unauthorized intrusion. In tech, I’d describe privacy as the desire to feel safe from others monitoring what we’re saying or doing.
根据Mirriam Webster的定义,隐私是免受未经授权的入侵的自由。 在技术领域,我将隐私描述为一种让他人感到安全的愿望,以免他人监视我们在说或做的事情。
Security, as defined by Mirriam-Webster, is measures taken to guard against espionage or sabotage, crime, attack, or escape. In tech, I’d describe security as the hardware, the software, and the behaviors we adopt to help keep our affairs private.
根据Mirriam-Webster的定义,安全是为防止间谍或破坏,犯罪,攻击或逃脱而采取的措施。 在技术方面,我将安全性描述为硬件,软件和我们用来帮助保持私密性的行为。
In other words, privacy is a feeling or a state of being and security is list of actions we take to achieve that privacy.
换句话说,隐私是一种感觉或存在的状态,安全是我们为实现该隐私而采取的行动的清单。
Enacting good security measures to achieve our privacy isn’t a one-size-fits-all approach for those around us. In fact, it’s rarely a one-size-fits-all approach for ourselves: there are many situations in my own life where I need higher levels of security and others where I’m comfortable with less. It’s always a balancing act.
对于我们周围的人来说,采取良好的安全措施来实现我们的隐私并不是一种万能的方法。 实际上,这很少是一种适合自己的方法:在我自己的生活中,有很多情况下我需要更高级别的安全性,而在其他情况下我则需要更少的安全性。 这始终是一种平衡行为。
Sometimes, I need to be productive and efficient, so I’m willing to work with lower levels of security. Much of my basic email falls into this category as I use Google, a company renowned for harvesting data. Other times, I need higher levels of security, because certain aspects of my life require it. Much of my medical and financial affairs fall into this category so I use much more secured forms of communications.
有时,我需要提高生产力和效率,因此我愿意使用较低的安全级别。 当我使用Google(一家以收集数据而闻名)的公司时,我的大部分基本电子邮件都属于此类。 有时,我需要更高级别的安全性,因为我生活中的某些方面都需要它。 我的大部分医疗和财务事务都属于此类,因此我使用了更为安全的通信形式。
And as my long-time readers know, I use a VPN to protect my web browsing privacy from my ISP.
正如我的长期读者所知道的,我使用VPN保护我的ISP免受Web浏览隐私的侵害。
But teaching improv classes on Zoom? Privacy isn’t so important in that, specific context. Neither what I’m teaching, nor the activities I’m undertaking, nor the discussions I’m having with any my students require high-levels of privacy. If hackers were able to watch or overhear my class, all they’d observe would be a bunch of happy people doing fun and silly games with one another.
但是在Zoom上教即兴课程吗? 在那种特定情况下,隐私并不是那么重要。 我所教的内容,所从事的活动或与任何学生进行的讨论都不需要高度的隐私。 如果黑客能够观看或偷听我的课,那么他们所观察到的就是一群快乐的人,他们在互相玩有趣的游戏。
I’m fine with that!
我很好!
But it doesn’t mean I’m not interested in the security of my Zoom meetings. So let’s now take a look at how I implement security on Zoom and how you should as well…
但这并不意味着我对我的Zoom会议的安全性不感兴趣 。 现在,让我们看一下我如何在Zoom上实现安全性以及应该如何做……
Zoom Hacks及其预防方法 (The Zoom Hacks & How to Prevent Them)
第一部分:基础知识 (Part I: The Basics)
Hackers try to find loopholes and exploit weaknesses in any popular software. It’s what they do and they’re very good at it. So expect that. As users, it’s our responsibility to learn how to find and use our software’s security protocols and then set them tightly. It sounds harsh but it’s true:
黑客试图发现漏洞并利用任何流行软件中的弱点。 他们就是这样做的,他们非常擅长。 所以期待。 作为用户,我们有责任学习如何查找和使用我们软件的安全协议,然后对其进行严格设置。 听起来很刺耳,但确实如此:
If you’re hacked and there was an easy way to prevent that hack, then you should have taken the time to learn more about your software before implementing it, especially if you’re using your software to supervise children. Think of security preferences like you would think of seatbelts in your car: they should ALWAYS be on.
如果您被黑客入侵,并且有一种简单的方法可以防止这种黑客入侵,那么在实施软件之前,您应该花点时间了解有关您的软件的更多信息,尤其是在使用软件监督孩子的情况下。 想想安全性偏好,就像您在汽车中想到的安全带一样:应该始终打开安全带。
In fact, before using any piece of software, you should always — ALWAYS! — take the time to explore the preferences to see what’s offered. Start with the Security/Privacy preferences. Many times those preferences get their own category as shown below in the Chrome and Brave browsers and the Discord desktop application:
实际上,在使用任何软件之前,您应该始终-始终如此! —花时间探索首选项,以了解所提供的内容。 从“安全性/隐私”首选项开始。 多数情况下,这些首选项会得到自己的类别,如下所示,这些内容在Chrome和Brave浏览器以及Discord桌面应用程序中显示:
Additionally, turn off ANY feature in your software unless it’s proven safe to use and you’ve taken the time to verify that yourself.
此外,除非已证明使用安全,并且已花时间验证自己,否则请关闭软件中的任何功能。
With that in mind, let’s dive in…
考虑到这一点,让我们潜入……
第二部分:如何最小化或防止黑客入侵 (Part II: How to Minimize or Prevent the Hacks)
The Zoombombing HackThis hack works when malicious hackers join your meeting and use the “screen share” feature of Zoom to share inappropriate content with the rest of your attendees. Not cool.
Zoombombing hack当恶意黑客加入您的会议并使用Zoom的“屏幕共享”功能与您的其他与会者共享不适当的内容时,此hack会起作用。 不酷
Much has been made of this exploit which surprises me because the controls to prevent this have always been available. Click this link, log into your Zoom account if asked, and then click the “In Meeting (Basic)” link as shown. Scroll down to your Screen Sharing preferences and ensure that it’s either deactivated or only turned for YOU (the host) and not for all of your participants. You’ll note that, in my preferences, I’ve not activated the “Disable desktop/screen share for users” preference because I sometimes DO share my screen when I’m hosting a meeting and that preference would prohibit my doing so. Instead, I’ve simply and easily ensured that I’m the only one that can share my screen.
这种漏洞利用已为我带来很多惊喜,因为防止这种情况的控件始终可用。 单击此链接 ,如果出现问题,请登录到您的Zoom帐户,然后单击“正在开会(基本)”链接,如图所示。 向下滚动到“屏幕共享”首选项,并确保已禁用或仅针对您(主持人)而不是所有参与者将其打开。 您会注意到,在我的首选项中,我没有激活“为用户禁用桌面/屏幕共享”首选项,因为有时在主持会议时确实会共享我的屏幕,而该首选项会禁止我这样做。 取而代之的是,我简单,轻松地确保自己是唯一可以共享屏幕的人。
The Virtual Screen HackThis hack works when malicious hackers join your meeting and use the “Virtual background” feature of Zoom. This feature allows users to change their background to ANY image. Malicious hackers can then alter what appears behind them on-screen to share inappropriate content with the rest of your attendees. Also, not cool.
虚拟屏幕黑客该黑客在恶意黑客加入您的会议并使用Zoom的“虚拟背景”功能时起作用。 此功能允许用户将其背景更改为任何图像。 然后,恶意黑客可以更改屏幕上隐藏的内容,以与您的其他与会者共享不适当的内容。 另外,不酷。
Once again, the controls to prevent this hack have always been available. Click the same settings link as above, log into your Zoom account if asked, and then click the “In Meeting (Advanced)” link as shown. Scroll down to your Virtual background preferences and ensure that it’s turned off.
再次, 防止这种黑客入侵的控件始终可用。 单击与上述相同的设置链接 ,如果出现问题,请登录到您的Zoom帐户,然后单击“正在会议(高级)”链接,如图所示。 向下滚动到“虚拟背景”首选项,并确保将其关闭。
The Chat HackThis hack works when malicious hackers join your meeting and use the chat feature of Zoom. If turned on, malicious hackers can send chat messages to you, to some specific person in your meeting or to everyone in your meeting. This also includes the ability to attach any images into the chat room, including those which are inappropriate. Again, super not cool.
聊天黑客该黑客可在恶意黑客加入您的会议并使用Zoom的聊天功能时起作用。 如果打开,恶意黑客可以向您,会议中的某些特定人或会议中的每个人发送聊天消息。 这还包括将任何图像附加到聊天室的功能,包括不合适的图像。 再次,超级不酷。
To prevent this kind of abuse, click the same settings link as above, log into your Zoom account if asked, and then click the “In Meeting (Basic)” link as shown. Scroll down to your Chat preferences and ensure that it’s turned off.
为防止这种滥用, 请单击与上述相同的设置链接 ,如果出现提示,请登录到您的Zoom帐户,然后单击如图所示的“正在开会(基本)”链接。 向下滚动到您的聊天首选项,并确保已将其关闭。
In my case, you’ll see chat is ON, but that’s because I use it a lot in my virtual improv classes.
在我的情况下,您会看到聊天已打开,但这是因为我在虚拟即兴类中经常使用它。
Bonus #1: if you’d like to keep the chat room active but ONLY allow participants to chat with you and not with each other, you can do that by following the instructions here.
红利#1:如果您想保持聊天室的活动状态,但只允许参与者与您聊天而不是彼此聊天,则可以按照此处的说明进行操作。
Bonus #2: if you’d like to keep the chat active but turn OFF file-transfer, you can do that by following the instructions here.
红利#2:如果您希望保持聊天状态但关闭文件传输功能,则可以按照此处的说明进行操作。
The “Your Meeting is Public” HackThis hack works when malicious hackers join your open meeting because you’ve made the god-awful mistake of publishing your link to the general public. Once in your meeting, hackers then do anything possible to disrupt or attack.
“您的会议是公开的”黑客当恶意黑客加入您的公开会议时,此黑客将起作用,因为您犯了一个可怕的错误,即将您的链接发布给公众。 在您开会后,黑客便会采取一切可能的措施来破坏或攻击。
There are two ways to prevent something like this from happening.
有两种方法可以防止此类情况的发生。
NEVER make your meeting link freely available online. Don’t put it on your website, a bulletin board, or in a group email to everyone you know. If you do that, you’re only asking for trouble. Instead, only provide your meeting link to those you know or have vetted in advance. One simple way to do this is to have your attendees register to attend your meeting on another website. I use and love TicketSpice for this very reason.
切勿在线免费提供会议链接。 请勿将其放在您的网站,公告板上或以小组电子邮件的形式发送给您认识的所有人。 如果这样做,您只会自找麻烦。 相反,仅将您的会议链接提供给您事先认识或经过审核的人。 一种简单的方法是让您的与会者注册以参加另一个网站上的会议。 出于这个原因,我使用并喜欢TicketSpice 。
Use Zoom’s “Waiting Room” feature to prevent anyone from joining your meeting until you allow them in. Click the same Zoom settings link as above, log into your Zoom account if asked, and then click the “In Meeting (Advanced)” link as shown. Scroll down to your Waiting room preferences and ensure that it’s turned ON. Then, if someone attempts to join your meeting and you don’t recognize the name: don’t let that person in.
使用Zoom的“等候室”功能可以阻止任何人加入您的会议,直到您允许他们参加。 单击与上面相同的“缩放设置”链接 ,如果被要求登录到您的Zoom帐户,然后单击“进入会议(高级)”链接,如下所示:如图所示。 向下滚动到“候诊室”首选项,并确保已将其打开。 然后,如果有人尝试加入您的会议,而您却不认识这个名字: 请不要让该人加入。
The My Account Info Got Stolen HackThis hack works when malicious hackers manage, through a variety of efforts, to gain access to your Zoom account username and password. If this happens, all of the work you’ve done to protect your users and lock down your account is undermined.
我的帐户信息被窃取黑客通过各种努力进行管理,以获取对您的Zoom帐户用户名和密码的访问权时,此黑客有效。 如果发生这种情况,则保护用户和锁定帐户的所有工作都会受到破坏。
Therefore, use the same advice I mentioned in an earlier Medium article: add two-factor authentication (or “2FA” for short) to protect your Zoom account. Doing this will eliminate nearly every hacker’s ability to log into your account.
因此,请使用与我在先前的中篇文章中提到的建议相同的建议: 添加双因素身份验证(或简称为“ 2FA”)以保护您的Zoom帐户 。 这样做将消除几乎所有黑客登录您的帐户的能力。
Zoom has an easy-to-follow help page on how to do this here but here’s the short version: click this link to visit your Zoom account’s security preferences and scroll down to the 2FA preferences as shown below and turn it on. Make sure to select the “All users in your account” radio button. That will force ANYONE in your organization who shares your Zoom account — something that’s common with business accounts — to also apply 2FA to their login.
Zoom 此处提供了一个易于遵循的帮助页面,有关如何执行此操作,但这是简短版本: 单击此链接可访问您的Zoom帐户的安全首选项,并向下滚动到2FA首选项,如下所示,然后将其打开。 确保选中“您帐户中的所有用户”单选按钮。 这将迫使您组织中共享您的Zoom帐户的任何人(与企业帐户一样常见)也将2FA应用于他们的登录名。
Then, the next time that you — or anyone on your shared account logs in — you’ll be met with the following screen:
然后,下次您(或共享帐户中的任何人)登录时,将看到以下屏幕:
If you’re not familiar with how 2FA works, I highly recommend learning about it more. Here’s a link to my Medium article which does a deeper dive on the topic. The quick overview is this: 2FA uses an application on your smartphone (I use the amazing and free “Authy” app) which provides you with a different 6-digit-code every 30 seconds. This means that, in order for hackers to be able to log into your account, they’d not only need your username/password but they’d also need access to your smartphone.
如果您不熟悉2FA的工作原理,强烈建议您进一步了解2FA。 这是我的中型文章的链接 ,该文章对该主题进行了更深入的探讨。 快速概述如下:2FA使用智能手机上的应用程序(我使用了功能强大且免费的“ Authy”应用程序),该应用程序每30秒为您提供一个不同的6位代码。 这意味着,为了使黑客能够登录您的帐户,他们不仅需要您的用户名/密码, 而且还需要访问您的智能手机。
Not likely.
不见得。
The I’m Lazy HackThis hack works when a software company releases newer, better, and safer versions of their applications but you’ve not taken the time to download and install those updates. When hackers note this — and they can and will — they can leverage security holes in older versions of your software against you.
“我是懒惰的黑客”当软件公司发布其应用程序的更新,更好和更安全的版本,但您没有花时间下载和安装这些更新时,此黑客就可以使用。 当黑客注意到这一点时-他们会并且将会-会利用它们对您的旧版本软件造成安全漏洞。
This is, literally, the laziest mistake of all, so start by downloading the newest version of Zoom here. If you’ve already got the app installed, always click yes if it prompts you to update. If you’re not sure, check: click on your profile pic in the Zoom application and select “Check for Updates” as shown:
从字面上看,这是所有方面中最懒惰的错误,因此,请从此处下载最新版本的Zoom 开始 。 如果您已经安装了该应用,请在提示您进行更新时始终单击“是”。 如果不确定,请检查:在Zoom应用程序中单击您的个人资料照片,然后选择“检查更新”,如下所示:
吸取的教训 (The Lessons Learned)
We’re responsible for the technology we use. In a few rare examples — CleanMyMac & MacKeeper come to mind — the applications we use are designed with malice to hurt our computers and livelihoods. In nearly every case — including Zoom’s! — the software might be buggy, outdated, or require updating but it’s not designed or intended to harm.
我们对使用的技术负责。 在一些罕见的例子中-我想到了CleanMyMac和MacKeeper-我们使用的应用程序是恶意设计的,它们会损害我们的计算机和生计。 在几乎所有情况下-包括Zoom的! —该软件可能存在故障,过时或需要更新,但并非出于故意或故意损害的目的。
You, not the software company, are your last line of defense. Get educated, learn about your apps, and lock them down in ways that protect you and those you serve. That’s true for ANY application on any operating system.
您而不是软件公司是您的最后一道防线。 受过教育,了解您的应用程序,并以保护您和您所服务的方式将其锁定。 对于任何操作系统上的任何应用程序都是如此。
Annnnnnnnnd… that’s a wrap for today’s article, everyone. Thanks for reading. Did I miss a preference you prefer to keep active? Do you disagree or agree with me? Let me know your thoughts & questions in the comments section.
Annnnnnnnnd…,这是今天这篇文章的总结,每个人。 谢谢阅读。 我是否错过了您希望保持活跃的偏好? 你不同意或同意我吗? 在评论部分让我知道您的想法和问题。
As always… surf safe.
一如既往……安全冲浪。
Click here for my guide on how to choose a privacy-focused VPN.If you’re looking to set up a VERY secure iPhone, click here.To learn how to remove your personal data from the web, click here.For a super cool way to NOT give your personal email address to everyone, click here.Click here for a crash course on how to keep your devices updated.
单击此处获取有关如何选择针对隐私的VPN的指南。如果您要设置非常安全的iPhone, 请单击此处 。要了解如何从网络中删除您的个人数据, 请单击此处 。不向所有人提供您的个人电子邮件地址的方法, 请单击此处 。 单击此处以获取有关如何保持设备更新的速成课程。
Originally published at https://techtalk.substack.com.
最初发布在 https://techtalk.substack.com 。
翻译自: https://medium.com/@TheTechTutor/how-to-use-zoom-securely-8db77845c903
变焦对焦