Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Ext] Re: [SECURITY] Utilizing zoom

From: Alexandre Adao <Alexandre.Adao () MORGAN EDU>
Date: Thu, 2 Apr 2020 15:02:38 -0400
In response to the recent security issues with Video Teleconferencing
(VTC), the FBI internet Crime Complaint has released guidance to improve
security while using VTC.

See: FBI Warns of Teleconferencing and Online Classroom Hijacking During
COVID-19 Pandemic
<https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic>
 .

 ZOOM Intends to improve: See:
https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/

More details can be found:
*https://www.us-cert.gov/ncas/current-activity/2020/04/02/fbi-releases-guidance-defending-against-vtc-hijacking-and-zoom
<https://www.us-cert.gov/ncas/current-activity/2020/04/02/fbi-releases-guidance-defending-against-vtc-hijacking-and-zoom>*

Thanks,
--Alex Adao

On Thu, Apr 2, 2020 at 2:52 PM Leber, Dennis E <dleber () uthsc edu> wrote:


Our team conducted a risk analysis of Zoom; attached is our summary. NASA,
Tesla, and others have immediately stopped the use of Zoom.

Dennis E. Leber

Chief Information Security Officer (CISO)

The University of Tennessee Health Science Center
Office of Cybersecurity
877 Madison Ave
6th Floor
Memphis, TN 38163

dleber () uthsc edu
t: 901.448.5848
c: 270.307.1609
https://www.uthsc.edu/its/cybersecurity/
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.uthsc.edu_its_cybersecurity_&d=DwMGaQ&c=0CCt47_3RbNABITTvFzZbA&r=HtvpF_Lhld9M3sO_mZdHw9Ab6uI2MVoIQAAZj4-LRs8&m=NCIWGr8UzIzMLqeWSw3Oh0lAjiDQ53az8hv6iFu5G1Y&s=z-nZGibYM9ulUeKDSrbiqGSY5ZZTiBOhqfB3X9wSK2U&e=>




------------------------------
*From:* The EDUCAUSE Security Community Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Menne, Michael S <
michael.menne () MNSU EDU>
*Sent:* Thursday, April 2, 2020 1:22 PM
*To:* SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
*Subject:* [Ext] Re: [SECURITY] Utilizing zoom

We are using Zoom for telehealth. Zoom has a Healthcare option that
disables recording capability and encrypts chat messages. There may be
other things as well that I'm not aware of.

 I've seen several local providers (including Mayo Clinic) use Zoom for
Telehealth.



On 4/2/20, 1:21 PM, "The EDUCAUSE Security Community Group Listserv on
behalf of Rick DeCaro" <SECURITY () LISTSERV EDUCAUSE EDU on behalf of
Rick.Decaro () LOGAN EDU> wrote:

    +1 for piloting Doxy.me.   We also considered Zoom, Spruce and
Teams.


    Rick DeCaro
    Director of Information Technology | Logan University
    1851 Schoettler Road | Chesterfield, MO 63017
    Phone: (636) 230-1760 | Logan.edu




    -----Original Message-----
    From: The EDUCAUSE Security Community Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Bill Thompson
    Sent: Thursday, April 02, 2020 1:18 PM
    To: SECURITY () LISTSERV EDUCAUSE EDU
    Subject: Re: [SECURITY] Utilizing zoom

    This e-mail was received from an external source. Please be cautious
when replying, clicking links or opening attachments.



    Our counseling center looked at Zoom for Healthcare and decided to
pilot doxy.me instead primarily for the integrated teleconsent feature.

    Best,
    Bill

    On Thu, Apr 2, 2020 at 2:14 PM Mark Reboli <mreboli () misericordia edu>
wrote:
    >
    > Question:  Like most of you we have multiple options for telehealth
and addressing clinical hour needs for our students.  I am looking at the
different options and any concerns with utilizing Zoom over some other
solutions.  Any guidance would be appreciated.
    >
    >
    >
    > Thank you
    >
    >
    >
    > M
    >
    >
    >
    > Mark Reboli
    >
    > Network/Telecom Manager
    >
    > Misericordia University
    >
    > (570) 674-6753
    >
    >
    >
    > This e-mail and accompanying attachments are confidential.  The
information is intended solely for the use of the individual to whom it is
addressed. Any review, disclosure, copying, distribution, or use of this
e-mail communication by others is strictly prohibited. If you are not the
intended recipient, please notify us immediately by returning this message
to the sender and delete all copies. Thank you for your cooperation.
    >
    >
    >
    > **********
    > Replies to EDUCAUSE Community Group emails are sent to the entire
    > community list. If you want to reply only to the person who sent the
    > message, copy and paste their email address and forward the email
    > reply. Additional participation and subscription information can be
    > found at
    >
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww
<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam04.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww&d=DwMGaQ&c=0CCt47_3RbNABITTvFzZbA&r=HtvpF_Lhld9M3sO_mZdHw9Ab6uI2MVoIQAAZj4-LRs8&m=NCIWGr8UzIzMLqeWSw3Oh0lAjiDQ53az8hv6iFu5G1Y&s=tbqnCPTOzdd9xrEMLiqMTD21knmEkvfryo2gS0oVLco&e=>
.
    > educause.edu%2Fcommunity&amp;data=02%7C01%7Crick.decaro%40LOGAN.EDU
%7C
    >
ab6aa00ac3f346dd35f208d7d7323272%7C12b0502287ae4711b25c041c20615f0a%7C
    >
0%7C0%7C637214482910331728&amp;sdata=nOY6jM%2BU6xGn%2B3e42wLgOo866US6B
    > Omk3K%2B32mCvfCM%3D&amp;reserved=0

    **********
    Replies to EDUCAUSE Community Group emails are sent to the entire
community list. If you want to reply only to the person who sent the
message, copy and paste their email address and forward the email reply.
Additional participation and subscription information can be found at
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&amp;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8e3e5a15bc7e4f1dc95808d7d7329f0f%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C1%7C637214484734119332&amp;sdata=8ptcXQxkkSwMEFiafRymKmeisbezmBP9O4zx2IYng7k%3D&amp;reserved=0
<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam02.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.educause.edu-252Fcommunity-26amp-3Bdata-3D02-257C01-257Cmichael.menne-2540MNSU.EDU-257C8e3e5a15bc7e4f1dc95808d7d7329f0f-257C5011c7c60ab446ab9ef4fae74a921a7f-257C0-257C1-257C637214484734119332-26amp-3Bsdata-3D8ptcXQxkkSwMEFiafRymKmeisbezmBP9O4zx2IYng7k-253D-26amp-3Breserved-3D0&d=DwMGaQ&c=0CCt47_3RbNABITTvFzZbA&r=HtvpF_Lhld9M3sO_mZdHw9Ab6uI2MVoIQAAZj4-LRs8&m=NCIWGr8UzIzMLqeWSw3Oh0lAjiDQ53az8hv6iFu5G1Y&s=dTYnztYQXduRFjqsYyTXHBiNPCfTuVCk5ZeZVi-1gp4&e=>

    **********
    Replies to EDUCAUSE Community Group emails are sent to the entire
community list. If you want to reply only to the person who sent the
message, copy and paste their email address and forward the email reply.
Additional participation and subscription information can be found at
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&amp;data=02%7C01%7Cmichael.menne%40MNSU.EDU%7C8e3e5a15bc7e4f1dc95808d7d7329f0f%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C1%7C637214484734129328&amp;sdata=rfaRxNdsecHlDGiAUr9DSWNMPXquGGgu4lSmlFSawzE%3D&amp;reserved=0
<https://urldefense.proofpoint.com/v2/url?u=https-3A__nam02.safelinks.protection.outlook.com_-3Furl-3Dhttps-253A-252F-252Fwww.educause.edu-252Fcommunity-26amp-3Bdata-3D02-257C01-257Cmichael.menne-2540MNSU.EDU-257C8e3e5a15bc7e4f1dc95808d7d7329f0f-257C5011c7c60ab446ab9ef4fae74a921a7f-257C0-257C1-257C637214484734129328-26amp-3Bsdata-3DrfaRxNdsecHlDGiAUr9DSWNMPXquGGgu4lSmlFSawzE-253D-26amp-3Breserved-3D0&d=DwMGaQ&c=0CCt47_3RbNABITTvFzZbA&r=HtvpF_Lhld9M3sO_mZdHw9Ab6uI2MVoIQAAZj4-LRs8&m=NCIWGr8UzIzMLqeWSw3Oh0lAjiDQ53az8hv6iFu5G1Y&s=-XZ4-3a6NJ9CDYcVm9j0Kb6ngAyVsSMWz1XRfJZDC04&e=>


**********
Replies to EDUCAUSE Community Group emails are sent to the entire
community list. If you want to reply only to the person who sent the
message, copy and paste their email address and forward the email reply.
Additional participation and subscription information can be found at
https://www.educause.edu/community
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMGaQ&c=0CCt47_3RbNABITTvFzZbA&r=HtvpF_Lhld9M3sO_mZdHw9Ab6uI2MVoIQAAZj4-LRs8&m=NCIWGr8UzIzMLqeWSw3Oh0lAjiDQ53az8hv6iFu5G1Y&s=MlFBQDL3DR4fPPXUSG_6hTFkPM0MZM1db5A82GXXSo4&e=>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire
community list. If you want to reply only to the person who sent the
message, copy and paste their email address and forward the email reply.
Additional participation and subscription information can be found at
https://www.educause.edu/community
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMGaQ&c=0CCt47_3RbNABITTvFzZbA&r=HtvpF_Lhld9M3sO_mZdHw9Ab6uI2MVoIQAAZj4-LRs8&m=NCIWGr8UzIzMLqeWSw3Oh0lAjiDQ53az8hv6iFu5G1Y&s=MlFBQDL3DR4fPPXUSG_6hTFkPM0MZM1db5A82GXXSo4&e=>




-- 
=============================================
Alexandre Magno Adão
Interim Chief Information Security Officer
Morgan State University (CGW 300k)
Division of Information Technology (DIT)
443-885-4415 Office
443-803-3154 Cell
<http://www.morgan.edu>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community
Previous By Date Next
Previous By Thread Next

Current thread: