A Great User Experience or Security … you can have one or other?

If Companies Can’t Tell The Difference Between End-to-end Encryption and TLS, We Should Be Worried!

--

A couple of weeks ago, I used WebEx only to present my distance learning classes, but now I sit in Zoom meetings for at least six hours per day. For me, it’s just as natural to meet someone over Zoom, as it is to travel to a meeting.

And so times are difficult, and we must come out of this period having learned a whole lot more about the weaknesses in our world. It is likely that this new world will be increasenly driven by technology, but, unfortunately, the methods we are using now are really not fit for building a more trusted and resiliant world.

Perhaps the one thing this week that highlights the smoke-and-mirrors world of technology is that Zoom carried an “end-to-end encryption” icon on their screens. But capturing a network trace from the session shows that it was using just good old (or bad old) TLS, and where the difference between end-to-end encryption and TLS is massive, as the former can be broken within a corporate infrastructure.

How did this pass any form of evaluation? Perhaps Zoom throught that they were actually using end-to-end encryption? If so, we must be worried, as Zoom…

--

--

Prof Bill Buchanan OBE FRSE
ASecuritySite: When Bob Met Alice

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.