Hello, welcome to the Monday, April 6th, 2020 edition of the Sansonet Storms and as Stormcast. My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Late last week, Xavier looked at an interesting word document that had an odd new Line character in the beginning that was then

also used to obfuscate the document, but apparently what it also did is it rendered

it as an invalid document in certain versions of Word.

Now, what we have here is something that's often referred to as the

resiliency principle in networking, where, well, features and documents that aren't quite

standard compliant will actually sometimes be parsed correctly, just in order to make interoperability work.

But that, of course, will hurt malware detection that's now considering this particular

document as invalid and figures that it doesn't have to inspect it.

For example, in this case, Dede's own Sipdom tool was not able to actually deal with this document

because it was considered malform.

And while I was sort of considering actually doing today's podcast without mentioning Zoom,

but just can't help it.

But to point out of an analysis of Zoom's encryption that was performed by Bill

Markchuk and John Scott Railton from the Citizens Lab.

This is pretty interesting in so far as, well, a couple of claims that Zoom makes about its

encryption are actually just not true. First of all, they're promising end-to-end encryption.

End-to-end encryption usually means, well, user-to-user-to-user, but at best you're getting user-to to server kind of from Zoom and also all users

that participate in a particular meeting will share the same encryption key.

In itself, this may be something that's sort of acceptable given that they also all share

the same content, but these encryption keys actually come

...