As a senior software engineer who as part of my jo
Post# of 32627
(Total Views: 472)
Posted On: 04/03/2020 6:06:54 PM
As a senior software engineer who as part of my job has worked on securing software developed for the Dept of Defense to the security guidelines I was very impressed by Chad’s video.
First, he gave very good details for people like me while still making it understandable to people who aren’t software engineers.
Here are the key points that stood out and set it apart from poorly designed applications like Zoom that have large security flaws:
I like that he said the idea of “zero visibility” was paid attention too from the beginning.
All the data is encrypted with AES-256 encryption. That means the data is encrypted using 256 bit encryption keys. So that is 256 binary digits making the number of combinations 2 to the power of 256. That is 1.1579209e+77 which is roughly 1 followed by 77 zeros. It obviously cannot be cracked by brute force and is a very strong encryption standard.
A good article about it is at https://www.thesslstore.com/blog/what-is-256-bit-encryption/ which also explains the nuances of AES encryption.
It is architected on server-less technology, and every connection is single-use. It is all up in the cloud. As soon as the meeting ends everything about it disappears, even the same user gets a whole new “container” for lack of a better word for the next meeting. So everything about the previous meeting is gone.
They use several cloud platforms (probably in case any one of them is unavailable it doesn’t cause Verb Live to be unavailable) and each cloud is encrypted end to end. So all data inside the cloud is transmitted encrypted, nothing is unencrypted.
Verb Live uses web browsers rather than an application running on an operating system. He is correct that operating systems are where most security flaws are, whereas browsers have much less security flaws. Also browsers guarantee anyone can run Verb Live as long as it works with the latest versions of all the popular browsers.
Finally, they use a 3rd party product to authenticate users, and it is the largest authentication platform in the world. It has to securely authenticate users and not expose password (most likely the passwords are encrypted in 256 but encryption). Remember Zoom defaulted to optional passwords for meetings!
Chad’s video ought to be blasted out everywhere at this time when Zoom is under heavy scrutiny and criticism for its large security flaws.
I shared the video out to LinkedIn, Twitter, abc Facebook.
First, he gave very good details for people like me while still making it understandable to people who aren’t software engineers.
Here are the key points that stood out and set it apart from poorly designed applications like Zoom that have large security flaws:
I like that he said the idea of “zero visibility” was paid attention too from the beginning.
All the data is encrypted with AES-256 encryption. That means the data is encrypted using 256 bit encryption keys. So that is 256 binary digits making the number of combinations 2 to the power of 256. That is 1.1579209e+77 which is roughly 1 followed by 77 zeros. It obviously cannot be cracked by brute force and is a very strong encryption standard.
A good article about it is at https://www.thesslstore.com/blog/what-is-256-bit-encryption/ which also explains the nuances of AES encryption.
It is architected on server-less technology, and every connection is single-use. It is all up in the cloud. As soon as the meeting ends everything about it disappears, even the same user gets a whole new “container” for lack of a better word for the next meeting. So everything about the previous meeting is gone.
They use several cloud platforms (probably in case any one of them is unavailable it doesn’t cause Verb Live to be unavailable) and each cloud is encrypted end to end. So all data inside the cloud is transmitted encrypted, nothing is unencrypted.
Verb Live uses web browsers rather than an application running on an operating system. He is correct that operating systems are where most security flaws are, whereas browsers have much less security flaws. Also browsers guarantee anyone can run Verb Live as long as it works with the latest versions of all the popular browsers.
Finally, they use a 3rd party product to authenticate users, and it is the largest authentication platform in the world. It has to securely authenticate users and not expose password (most likely the passwords are encrypted in 256 but encryption). Remember Zoom defaulted to optional passwords for meetings!
Chad’s video ought to be blasted out everywhere at this time when Zoom is under heavy scrutiny and criticism for its large security flaws.
I shared the video out to LinkedIn, Twitter, abc Facebook.
(19)
(0)Verb Technology Company, Inc (VERB) Stock Research Links
Scroll down for more posts ▼