[Lex Computer & Tech Group/LCTG] zoomcrc.com

Robert Primak bobprimak at yahoo.com
Tue Jul 7 05:16:30 PDT 2020 

 This is an edited version of a comment I sent to Al as an aside.
This is not the only weird thing about how Zoom does business which people have noticed lately. I honestly don't know why no one seems to complain about how sloppy Zoom's business and security practices are. Oh wait -- they DO! And still people just jump on the bandwagon, and throw caution to the winds. But businesses? And medical practices? They should know better.
I guess convenience really does trump security.
-- Bob Primak

    On Tuesday, July 7, 2020, 07:03:08 AM EDT, Allan Sherman <allanpsherman at gmail.com> wrote:  
 
 I think I had a valid idea for checking this, but made the wrong interpretation of what I found.  
The "whois" record I posted for zoomcrc.com was obtained from a random google search source ( https://www.webnames.ca/whois#?currentDomain=zoomcrc.com ).  Checking further, I went to the registrar's website https://il.godaddy.com/en/whois and found the same "whois" result.  
Later, checking my favorite network info site (nwtools.com - alias for https://network-tools.com/ ), surprisingly showed zoomcrc.com being owned by Zoom Video Communications, Inc at the expected address in San Jose.
What I think happened is that Network Tools was able to get around the Domains By Proxy blockage by checking the ownership of the IP address used by that domain.  Just a guess.  So why does the domain usually show up as being under GoDaddy control?  Perhaps it originally was registered with GoDaddy and still stays there.  
In any event, this certainly looks and acts like a zoom domain, so I am no longer suspicious of malicious activity by a third party.  However I am certainly no expert in this stuff.....  

Al



On Mon, Jul 6, 2020 at 10:22 PM <mwolfe at vinebrook.com> wrote:


To All:

I found this in the Zoom Help Center: 
  SIP Dial String Format
  [Meeting ID].[Password].[Layout].[Host Key]@zoomcrc.com


That being said, given the BCC someone may be planting a virus to eavesdrop. It could even be Zoom. Zoom has strived for ease of use and features often at the expense of security such as this example. 

-- Mitch 

On 2020-07-05 19:27, Allan Sherman wrote:

I suspect that the  zoomcrc.com domain is not owned by zoom based on the following information.  The "real zoom" URL appears to be zoom.us.  A "whois" search on the zoom.us domain produces:
Domain Name: zoom.usRegistrar: GoDaddy.com, Inc.Registrant Name: Bill LuRegistrant Organization: Zoom Video Communications, Inc.Registrant Street: 55 Almaden BoulevardRegistrant City: San JoseRegistrant State/Province: CaliforniaRegistrant Postal Code: 95148Registrant phone: +1.4085086746
 Checking the domain zoomcrc.com shows:
Registrar: GoDaddy.com, LLCRegistry Registrant ID: Not Available From RegistryRegistrant Name: Registration PrivateRegistrant Organization: Domains By Proxy, LLCRegistrant Street: DomainsByProxy.comRegistrant Street: 14455 N. Hayden RoadRegistrant City: ScottsdaleRegistrant State/Province: ArizonaRegistrant Postal Code: 85260Registrant Country: USRegistrant Phone: +1.4806242599Registrant Email: ZOOMCRC.COM at domainsbyproxy.com
 DomainsByProxy.com  appears to be a business intended to hide the real identity of the owner of the URL.  I would expect that since zoom.us has published the id of the URL owner, they have no reason to hide the ownership of zoomcrc, if it indeed belonged to them. I have no idea of the significance (if anything) of GoDaddy.com, Inc. vs GoDaddy.com, LLC.  Probably just an administrative snafu.  Regards, Al  
On Sun, Jul 5, 2020 at 10:41 PM Harry Forsdick <forsdick at gmail.com> wrote:
CHarlie, I believe this email address is not actually an email address, but reuse of the same syntax as email for opening a conferencing session between different conferencing systems, such as Zoom and Cisco or Polycom This google search gives some information about Zoomcrc.com:   
   - https://www.google.com/search?q=what+is+zoomcrc&rlz=1C5CHFA_enUS873US873&oq=what+is+zoomcrc&aqs=chrome..69i57j0.5848j0j4&sourceid=chrome&ie=UTF-8
It makes reference to SIP which stands for Session Initiation Protocol which is the interoperability activity. Email-looking addresses to ZoomCRC look to me as benign. Regards, -- Harry  Register to vote by mail https://turbovote.org/ 
| Harry Forsdick
Lexington Photo Scanning
Town Meeting Member Precinct 7
harry at forsdick.com
www.forsdick.com
 |   | 46 Burlington St.
Lexington, MA 02420
(781) 799-6002 (mobile)
meet.jit.si/HarryForsdick (video)
Click to see my other websites
 |

 
On Sat, Jul 4, 2020 at 4:05 PM Charles Holbrow <chholbrow at gmail.com> wrote:
I am preparing my six-session course on the history of the atomic bomb.  I will run it through my Colgate University Zoom account.  I just found in the drafts in my email an invitation to go to me with a bcc to 94056004724 at zoomcrc.com.  I never addressed an email to 94056004724 at zoomcrc.com.  Any suggestions as to what is going on? Is this some kind of hack to find the meeting ID and password of the course? --Charlie
   ===============================================
 ::The Lexington Computer and Technology Group Mailing List::
 Reply goes to sender only; Reply All to send to list.
 Send to the list: LCTG at lists.toku.us      Message archives: http://lists.toku.us/private.cgi/lctg-toku.us
 To subscribe: email lctg-subscribe at toku.us  To unsubscribe: email lctg-unsubscribe at toku.us
 Future and Past meeting information: http://LCTG.toku.us
 This message was sent to forsdick at gmail.com.
 Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/forsdick@gmail.com
===============================================
 ::The Lexington Computer and Technology Group Mailing List::
 Reply goes to sender only; Reply All to send to list.
 Send to the list: LCTG at lists.toku.us      Message archives: http://lists.toku.us/private.cgi/lctg-toku.us
 To subscribe: email lctg-subscribe at toku.us  To unsubscribe: email lctg-unsubscribe at toku.us
 Future and Past meeting information: http://LCTG.toku.us
 This message was sent to al at sherm.us.
 Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/al@sherm.us

===============================================
 ::The Lexington Computer and Technology Group Mailing List::
 Reply goes to sender only; Reply All to send to list.
 Send to the list: LCTG at lists.toku.us      Message archives: http://lists.toku.us/private.cgi/lctg-toku.us
 To subscribe: email lctg-subscribe at toku.us  To unsubscribe: email lctg-unsubscribe at toku.us
 Future and Past meeting information: http://LCTG.toku.us
 This message was sent to mwolfe at vinebrook.com.
 Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/mwolfe@vinebrook.com




===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: LCTG at lists.toku.us      Message archives: http://lists.toku.us/private.cgi/lctg-toku.us
To subscribe: email lctg-subscribe at toku.us  To unsubscribe: email lctg-unsubscribe at toku.us
Future and Past meeting information: http://LCTG.toku.us
This message was sent to bobprimak at yahoo.com.
Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/bobprimak@yahoo.com  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.toku.us/private.cgi/lctg-toku.us/attachments/20200707/7140c4b2/attachment.html>

More information about the LCTG mailing list