Security Basics mailing list archives
RE: remote control program
From: "Serge Vondandamo" <serge.vondandamo () orange fr>
Date: Sat, 31 May 2008 09:27:58 +0200
Sergio and the community, My apology if I mislead anyone. I did a wrong analysis as I did place Sergio's situation in a totally different context. The LogMeIn is a legit service and I will recommend it among other tools. I was not referring to the tool itself but the context in which it was used as I will explain later. He wrote: "Hi all, I need to know if anyone knows how this program "LogMeIn." It safe? It is a Troyan Horse? is part of a group of machines Zombie? The Url of this program is: https://secure.logmein.com/loggedout.asp Thank." In my thoughts, he was surprised to discover the tool being used in his system (I dont know why) and sounds like he was under attack. Probably my mind perceived a state of panic, an attack in progress situation when scanning these words: " Troyan Horse? Is part of a group of machines Zombie?". Let's follow my thoughts a little bit; we are in the situation of someone who is asking himself about the presence of LogMeIn in his system and seeking help from the community to know about it and how to deal with it. In that situation may be my words could have made sense. And what led me to call it a Trojan in that situation? I will try to explain, please correct me if I am wrong -: Let's quote the free encyclopedia: Trojan Horse (disambiguation). "The Trojan Horse, from Greek mythology, was a giant hollow horse containing Greek soldiers, used to overtake the city of Troy during the Trojan War. It has since become a metaphor for any person or thing that appears innocent or benign, but actually presents danger or harmful intent." And my mind asked why should I restrict the term only to applications? It can be extended to situations and intentions. Following my free mind, I wasn't ashamed to refer to that particular situation and its context as a "Trojan", because the LogMeIn shouldn't have been used in the system and everyone knows that it can allow remote control of that system. I did recommend corrective controls since I could sense violation of policies (change control, authorized application, etc) or lack of security mechanisms in the system. I am just happy that wasn't the situation of Sergio and I wish him a good research and information gathering on remote control tools. Et voila, Thanks for keeping the security knowledge alive. Serge Vondandamo, CISSP, CCNA, MCP -----Message d'origine----- De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la part de sgp () unsl edu ar Envoyé : vendredi 30 mai 2008 22:10 À : security-basics () lists securityfocus com Objet : Re: remote control program Thank you all for the answers, I need to implement remote administration several branches of my clients and was evaluating the tool (Logmein) to implement, at first I thought was spectacular, by not having to configure anything on the routers to allow access from the internet. But I am very concerned about whether the tool is reliable, in other words if the company owns the tool is. Regards. Sergio Properzi. San Luis Argentina.
Current thread:
- RE: remote control program, (continued)
- RE: remote control program Sean Tindall (Jun 02)
- Re: remote control program Adriel Desautels (Jun 02)
- RE: remote control program Joel (Jun 02)
- Re: remote control program Adriel Desautels (Jun 02)
- RE: remote control program Joel (Jun 03)
- Re: remote control program Adriel Desautels (Jun 03)
- RE: remote control program Joel (Jun 02)
- Re: remote control program Brad Bendily (Jun 02)