Security Basics mailing list archives
RE: remote control program
From: "Joel" <joel () nc rr com>
Date: Fri, 30 May 2008 14:33:29 -0400
Unlike GoToMyPC, Logmein completely hands off the connection after the initial encrypted handshake. By the time you are at the remote screen logging in, nothing should be passing through the logmein servers. This is what was explained to me before purchase 3 years ago. Regardless, even if they used the model of GoToMyPC and routed all traffic through their own servers, as long as the passthrough traffic were encrypted via AES 256, such as Logmein uses, grabbing your password for your server would be non-trivial. So in this case, yes, you are being paranoid, but that's not a bad thing in this business. As long as you know the facts, there's not much to worry about. If they weren't actually encrypting traffic - and from what I've sniffed, they are - they'd be out of business rather quickly. Your concern is why Microsoft's RDP handshake is not popular; the initial handshake is in plaintext. Maybe they've changed it, but I doubt it. I have about 60 IT Reach licenses and it's an invaluable tool for me. Be sure to buy the Ignition software if you manage more than a few PC's from a central location. Logmein is faster than anything I've tested or used in the past, including Famtech's Radmin, TeamViewer, GoToMyPC, and any flavor of VNC. Regards, Joel -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Francisco Neira Basso Sent: Friday, May 30, 2008 12:52 PM To: Teena Horne Cc: 'sgp () unsl edu ar'; security-basics () lists securityfocus com Subject: Re: remote control program -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Teena Horne wrote:
Yes, it's safe. I use the free remote control portion of it for personal
and some business use, and now we are evaluating their Logmein Backup service for purchase.
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of sgp () unsl edu ar
Sent: Friday, May 30, 2008 6:40 AM To: security-basics () lists securityfocus com Subject: remote control program Hi all, I need to know if anyone knows how this program "LogMeIn." It
safe? It is a Troyan Horse? is part of a group of machines Zombie? The Url of this program is: https://secure.logmein.com/loggedout.asp
Thank.
Does my username and password goes thru the logmein service provider and then to my server? Am I the only paranoid? ;) - -- Francisco Neira B. Seguridad de la Informacion Defensoria del Pueblo Lima, Peru -05:00 UTC -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFIQDDLFYZ03N+YDpMRAinuAJ4h3+0l20IFMFd+e8THy4BNv7m/qgCeKaoF C82RwAzFj55vT+UPprIui3o= =9+WE -----END PGP SIGNATURE-----
Current thread:
- remote control program sgp (May 30)
- RE: remote control program Emilio Morla (May 30)
- RE: remote control program Teena Horne (May 30)
- Re: remote control program Francisco Neira Basso (May 30)
- RE: remote control program Teena Horne (May 30)
- RE: remote control program Joel (May 30)
- Re: remote control program Francisco Neira Basso (May 30)
- RE: remote control program Eddy Alexandre (May 30)
- Re: remote control program Robert Taylor (May 30)
- RE: remote control program Serge Vondandamo (May 30)
- Re: remote control program Adriel Desautels (May 30)
- RE: remote control program Serge Vondandamo (May 30)
- RES: remote control program Gilberto Fernandes (May 30)
- <Possible follow-ups>
- Re: remote control program sgp (May 30)
- RE: remote control program Joel (May 30)