Penetration Testing mailing list archives
Re: gotomypc
From: Ken.Williams () ey com
Date: Mon, 11 Mar 2002 08:51:56 -0600
i dealt with this site/issue about 6 months ago. ideally, you should not have to be bothering yourself with auditing gotomypc at all, because no sane, responsible network admin would ever let his users connect to gotomypc in the first place. for information about which host network admins need to block, go here: https://ssl.anonymizer.com/https://www.gotomypc.com/help2.tmpl? #securitykeep (sorry about the anonymization, but i had to use it since we, of course, block all connections to all known gotomypc hosts, IP blocks) Regards, ken Ken Williams ; Technical Lead ; ken.williams () ey com eSecurityOnline - an eSecurity Venture of Ernst & Young ken.williams () ey com ; www.esecurityonline.com ; 1-877-eSecurity kevin mckay <kevintmckay@ To: pen-test () securityfocus com yahoo.com> cc: (bcc: Ken Williams/AABS/EYLLP/US) Subject: gotomypc 03/08/2002 03:56 PM Has anybody dealt with the services from https://www.gotomypc.com it seems to allow end users to completely circumvent an existing network security infrastructure. The user signs up with gotomypc and establishes a out bound connection through the firewall to a go to my pc server, then there server listens for a connection that is connected to your internal network and the scariest thing is that the listining ports for inbound connections are on a gotomypcserver so how would you even audit?. __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ______________________________________________________________________ The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. Ernst & Young LLP ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- gotomypc kevin mckay (Mar 09)
- Re: gotomypc R. DuFresne (Mar 10)
- Re: gotomypc R. DuFresne (Mar 10)
- Re: gotomypc Rainer Duffner (Mar 10)
- <Possible follow-ups>
- Re: gotomypc Ken . Williams (Mar 11)