Log Me In
I was browsing the net and saw this site, logmein.com where you can basically have remote access to your own computer through an internet website. Imagine if a black hatter broke into that website, or sniffed your password while you were logging in?
It's even worse than you think.Originally Posted by 1shot_1kill
The client software that's installed maintains permanent contact with their servers. I had a contractor install it on one of my servers at the office because they needed remote access. Once I determined (about 10 minutes after he installed it), I ripped it back out.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Streaker, you've got me very interested by alot of your posts and replys here. You said that you monitor and maintain a water treatment facility? I remember you talking to me about electronic automation and modbus+. I'm taking the automation course right now, but as a side hobby i'm learning how to use backtrack and networking. Did you say there are jobs out there that use networking to in fact monitor all the machines from one office? Do you think that there is a certain program in schools to do this? Or would it be I'd have get the electronic and industrial automation degree, Then go for a networking degree.
I'm hopin to milk out the free money for school from the militaryDisability from a deployment in my ears and back I should get as much out of it as I can.
What you say is true, but that doesn't necessarily make it a bad product. Until someone shows me a legitimate, exploitable weakness in LogMeIn, I will use it.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
Honestly, that's a stretch.
All LogMeIn traffic is SSL. Even if someone logged into my account, each connection has an additional access code just to "see" the desktop. And third, they still can't access my desktop without my desktop's password. Not impossible to do, but not trivial either.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
I fail to see any good reason that a third party needs to maintain a persistent connection in order to provide said service. Aside from wasting my bandwidth and leaving a persistent hole for other malicious parties to notice and try to take advantage of.
What you're saying is kind of like leaving your house door unlocked until after you've been broken into at least once.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Honestly, that's a bad analogy. The door is never "unlocked", and no one has previously broken in. The connection is encrypted, and the bandwidth is minimal.
Again, if someone can show a plausible way to take advantage of it, I'd love to hear.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
What advantage does logmein have over any of the free VNC programs, like UltraVNC?
The link budget is not a problem, we intend on splitting the bill...
(L)Users with no idea of what constitutes a tunnel, or setting up VNC, or even what an IP Address is, can easily set it up. Plus, since they can do it through the web interface, it isn't scary for them and is easy for them to bookmark their own PC.What advantage does logmein have over any of the free VNC programs, like UltraVNC?
Thorn
Stop the TSA now! Boycott the airlines.
I use LogMeIn for example because my PC dont have a external IP address so cant reach it from anywhere, I think LoGMeIn is better than VNC,PcAnywhere ... cause work from PC that are behind a NAT , also for the encryption used.
sorry for my english is not so great , hope you got the point
Posting Permissions
