Page 5 of 6 FirstFirst ... 3456 LastLast
Results 61 to 75 of 79
  1. #61
    3 Star Lounger
    Join Date
    Dec 2009
    Posts
    320
    Thanks
    16
    Thanked 70 Times in 58 Posts
    Quote Originally Posted by satrow View Post
    Hotel lobby - sleep-in night concierge tempted to increase his income - CCTV.

    Data logger already installed on the lobby PC.
    Sorry but... citations? I haven't been able to find any examples.

    We're all entitled to our opinions but when we're advising others I think we have a responsibility to stay with facts. If there is a risk (which I agree there is... but perhaps 'possible' rather than 'likely'?) then, in my opinion, we should provide factual information together with any available mitigation. What I'm against is the spread of un-substantiated FUD to people asking for help.

    The OP asked whether TeamViewer could be used as an alternative to LogMeIn Free. Since then this topic has veered between discussion of the possible transfer of adware to virus transmission and finally to total compromise of the home PC by a remote attacker. As the topic has become more heated, the most obvious thing missing is evidence to back up some of the views expressed.

    If evidence is provided then great! I would be pleased to see it and have no problem accepting it. It wasn't my intention to upset anyone (mea culpa) but I try to keep in mind that the OP has already been exposed to any such possible risks by his previous use of LogMeIn Free (which I don't believe had 2-factor authentication like TeamViewer) and doesn't appear to have suffered unduly.

  2. The Following 2 Users Say Thank You to Rick Corbett For This Useful Post:

    flippertie (2014-03-06),ruosChalet (2014-02-15)

  3. #62
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Hartford, WI, USA
    Posts
    151
    Thanks
    34
    Thanked 31 Times in 18 Posts
    Quote Originally Posted by ruirib View Post
    ... where you don't know what is running ... ... I wouldn't even call it a good practice, just a common sense one...
    Rui, I totally agree. The key words here are "where you don't know what is running".

    What is the problem with common sense?
    It ain't that common.
    Eike J Heinze
    What I am about
    SE Wisconsin

  4. #63
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Hartford, WI, USA
    Posts
    151
    Thanks
    34
    Thanked 31 Times in 18 Posts
    Quote Originally Posted by Rick Corbett View Post
    Sorry but... citations?
    Rick, you have not read the full thread. I posted a link to my real life experience (scroll down to paragraph #4) in a five start resort before.

    ... the most obvious thing missing is evidence to back up some of the views expressed.
    Opinions and evidence? Almost an oxymoron IMHO.

    ... that the OP has already been exposed to any such possible risks ... ...and doesn't appear to have suffered unduly.
    Yesterday I overlooked a stop sign and luckily nothing happened. Does that mean I can now barrel through stop signs?
    Eike J Heinze
    What I am about
    SE Wisconsin

  5. #64
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 208 Times in 181 Posts
    A fact for you, Rick: when you leave the safety of your own home and it's secure computing environment and access a strange computer in a foreign country, you have no idea how secure that computer or it's network is or who is looking over your shoulder. No citations needed.

  6. #65
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,352
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Quote Originally Posted by Rick Corbett View Post
    We're all entitled to our opinions but when we're advising others I think we have a responsibility to stay with facts. If there is a risk (which I agree there is... but perhaps 'possible' rather than 'likely'?) then, in my opinion, we should provide factual information together with any available mitigation. What I'm against is the spread of un-substantiated FUD to people asking for help.
    We obviously have different opinions about advising others, especially in what relates to security. Computer security should be much more about preventing breaches, than plugging holes after the fact. That means avoiding or minimizing potentially risky behaviors, like using passwords in an environment you don't know is safe.

    No one here spread FUD. What I saw was people alerting to potential risks and people expressing opinions on how they would behave, if they were in similar situations to the ones presented here. If you are going to deny the risks here are to be dismissed, do it at your own risk. I actually think that by downplaying such risk and suggesting that, because no one will offer a concrete case where someone used a password in an unsafe place and got hacked, you are inviting people to incur in such risky behavior. You are obviously free to do it, but that also means that you are, in my opinion, providing advice that can be costly to anyone who indulges in the behavior in question and gets affected by it. Fortunately, the majority opinion differs from yours, so I think regular users will have enough input to make their own opinions on the subject.
    Rui
    -------
    R4

  7. #66
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    2,177
    Thanks
    207
    Thanked 213 Times in 205 Posts
    Quote Originally Posted by satrow View Post
    A fact for you, Rick: when you leave the safety of your own home and it's secure computing environment and access a strange computer in a foreign country, you have no idea how secure that computer or it's network is or who is looking over your shoulder. No citations needed.
    Even in your own neighborhood; you don't have to travel far to find such computers.

  8. #67
    Star Lounger pseudoid's Avatar
    Join Date
    Feb 2011
    Posts
    98
    Thanks
    15
    Thanked 12 Times in 6 Posts
    I hope the following suggestion is relevant and worthy:
    Just recently, I was at a Fry's Electronics store and they had a dual-HDD NAS enclosure at a ridiculous price of $40 (w/o HDDs) which regularly sells for $100.
    For this silly price, I thought that it would be worthwhile to play around with it.
    This NAS device is called "myDitto Classic" (http://classic.my-ditto.com/interior...ts_Of_my-Ditto) and the package also contains two USB fobs.
    The user manual is over a 100pages and I am still learning how to get the maximum use out of all of its features.
    But one thing that I have noticed (upon stuffing two 1TB HDDs on pull-out caddies) is the fact that your PC does not have to powered up to get access to the device remotely, as long as your network modem that you connect the NAS to is up/on.
    You can remotely connect to the NAS by plugging in the activated USB key fobs that contain your log-in credentials.
    One of the USB key fobs is for the 'administrator'. You can also activate and share many more USB key fobs for other family members and/or other users (Administrator sets up the permissions for each user that is trusted with one of the USB fobs and they can be deactivated if desired).
    Each HDD contains a top-level 'private' folder, a 'shared' folder, and a 'public' folder.
    Besides being able to use these USB key fobs for NAS access remotely, the manual states that the device can also be accessed via free apps for both Apple and Android systems.
    Thus far, I have only experimented with using the NAS on my local network (LAN). Using DLNA and uPNP (both Win8 and Android), i have been able to stream audio and video content on my TV, via my DishNetwork Hopper DVR, a networked audio PreAmp as well as using my Android-based Patriot Box Office streaming video player. Thus far all of this has been accomplished in my LAN w/o the key fobs since the A/V content that I copied to the HDD is in the 'public' top-level folder.
    I have also been able to successfully access a variety of my files (non A/V content) using a Toshiba laptop via a WiFi connection to my network.
    It will probably take me at least a few weeks to explore all of its capabilities remotely but this myDitto NAS device may allow you to access all of your data remotely from anywhere in the world AND w/o having your PC on.
    The trick would have to be to replicate your data directories onto one of its 2 HDDs using a WinOS sync application: Such as Microsoft's own free SyncToy (http://www.microsoft.com/en-us/downl....aspx?id=15155) or any other such free utility.
    If data redundancy is of prime importance, this myDitto NAS box allows a few RAID options during initial setup << FWIW.

  9. #68
    3 Star Lounger
    Join Date
    Dec 2009
    Posts
    320
    Thanks
    16
    Thanked 70 Times in 58 Posts
    Quote Originally Posted by eikelein View Post
    Rick, you have not read the full thread. I posted a link to my real life experience (scroll down to paragraph #4) in a five start resort before.
    Eike - I'm not denying there may be a risk of using a hotel PC (in any country) but I think the OP would be better served by a reasoned discussion of potential risk using facts backed up with evidence rather than unsubstantiated claims and assumptions. Whilst it may be a fact that your USB stick contracted a virus in a foreign hotel (yes, I did read the full thread and your own experience before posting), it does not necessarily mean that the OP's use of Teamviewer will result in the remote compromise of his home PC. Sorry but... a local exploit involving physical access shouldn't be used to 'prove' there is a risk using a remote access protocol.

    Quote Originally Posted by satrow View Post
    A fact for you, Rick: when you leave the safety of your own home and it's secure computing environment and access a strange computer in a foreign country, you have no idea how secure that computer or it's network is or who is looking over your shoulder. No citations needed.
    Satrow - If I was to opine that the sky was green then I would expect to be challenged unless I could provide proof. If I could provide a citation then we may be able to enter into a discussion why the sky appears green where I am yet blue where you are. However, evidence to back up statements doesn't seem to be required in this topic and I don't understand why not.

    Quote Originally Posted by ruirib View Post
    We obviously have different opinions about advising others, especially in what relates to security. Computer security should be much more about preventing breaches, than plugging holes after the fact. That means avoiding or minimizing potentially risky behaviors, like using passwords in an environment you don't know is safe.

    No one here spread FUD. What I saw was people alerting to potential risks and people expressing opinions on how they would behave, if they were in similar situations to the ones presented here. If you are going to deny the risks here are to be dismissed, do it at your own risk. I actually think that by downplaying such risk and suggesting that, because no one will offer a concrete case where someone used a password in an unsafe place and got hacked, you are inviting people to incur in such risky behavior. You are obviously free to do it, but that also means that you are, in my opinion, providing advice that can be costly to anyone who indulges in the behavior in question and gets affected by it. Fortunately, the majority opinion differs from yours, so I think regular users will have enough input to make their own opinions on the subject.
    Rui - I agree with some of what you say but I don't think I was downplaying any risks. Instead I was expressing doubt and trying to provide a balance to some of the more extreme claims in this topic that, for example, the OP's PC "will become infected and compromised" by the use of TeamViewer. Sorry but no-one has provided any evidence that's it's possible to pass any type of malware using TeamViewer and other posters have discounted such claims, not just me. In my opinion it's these sorts of unsubstantiated claims which need to be challenged... hence my reference to FUD. As I mentioned in an earlier post, I've been using TeamViewer for years to connect back to my home PC, many times from hotel PC's in foreign lands. Guess what... home PC still not compromised. I don't think this was just luck. As a senior IT officer in local government (specialising in remote access and malware detection/removal) I believe I have a good understanding of what's possible and what's not. I also take precautions, e.g. by using a USB stick with a write-protect switch (which was quite hard to find) when I can't reboot into my Linux live USB stick in order to run TeamViewer.

    If you check back you will find that the only advice I have provided is to "Download and install TeamViewer Host on the intended host device" (post #22), nothing more. What I should have added for the benefit of the OP was to take the additional step of registering a free account with TeamViewer so the OP could then set up and use two-factor authentication (using a smartphone). This would mitigate (if not negate entirely) the risk of any keylogger capturing the login to the remote TeamViewer host.

    Regards,

  10. The Following User Says Thank You to Rick Corbett For This Useful Post:

    ruosChalet (2014-02-20)

  11. #69
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 208 Times in 181 Posts
    Rick, you agree that there is a risk ("If there is a risk (which I agree there is... but perhaps 'possible' rather than 'likely'?)" and "I'm not denying there may be a risk of using a hotel PC ... ") yet you want me to provide citations or what I'm suggesting is FUD?

    I've not suggested that anything "will become infected and compromised" by the use of TeamViewer or "that's it's possible to pass any type of malware using TeamViewer".

    The risk is in using any computer that's not under your own control to input sensitive data. Data interception/logging can happen before it reaches the software that uses whatever encryption/protocol put in place to protect it during transmission.

    You win the argument about colours though, providing that you can produce documentary evidence that you have "normal colour vision", because I couldn't.

  12. #70
    3 Star Lounger
    Join Date
    Dec 2009
    Posts
    320
    Thanks
    16
    Thanked 70 Times in 58 Posts
    Satrow, with respect, I asked you to back up two statements you made... you chose not to. That's fine... I didn't come here to argue but, instead, tried (and obviously failed) to keep the topic on topic and accurate, i.e. verifiable.

    I've never denied there wasn't a risk using a hotel PC but the OP was asking solely about TeamViewer... so I restricted my comments to the possibility of risks of using TeamViewer. I also refuted a statement (not made by you), as did others - including another moderator - that the OP's home PC "will become infected and compromised" by using TeamViewer. The OP was asking for help and, in my opinion, this statement was not helpful.

  13. #71
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    2,138
    Thanks
    102
    Thanked 208 Times in 181 Posts
    Let's step back a ways and recap a little:
    Quote Originally Posted by Rick Corbett View Post
    Quote Originally Posted by satrow View Post
    No, only potential ownership of the home PC and whatever it might contain.
    Citation that this has ever happened or is even possible over a remote protocol?
    I've not suggested that this happens through TeamViewer (your remote protocol) - only that data logging and interception can occur before it's encrypted/transmitted. It's the unknown quantity of the strange computer that's the risk here.

    Take a look at the legit. keylogging software that's available, the hardware keyloggers as well, then study what was possible back in the '90's with trojans like subseven; look at what camera/keylogger combo's do when installed into cash machines.

  14. #72
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,352
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Quote Originally Posted by Rick Corbett View Post
    I also refuted a statement (not made by you), as did others - including another moderator - that the OP's home PC "will become infected and compromised" by using TeamViewer.
    Rick,

    Please point out the post where a moderator stated that.

    Like satrow, I disagree with the statement about infection, but the keylogging scenario is not only possible, but even likely. So, contrary to you, I think this thread has been quite useful, because it addressed not only the technical feasibility of using TeamViewer, but also the potential risks of using it in an unknown computer, where the risks associated with its use seem quite clear to me. To help other people, I have quite a few years back, researched monitoring software and between key logging and screen capturing, the risks seem pretty obvious to me. So we could talk not only about keyloggers capturing whatever was typed from the hotel PC - which satrow addressed in a clear and understandable manner - but also other risks to privacy that could result from screen capturing software. I have seen it in use and it's quite effective.

    Of course, the potential presence of keyloggers do not raise risks solely related to TeamViewer login, which means two factor authentication would only serve to protect against the hijacking of the TeamViewer account. Two factor authentication, however, requires a smartphone and I fail to see why the user should incur in additional risk by using an unknown (and thus unsafe) PC to login to his home computer, when the TeamViewer app for the mobile OS of the smartphone could be used instead. Yes, the screen will be much smaller, but I would take that compromise over the obvious risks already described about the use of the unknown PC.

    Security implementation involves strict adherence to safe practices. It's when those practices are abandoned that many breaches occur, whether they result from social engineering or from lowering the guard from a technical point of view. Using the hotel computer would represent, IMHO, one of the occasions that could be described as lowering the guard. I can't recommend it in any possible way.
    Rui
    -------
    R4

  15. #73
    3 Star Lounger
    Join Date
    Dec 2009
    Posts
    320
    Thanks
    16
    Thanked 70 Times in 58 Posts
    Rui - PM'd you about "Please point out the post where a moderator stated that."

    Rui/Satrow - I accept that both of you (and others) are against using a hotel PC. I believe that - with mitigation - it is an acceptable risk if precautions are taken (and accurate advice given). I think most - not all - of the posts have provided useful discussion but perhaps we need to agree to disagree about using a hotel PC.

    PS - I've tried to use the TeamViewer Mobile app on an iPhone, iPad Mini and iPad 2. It's, umm, really not very good... hence my comment about "Still a way to go with their Android and iOS clients but that's only my opinion".

  16. #74
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    10,352
    Thanks
    130
    Thanked 1,162 Times in 1,069 Posts
    Rick,

    I don't see how you mitigate against a keylogger or malware installed in an hotel computer, unless you install security software or run multiple security packages on the computer, that can provide enough assurance against any such malware. I think restricting this to a matter of ensuring legitimate access to the TeamViewer account is not a correct way of seeing things. Of course, if you think the risk can be mitigated, I would like to know how you think that could be accomplished.
    Rui
    -------
    R4

  17. #75
    3 Star Lounger
    Join Date
    Dec 2009
    Posts
    320
    Thanks
    16
    Thanked 70 Times in 58 Posts
    Rui,

    I have 2 USB sticks - one's an old 2 Gb running a Linux Live build of Ubuntu with the TeamViewer tar.gz on it (as this doesn't need to be installed). The other's an even older 256 Mb one (the only one I could find with a write-disable switch).

    If I can (i.e. am able and/or allowed) then I re-restart the PC and use a Boot Menu key to boot directly into Ubuntu then run TeamViewer. (It's surprising how many foreign hotel PC's are either HP or Dell but I have other Boot Menu keys recorded on my phone in case the BIOS prompts have been disabled.) It's often a little slow to boot but in my opinion it mitigates the risk of a software keylogger (yes, I check for hardware keyloggers). I also use this for my mail. I've found most hotels will allow this if you explain why but many 'managed' PC's tend to have this disallowed in the BIOS.

    If the BIOS is locked down or I'm not allowed to re-boot into my Linux Live USB stick then I use the write-disabled 256Mb USB stick to run AutoRuns, Process Explorer, GMER, TCPView, etc. to check for/curtail suspicious activity before I run the portable TeamViewer app. This is even slower preparation time but (I'm often sat there with a drink so) I don't mind. This helped me avoid potential compromise of my USB stick when I had no option but to use TeamViewer to remote into a relative's PC from a malware-infested cyber cafe PC in Malaga.

    Now TeamViewer 9 is out I'm thinking about adding two-factor authentication using my smartphone. I haven't got round to this yet as I don't yet know if there will be any roaming charges (I guess so) and I'm still testing the TeamViewer Mobile versions on iOS and Android.

Page 5 of 6 FirstFirst ... 3456 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •