Home page logo

basics logo Security Basics mailing list archives

RE: remote control program
From: "Juanjo Rodriguez - NTR" <jrodriguez () ntrglobal com>
Date: Fri, 30 May 2008 23:52:48 +0200

You can use NTRConnect or NTRSupport too ;)

Juanjo Rodriguez Piris
Operations Manager
NTRglobal S.L.

-----Original Message-----
From: listbounce () securityfocus com <listbounce () securityfocus com>
Sent: viernes, 30 de mayo de 2008 20:33
To: "'Francisco Neira Basso'" <fneira () defensoria gob pe>; "'Teena
Horne'" <chorne () kelso-burnett com>
Cc: "sgp () unsl edu ar" <sgp () unsl edu ar>;
"security-basics () lists securityfocus com"
<security-basics () lists securityfocus com>
Subject: RE: remote control program

Unlike GoToMyPC, Logmein completely hands off the connection after the
initial encrypted handshake. By the time you are at the remote screen
logging in, nothing should be passing through the logmein servers. This
what was explained to me before purchase 3 years ago. Regardless, even
they used the model of GoToMyPC and routed all traffic through their own
servers, as long as the passthrough traffic were encrypted via AES 256,
as Logmein uses, grabbing your password for your server would be
non-trivial. So in this case, yes, you are being paranoid, but that's
not a
bad thing in this business. As long as you know the facts, there's not
to worry about. If they weren't actually encrypting traffic - and from
I've sniffed, they are - they'd be out of business rather quickly. Your
concern is why Microsoft's RDP handshake is not popular; the initial
handshake is in plaintext. Maybe they've changed it, but I doubt it.

I have about 60 IT Reach licenses and it's an invaluable tool for me. Be
sure to buy the Ignition software if you manage more than a few PC's
from a
central location. Logmein is faster than anything I've tested or used in
past, including Famtech's Radmin, TeamViewer, GoToMyPC, and any flavor



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
Behalf Of Francisco Neira Basso
Sent: Friday, May 30, 2008 12:52 PM
To: Teena Horne
Cc: 'sgp () unsl edu ar'; security-basics () lists securityfocus com
Subject: Re: remote control program

Hash: SHA1

Teena Horne wrote:
Yes, it's safe.  I use the free remote control portion of it for
and some business use, and now we are evaluating their Logmein Backup
service for purchase.

-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On Behalf Of sgp () unsl edu ar
Sent: Friday, May 30, 2008 6:40 AM
To: security-basics () lists securityfocus com
Subject: remote control program

Hi all, I need to know if anyone knows how this program "LogMeIn." It
safe? It is a Troyan Horse? is part of a group of machines Zombie? The
of this program is: https://secure.logmein.com/loggedout.asp


Does my username and password goes thru the logmein service provider and
then to my server? Am I the only paranoid? ;)

- --
Francisco Neira B.
Seguridad de la Informacion
Defensoria del Pueblo
Lima, Peru  -05:00 UTC
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org

Sent by emoze push mail.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]