[Dshield] gotomypc.com

Paul F Dixon pdixon at rwsc.com
Mon May 13 19:21:27 GMT 2002


We tested the gotomypc.com product for its security implications about 4
months ago.  We had heard about it from an interesting article regarding
"backchannel applications".  These backchannel programs basically match
rules established by outgoing web requests that a normal client, in a
normal access arrangement, would make, thus making it:
1.  Hard to detect.
2.  Hard to control.
3.  Hard to get rid of....

While not a bad technical concept.  (Trying to go at it from an "open mind"
standpoint)  Enabling an application like this seems really dangerous to
me.  This is desktop control, not real-audio. A much different application.
It's not that I don't trust the gotomypc folks, I'm sure they are a great
bunch (they at least do this through ssl), it's all the others that will
come after now.  What an open door...

Oh well, off my soap box.

We made the decision to block this site.  Thier IP address resolved is
63.251.224.177.  There is also an application that runs on the host machine
that can be checked (gotomypc.exe) and if you have a host based application
firewall (zone alarm, sygate, esafe, norton, etc.) you can block the
application's access to the Internet.

_________________________________________________
Paul F. Dixon
Information Security Officer
Rockwell Scientific Company, LLC
pdixon at rwsc.com


                                                                                                                                          
                    Russell Washington                                                                                                    
                    <russ.washington at vaults        To:                                                                                    
                    entry.com>                     cc:                                                                                    
                    Sent by:                       Subject:     RE: [Dshield] gotomypc.com                                                
                    list-admin at dshield.org                                                                                                
                                                                                                                                          
                                                                                                                                          
                    05/13/02 09:28 AM                                                                                                     
                    Please respond to list                                                                                                
                                                                                                                                          
                                                                                                                                          



Also from the gotomypc.com site (note the last paragraph,
https://www.gotomypc.com/help2.tmpl?#securitykeep).

Q: As the IT manager, how do I block GoToMyPC access to company computers?

A: Because GoToMyPC is a highly secure encrypted service, it provides no
security risk to your company. And, because it enhances employee
productivity by enabling employees to work from home and remote locations,
most companies find great benefits in allowing their employees to use
GoToMyPC.

To learn more about the security of GoToMyPC, please see our Security White
Paper. To learn more about the GoToMyPC service, see our GoToMyPC Brochure.


Should you believe it necessary to prevent the GoToMyPC service from
accessing your company computers, simply block access to the host
poll.gotomypc.com. This will prevent anyone from starting a connection to
access any computer inside your firewall.

-----Original Message-----
From: John Hardin [mailto:johnh at aproposretail.com]
Sent: Monday, May 13, 2002 9:05 AM
To: DShield mailing list
Subject: RE: [Dshield] gotomypc.com


On Mon, 2002-05-13 at 08:48, Tony Carothers wrote:
> >From the gotomypc.com site..
>
> https://www.gotomypc.com/ourTechnology.tmpl

Okay, the "security" whitepaper does say that the traffic is encrypted
end-to-end.

--
John Hardin                                   <johnh at aproposretail.com>
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
 "To disable the Internet to save EMI and Disney is the moral
  equivalent of burning down the library of Alexandria to ensure the
  livelihood of monastic scribes."
                                    -- John Ippolito of the Guggenheim
-----------------------------------------------------------------------
 3 days until Star Wars episode II: Attack of the Clones

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list







More information about the list mailing list