[Dshield] How secure IS GoToMyPC?

Keith Bergen keith at keithbergen.com
Wed Jun 16 13:28:10 GMT 2004


GoToMyPC is (I believe) a service that lets you take over 
your entire computer remotely. They may also have a 
configuration that allows you to just share drives. Either 
way you would be putting a lot of trust into that service.

I'm not real certain from your email exactly what they are 
trying to accomplish.

You have to remember that GoToMyPC is a vendor, and you are 
effectively using their service to access your machine 
(presumably as administrator) remotely. I have not used that 
service specifically (I have seen the ads), but to me, it 
would seem easy for them to get your login and password from 
the system, and thus have full control without ever having to 
install anything on your system.

If you simply want to share a file, put that file up on some 
web space. Most ISP's allow you at least 3MB of web space 
(mine gives you 10) where you can store the file and download 
& upload it by FTP. You should install an index.htm file so 
that people can't browse to it.

If you completely want to take over your remote PC, there is 
a freeware package called tightVNC or you can use the XP Pro 
package remote desktop. Both allow you to change the default 
port number (highly recommended). Also, I would only share 
logins that are NON-Administrator. There are a myriad of 
security measures that you can take to help protect it, but 
the only sure way is to not do it.

I hope this helps,
Keith.

---- Original message ----
>Date: Wed, 16 Jun 2004 08:01:25 -0400
>From: Alan Frayer <afrayer at frayernet.com>  
>Subject: [Dshield] How secure IS GoToMyPC?  
>To: list at lists.dshield.org
>
>I have a potential client who has been suggesting they want 
to remotely 
>access critical data using GoToMyPC, rather than placing the 
data in a 
>web-accessible, password-protected read-only database.
>
>Which approach to accessing the data remotely would be more 
secure? Am I 
>missing something?
>
>_______________________________________________
>list mailing list
>list at lists.dshield.org
>To change your subscription options (or unsubscribe), see: 
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list