[Dshield] How secure IS GoToMyPC?

M Cook dshieldlists at versateam.com
Fri Jun 18 13:55:15 GMT 2004


Stephane Grobety wrote:
> There is a built-in file transfer that takes cut-and-paste of files.
> The clipboard is also accessible, making it another channel to upload
> malicious code in the remote machine.

My point was that a malicious file uploaded by a clueless user (the more 
likely event) would have a good chance of being intercepted by AV, not 
that a malicious user couldn't do all sorts of things to the machine 
once at the console. On the other hand, it's not physical access, so a 
locked down machine would make it harder for a malicious (or clueless) 
user to mess up the machine. But we all know how often we see a locked 
down machine, let alone one that a creative black hat can't get into.

> typical PC not to require much download. Plus, the attacker already
> has local console access: all he needs is privilege escalation.

Exactly my point. Using GoToMyPc removes a layer or eight of protection, 
but it's not like opening an otherwise secure machine to the Internet 
completely. For example, a disgruntled employee could do a comparable 
amount of damage sitting in front of the machine as through GoToMyPC. A 
socially-engineered employee sitting in front of the machine might be 
coerced into installing a back door or keystroke logger or other 
malware. So a GoToMyPC installation with good password discipline is 
somewhat comparable to some sort of good physical control of employees 
coming to work in the building. We all know how often either of those 
happens, plus you never know when the employee who is properly 
identified at the front door (or uses a strong password) is going to do 
something clueless or malicious. Having other layers of defense to take 
care of those situations is critical, and makes it that much harder for 
an unauthorized person to do nasty things through GoToMyPC or some other 
access method.

So instead of saying "it's a security risk" -- what's NOT a security 
risk? -- I'm suggesting more that we analyze and mitigate as many of the 
real risks as possible, on the theory that some malicious or clueless 
act done through GoToMyPC is probably using an opening that could be 
exploited through another vector.



More information about the list mailing list