[Dshield] How secure IS GoToMyPC?
dshieldlists at versateam.com
Fri Jun 18 13:55:15 GMT 2004
Stephane Grobety wrote:
> There is a built-in file transfer that takes cut-and-paste of files.
> The clipboard is also accessible, making it another channel to upload
> malicious code in the remote machine.
My point was that a malicious file uploaded by a clueless user (the more
likely event) would have a good chance of being intercepted by AV, not
that a malicious user couldn't do all sorts of things to the machine
once at the console. On the other hand, it's not physical access, so a
locked down machine would make it harder for a malicious (or clueless)
user to mess up the machine. But we all know how often we see a locked
down machine, let alone one that a creative black hat can't get into.
> typical PC not to require much download. Plus, the attacker already
> has local console access: all he needs is privilege escalation.
Exactly my point. Using GoToMyPc removes a layer or eight of protection,
but it's not like opening an otherwise secure machine to the Internet
completely. For example, a disgruntled employee could do a comparable
amount of damage sitting in front of the machine as through GoToMyPC. A
socially-engineered employee sitting in front of the machine might be
coerced into installing a back door or keystroke logger or other
malware. So a GoToMyPC installation with good password discipline is
somewhat comparable to some sort of good physical control of employees
coming to work in the building. We all know how often either of those
happens, plus you never know when the employee who is properly
identified at the front door (or uses a strong password) is going to do
something clueless or malicious. Having other layers of defense to take
care of those situations is critical, and makes it that much harder for
an unauthorized person to do nasty things through GoToMyPC or some other
So instead of saying "it's a security risk" -- what's NOT a security
risk? -- I'm suggesting more that we analyze and mitigate as many of the
real risks as possible, on the theory that some malicious or clueless
act done through GoToMyPC is probably using an opening that could be
exploited through another vector.
More information about the list