<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#330033">Rick,</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#330033"><br>
</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#330033">The problem with TV is not that it's a bad application, just that it has so much control, and it can be used for bad, as well as for good. The popular attack is to patch TV in memory, thus leaving no trace that malware is present, and forensically, there's nothing on disk to track down. Accordingly, as a "rat" (remote access tool), since it's using software already on a system, it's therefore rather stealthy.</div>
<div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#330033"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#330033">Agree about VNC, being that it feels safer in current implementation.</div>
<div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#330033"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small;color:#330033">A</div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Fri, Nov 1, 2013 at 11:25 AM, Rick Troth <span dir="ltr"><<a href="mailto:rmt@casita.net" target="_blank">rmt@casita.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
FYI, TeamViewer may provide an attack vector. <br>
<br>
I installed TeamViewer (on OpenSUSE). This is a popular desktop
sharing tool with broad platform coverage. One of my team-mates was
using it and we have regular need to do DT sharing with customers.
(There are other tools/methods we use, but like I said ... TV is
popular with some.) <br>
<br>
Then I happened to notice an unexpected TCP connection. It traced
back to TeamViewer (their servers). Not good! I found the TV
processes running, killed them, removed the files, and deleted the
package. (Less emotion might have left more stuff for forensics,
but I do have a backup of some of that.) <br>
<br>
A little Googoo gruntwork turns up ... yes ... TV is used by the bad
guys. I am omitting some details. Anyone know more about it and
care to share? In any case, <u>you have been warned</u>. <br>
<br>
To date, the safest desktop sharing tool in my doctor's bag is VNC.
It instantiates a virtual desktop to which applications voluntarily
connect. Yes, you *can* use VNC to hit the physical
display/keyboard, and for all I know that is more popular now. But
traditionally VNC was virtual by default (and nicely boxed). <br><span class="HOEnZb"><font color="#888888">
<br>
-- R; <><<br>
<br>
<br>
<br>
</font></span></div>
<br>_______________________________________________<br>
colug-432 mailing list<br>
<a href="mailto:colug-432@colug.net">colug-432@colug.net</a><br>
<a href="http://lists.colug.net/mailman/listinfo/colug-432" target="_blank">http://lists.colug.net/mailman/listinfo/colug-432</a><br>
<br></blockquote></div><br></div>