BlackHawkBible music connoisseurThere's no place like 127.0.0.1Icrontian
I was using my computer when someone connected but was able to close TeamViewer within 10 seconds. My Mom's PC was also accessed. Not PayPal transfers or Amazon purchases though. They also installed apps on breached computers to get passwords from Chrome and IE. Luckily I had Dashlane and my browser doesn't store the passwords. I need an alternative to TeamViewer but it's so critical to my family. I need ease of use.
@BlackHawk said:
I was using my computer when someone connected but was able to close TeamViewer within 10 seconds. My Mom's PC was also accessed. Not PayPal transfers or Amazon purchases though. They also installed apps on breached computers to get passwords from Chrome and IE. Luckily I had Dashlane and my browser doesn't store the passwords. I need an alternative to TeamViewer but it's so critical to my family. I need ease of use.
I use TightVNC and the VNC viewer for chrome. If you want, I can allow you temporary access to my HTPC to verify TightVNC does what you would like it to do. Just send me a PM if you want to try it out sometime long distance.
0
BlackHawkBible music connoisseurThere's no place like 127.0.0.1Icrontian
@BlackHawk said:
I was using my computer when someone connected but was able to close TeamViewer within 10 seconds. My Mom's PC was also accessed. Not PayPal transfers or Amazon purchases though. They also installed apps on breached computers to get passwords from Chrome and IE. Luckily I had Dashlane and my browser doesn't store the passwords. I need an alternative to TeamViewer but it's so critical to my family. I need ease of use.
I use TightVNC and the VNC viewer for chrome. If you want, I can allow you temporary access to my HTPC to verify TightVNC does what you would like it to do. Just send me a PM if you want to try it out sometime long distance.
Last time I used TightVNC was 10 years ago. Has it evolved since? I don't think I want to worry about what my parent's IP is and what port each computer is using. TeamViewer was just easy. I guess with that ease of use I get compromised security.
My family is willing to pay for VNC software. Any paid alternatives that are as good or better than TeamViewer?
That thing where you are reading about people getting their browser-saved passwords stolen and you have a minute of until you remember they are talking about Windows and you laugh and close Reddit.
LogMeIn to be recommendable. Used to use it quite a bit when there was a free option. Still have clients that use it. They give me login info, I login through the website and have control.
I've not used TeamViewer to express any kind of comparison.
0
BlackHawkBible music connoisseurThere's no place like 127.0.0.1Icrontian
@BobbyDigi said:
LogMeIn to be recommendable. Used to use it quite a bit when there was a free option. Still have clients that use it. They give me login info, I login through the website and have control.
I've not used TeamViewer to express any kind of comparison.
$149/yr for access to only 2 computers is a bit much. I need access to a minimum of 4 and $349/yr for that is laughable.
@BlackHawk said:
Last time I used TightVNC was 10 years ago. Has it evolved since? I don't think I want to worry about what my parent's IP is and what port each computer is using. TeamViewer was just easy. I guess with that ease of use I get compromised security.
My family is willing to pay for VNC software. Any paid alternatives that are as good or better than TeamViewer?
I mean, it's a VNC server. I don't think I have ever really noticed a difference between any of them other than TightVNC is free. Granted there is a little setup to be done with static IP addresses and port forwarding on the network, but that takes all of 5 minutes to configure?
0
BlackHawkBible music connoisseurThere's no place like 127.0.0.1Icrontian
@primesuspect said:
Chrome Remote Desktop not an option? I use it to do shit for my dad; it's free and easy. Works great.
Can I initiate a connection without interaction from the other user? Can I remotely connect to my unattended PC at home?
The reddit thread OP@shwaip linked has lots of alternatives. The nice thing about TeamViewer was not having to mess around with port forwarding, but I guess I will, now.
As far as I can tell, I has no hax. I hope my work laptop wasn't accessed, but I just handed it off to IT to get wiped (unrelated issues), so I'll never know.
I suppose my let Chrome remember all my passwords strategy will have to be re-thought.
@Linc said:
That thing where you are reading about people getting their browser-saved passwords stolen and you have a minute of until you remember they are talking about Windows and you laugh and close Reddit.
Is this not a thing for OS X? I would think it's still a thing.
@Gargoyle said:
Is this not a thing for OS X? I would think it's still a thing.
There is a native Keychain Access app that browsers interact with to store passwords. Requires your system password to retrieve them manually. There's no "dump passwords" access without it.
1
BlackHawkBible music connoisseurThere's no place like 127.0.0.1Icrontian
@BobbyDigi said:
LogMeIn to be recommendable. Used to use it quite a bit when there was a free option. Still have clients that use it. They give me login info, I login through the website and have control.
I've not used TeamViewer to express any kind of comparison.
$149/yr for access to only 2 computers is a bit much. I need access to a minimum of 4 and $349/yr for that is laughable.
I watched some of LogMeIn's YouTube videos and it seems "2 computers" may mean 2 separate users. You can login to as many of your own computers as you want.
Don't quote me on that cause I may be wrong. There's not that many details.
@Gargoyle said:
Is this not a thing for OS X? I would think it's still a thing.
There is a native Keychain Access app that browsers interact with to store passwords. Requires your system password to retrieve them manually. There's no "dump passwords" access without it.
The allegations are that the hackers actually opened up web pages on the clients and used the auto-filled login/pass fields to make purchases, rather than dumping passwords and using them elsewhere.
In Chrome for Windows, there is (finally) also a keychain that asks for your system login to get to the password list.
@Gargoyle said:
Is this not a thing for OS X? I would think it's still a thing.
There is a native Keychain Access app that browsers interact with to store passwords. Requires your system password to retrieve them manually. There's no "dump passwords" access without it.
The allegations are that the hackers actually opened up web pages on the clients and used the auto-filled login/pass fields to make purchases, rather than dumping passwords and using them elsewhere.
In Chrome for Windows, there is (finally) also a keychain that asks for your system login to get to the password list.
LastPass has been a God send for me. You can even enable 2FA for it which I believe is something that Apples Keychain and the Windows equivalent will not do.
@Gargoyle said:
The allegations are that the hackers actually opened up web pages on the clients and used the auto-filled login/pass fields to make purchases, rather than dumping passwords and using them elsewhere.
There is specific discussion in the Reddit thread of the possibility of someone dumping your entire browser saved password list with the access available from this hack. They don't need to stay on your system once you are compromised in this way.
+1 for Chrome Remote Desktop. I use it on the regular to access my PC from my phone and my Chromebook. (I switched away from TeamVeiwer years ago because there was no way to use it on the Chromebook.)
0
KwitkoSheriff of Banning (Retired)By the thing near the stuffIcrontian
Probably a little much for home users, but I used DameWare at my old job. It's $365 per seat, buy you only need 1 seat for infinite PCs, and it's a perpetual license. They do offer yearly maintenance. For enterprise users it's definitely looking into.
Seems like despite the evidence users are stacking up, they're still claiming it is due to password re-use on the part of thousands of individual end users. So basically what they're claiming is that someone else suffered a security breach of a password database but chose to roll the dice on identical username/pass combos and use TeamViewer as a vector. That doesn't pass the sniff test.
That being said, I'm not sure which is a more secure method for unattended access on my main PC; TeamViewer with 2FA, or Chrome Remote Desktop... With Chrome Remote Desktop, can my PC only be accessed by a device logged into Chrome Remote Desktop on my own Google account? If that's the case, I'd consider Chrome Remote Desktop to be as safe as my Google account, and if someone has access to my Google account, they pretty much have everything.
0
BlackHawkBible music connoisseurThere's no place like 127.0.0.1Icrontian
@GHoosdum said:
That being said, I'm not sure which is a more secure method for unattended access on my main PC; TeamViewer with 2FA, or Chrome Remote Desktop... With Chrome Remote Desktop, can my PC only be accessed by a device logged into Chrome Remote Desktop on my own Google account? If that's the case, I'd consider Chrome Remote Desktop to be as safe as my Google account, and if someone has access to my Google account, they pretty much have everything.
I've read of people having their TeamViewer breached even with 2FA enabled. If true, TeamViewer must have some crappy 2FA tech. I'm personally gonna read up more on Chrome Remote Desktop.
I started using Chrome remote desktop mostly because I could use it from school pcs as all you need is chrome to do it. they use 6 digit pin to authenticate you for each session. plus I mean you have to log in so you'd need the Google password, the 2fa, and the pin to get access. plus the email you get sent saying you logged into something recently.
the downside, it's kind of slow, but that may have just been me with my 1mb up trying to push a 4k resolution.
@Linc said:
There is specific discussion in the Reddit thread of the possibility of someone dumping your entire browser saved password list with the access available from this hack. They don't need to stay on your system once you are compromised in this way.
OK. Didn't see that, and not sure how that would be possible. I wonder if that's a hypothetical scenario like some others I've seen in that thread. E.g. now you can't trust your router, better get a new HD, burn your computer in an open field under a full moon, etc.
@Linc said:
There is specific discussion in the Reddit thread of the possibility of someone dumping your entire browser saved password list with the access available from this hack. They don't need to stay on your system once you are compromised in this way.
OK. Didn't see that, and not sure how that would be possible. I wonder if that's a hypothetical scenario like some others I've seen in that thread. E.g. now you can't trust your router, better get a new HD, burn your computer in an open field under a full moon, etc.
It's pretty easy; just remote desktop into your computer with TeamViewer and follow these helpful instructions from Google Chrome Help.
The procedure for Firefox is pretty similar.
@Linc said:
There is specific discussion in the Reddit thread of the possibility of someone dumping your entire browser saved password list with the access available from this hack. They don't need to stay on your system once you are compromised in this way.
OK. Didn't see that, and not sure how that would be possible. I wonder if that's a hypothetical scenario like some others I've seen in that thread. E.g. now you can't trust your router, better get a new HD, burn your computer in an open field under a full moon, etc.
It's pretty easy; just remote desktop into your computer with TeamViewer and follow these helpful instructions from Google Chrome Help.
The procedure for Firefox is pretty similar.
So on my MacPro at work, I was trying to log into an Asus router I brought in from home, and I knew I saved the username and password in chrome when it was set up at my house, but I couldn't remember it off hand. When I went into chrome on my Mac and went to view the password saved for that router, the Mac asked for my account password, as in the one for the Mac itself. Is that not the case for windows or does anyone know how to enable that so when you go to view a password in chrome, you need the PC/Mac user account to authenticate the request? Seems like a pretty easy way to prevent what seems to have happened here.
@drasnor said:
It's pretty easy; just remote desktop into your computer with TeamViewer and follow these helpful instructions from Google Chrome Help.
The procedure for Firefox is pretty similar.
Right, but that's different than dumping them all at once, and it still requires a system login. Hackers were actually opening Amazon/Paypal/etc. pages on the victim's computer because then the passwords would be auto-filled on the pages (not visible, but usable), and wouldn't require the system password.
@Sonorous said:
So on my MacPro at work, I was trying to log into an Asus router I brought in from home, and I knew I saved the username and password in chrome when it was set up at my house, but I couldn't remember it off hand. When I went into chrome on my Mac and went to view the password saved for that router, the Mac asked for my account password, as in the one for the Mac itself. Is that not the case for windows or does anyone know how to enable that so when you go to view a password in chrome, you need the PC/Mac user account to authenticate the request? Seems like a pretty easy way to prevent what seems to have happened here.
This is the same on Mac and PC. Most of the behavior is defined by Chrome. The part where it asks you for your system password when you try to view the list is provided by the OS, but is available in both Windows and OSX (and most Linux DEs).
shwaip
bluffin' with my muffin Icrontian
Comments
Yikes.
I was using my computer when someone connected but was able to close TeamViewer within 10 seconds. My Mom's PC was also accessed. Not PayPal transfers or Amazon purchases though. They also installed apps on breached computers to get passwords from Chrome and IE. Luckily I had Dashlane and my browser doesn't store the passwords. I need an alternative to TeamViewer but it's so critical to my family. I need ease of use.
I use TightVNC and the VNC viewer for chrome. If you want, I can allow you temporary access to my HTPC to verify TightVNC does what you would like it to do. Just send me a PM if you want to try it out sometime long distance.
Last time I used TightVNC was 10 years ago. Has it evolved since? I don't think I want to worry about what my parent's IP is and what port each computer is using. TeamViewer was just easy. I guess with that ease of use I get compromised security.
My family is willing to pay for VNC software. Any paid alternatives that are as good or better than TeamViewer?
Glad I removed it when win10 came out.
It wasn't letting my systems stay in sleep mode.
That thing where you are reading about people getting their browser-saved passwords stolen and you have a minute of
until you remember they are talking about Windows and you laugh and close Reddit.
LogMeIn to be recommendable. Used to use it quite a bit when there was a free option. Still have clients that use it. They give me login info, I login through the website and have control.
I've not used TeamViewer to express any kind of comparison.
$149/yr for access to only 2 computers is a bit much. I need access to a minimum of 4 and $349/yr for that is laughable.
Especially since TeamViewer just introduced its infinite access plan.
I hadn't looked at the pricing. Probably why we got away from using it at work.
Chrome Remote Desktop not an option? I use it to do shit for my dad; it's free and easy. Works great.
I mean, it's a VNC server. I don't think I have ever really noticed a difference between any of them other than TightVNC is free. Granted there is a little setup to be done with static IP addresses and port forwarding on the network, but that takes all of 5 minutes to configure?
Can I initiate a connection without interaction from the other user? Can I remotely connect to my unattended PC at home?
The reddit thread OP @shwaip linked has lots of alternatives. The nice thing about TeamViewer was not having to mess around with port forwarding, but I guess I will, now.
As far as I can tell, I has no hax. I hope my work laptop wasn't accessed, but I just handed it off to IT to get wiped (unrelated issues), so I'll never know.
I suppose my let Chrome remember all my passwords strategy will have to be re-thought.
Is this not a thing for OS X? I would think it's still a thing.
Yes
There is a native Keychain Access app that browsers interact with to store passwords. Requires your system password to retrieve them manually. There's no "dump passwords" access without it.
I watched some of LogMeIn's YouTube videos and it seems "2 computers" may mean 2 separate users. You can login to as many of your own computers as you want.
Don't quote me on that cause I may be wrong. There's not that many details.
The allegations are that the hackers actually opened up web pages on the clients and used the auto-filled login/pass fields to make purchases, rather than dumping passwords and using them elsewhere.
In Chrome for Windows, there is (finally) also a keychain that asks for your system login to get to the password list.
LastPass has been a God send for me. You can even enable 2FA for it which I believe is something that Apples Keychain and the Windows equivalent will not do.
There is specific discussion in the Reddit thread of the possibility of someone dumping your entire browser saved password list with the access available from this hack. They don't need to stay on your system once you are compromised in this way.
+1 for Chrome Remote Desktop. I use it on the regular to access my PC from my phone and my Chromebook. (I switched away from TeamVeiwer years ago because there was no way to use it on the Chromebook.)
Probably a little much for home users, but I used DameWare at my old job. It's $365 per seat, buy you only need 1 seat for infinite PCs, and it's a perpetual license. They do offer yearly maintenance. For enterprise users it's definitely looking into.
When I uninstalled TeamViewer, I filled out their uninstallation survey citing security concerns. They replied quickly with a canned statement:
http://www.teamviewer.com/en/company/press/statement-on-potential-teamviewer-hackers/
Seems like despite the evidence users are stacking up, they're still claiming it is due to password re-use on the part of thousands of individual end users. So basically what they're claiming is that someone else suffered a security breach of a password database but chose to roll the dice on identical username/pass combos and use TeamViewer as a vector. That doesn't pass the sniff test.
That being said, I'm not sure which is a more secure method for unattended access on my main PC; TeamViewer with 2FA, or Chrome Remote Desktop... With Chrome Remote Desktop, can my PC only be accessed by a device logged into Chrome Remote Desktop on my own Google account? If that's the case, I'd consider Chrome Remote Desktop to be as safe as my Google account, and if someone has access to my Google account, they pretty much have everything.
I've read of people having their TeamViewer breached even with 2FA enabled. If true, TeamViewer must have some crappy 2FA tech. I'm personally gonna read up more on Chrome Remote Desktop.
I started using Chrome remote desktop mostly because I could use it from school pcs as all you need is chrome to do it. they use 6 digit pin to authenticate you for each session. plus I mean you have to log in so you'd need the Google password, the 2fa, and the pin to get access. plus the email you get sent saying you logged into something recently.
the downside, it's kind of slow, but that may have just been me with my 1mb up trying to push a 4k resolution.
OK. Didn't see that, and not sure how that would be possible. I wonder if that's a hypothetical scenario like some others I've seen in that thread. E.g. now you can't trust your router, better get a new HD, burn your computer in an open field under a full moon, etc.
It's pretty easy; just remote desktop into your computer with TeamViewer and follow these helpful instructions from Google Chrome Help.
The procedure for Firefox is pretty similar.
So on my MacPro at work, I was trying to log into an Asus router I brought in from home, and I knew I saved the username and password in chrome when it was set up at my house, but I couldn't remember it off hand. When I went into chrome on my Mac and went to view the password saved for that router, the Mac asked for my account password, as in the one for the Mac itself. Is that not the case for windows or does anyone know how to enable that so when you go to view a password in chrome, you need the PC/Mac user account to authenticate the request? Seems like a pretty easy way to prevent what seems to have happened here.
Right, but that's different than dumping them all at once, and it still requires a system login. Hackers were actually opening Amazon/Paypal/etc. pages on the victim's computer because then the passwords would be auto-filled on the pages (not visible, but usable), and wouldn't require the system password.
This is the same on Mac and PC. Most of the behavior is defined by Chrome. The part where it asks you for your system password when you try to view the list is provided by the OS, but is available in both Windows and OSX (and most Linux DEs).
The thread reported an exe (webbrowserpassview.exe) that had the ability to dump your passwords. I assume that's what @Linc was referencing.