«1

Comments

  • KarmaKarma Likes yoga Icrontian

    Yikes.

  • BlackHawkBlackHawk Bible music connoisseur There's no place like 127.0.0.1 Icrontian

    I was using my computer when someone connected but was able to close TeamViewer within 10 seconds. My Mom's PC was also accessed. Not PayPal transfers or Amazon purchases though. They also installed apps on breached computers to get passwords from Chrome and IE. Luckily I had Dashlane and my browser doesn't store the passwords. I need an alternative to TeamViewer but it's so critical to my family. I need ease of use.

  • SonorousSonorous F@H Fanatic US Icrontian

    @BlackHawk said:
    I was using my computer when someone connected but was able to close TeamViewer within 10 seconds. My Mom's PC was also accessed. Not PayPal transfers or Amazon purchases though. They also installed apps on breached computers to get passwords from Chrome and IE. Luckily I had Dashlane and my browser doesn't store the passwords. I need an alternative to TeamViewer but it's so critical to my family. I need ease of use.

    I use TightVNC and the VNC viewer for chrome. If you want, I can allow you temporary access to my HTPC to verify TightVNC does what you would like it to do. Just send me a PM if you want to try it out sometime long distance.

  • BlackHawkBlackHawk Bible music connoisseur There's no place like 127.0.0.1 Icrontian

    @Sonorous said:

    @BlackHawk said:
    I was using my computer when someone connected but was able to close TeamViewer within 10 seconds. My Mom's PC was also accessed. Not PayPal transfers or Amazon purchases though. They also installed apps on breached computers to get passwords from Chrome and IE. Luckily I had Dashlane and my browser doesn't store the passwords. I need an alternative to TeamViewer but it's so critical to my family. I need ease of use.

    I use TightVNC and the VNC viewer for chrome. If you want, I can allow you temporary access to my HTPC to verify TightVNC does what you would like it to do. Just send me a PM if you want to try it out sometime long distance.

    Last time I used TightVNC was 10 years ago. Has it evolved since? I don't think I want to worry about what my parent's IP is and what port each computer is using. TeamViewer was just easy. I guess with that ease of use I get compromised security.

    My family is willing to pay for VNC software. Any paid alternatives that are as good or better than TeamViewer?

  • ThraxThrax 🐌 Austin, TX Icrontian

    Glad I removed it when win10 came out. :( It wasn't letting my systems stay in sleep mode.

  • LincLinc Owner Detroit Icrontian
    edited June 2016

    That thing where you are reading about people getting their browser-saved passwords stolen and you have a minute of :horrified: until you remember they are talking about Windows and you laugh and close Reddit.

  • BobbyDigiBobbyDigi ? R U #Hats ! TX Icrontian

    LogMeIn to be recommendable. Used to use it quite a bit when there was a free option. Still have clients that use it. They give me login info, I login through the website and have control.

    I've not used TeamViewer to express any kind of comparison.

    -Digi

  • BlackHawkBlackHawk Bible music connoisseur There's no place like 127.0.0.1 Icrontian

    @BobbyDigi said:
    LogMeIn to be recommendable. Used to use it quite a bit when there was a free option. Still have clients that use it. They give me login info, I login through the website and have control.

    I've not used TeamViewer to express any kind of comparison.

    -Digi

    $149/yr for access to only 2 computers is a bit much. I need access to a minimum of 4 and $349/yr for that is laughable.

  • LincLinc Owner Detroit Icrontian
    edited June 2016

    @BlackHawk said:
    I need access to a minimum of 4 and $349/yr for that is laughable.

    Especially since TeamViewer just introduced its infinite access plan.

    Strikes
  • BobbyDigiBobbyDigi ? R U #Hats ! TX Icrontian
    edited June 2016

    I hadn't looked at the pricing. Probably why we got away from using it at work.

    @Linc said:
    Especially since TeamViewer just introduced its infinite access plan.

    ;D

    -Digi

  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian

    Chrome Remote Desktop not an option? I use it to do shit for my dad; it's free and easy. Works great.

  • SonorousSonorous F@H Fanatic US Icrontian

    @BlackHawk said:
    Last time I used TightVNC was 10 years ago. Has it evolved since? I don't think I want to worry about what my parent's IP is and what port each computer is using. TeamViewer was just easy. I guess with that ease of use I get compromised security.

    My family is willing to pay for VNC software. Any paid alternatives that are as good or better than TeamViewer?

    I mean, it's a VNC server. I don't think I have ever really noticed a difference between any of them other than TightVNC is free. Granted there is a little setup to be done with static IP addresses and port forwarding on the network, but that takes all of 5 minutes to configure?

  • BlackHawkBlackHawk Bible music connoisseur There's no place like 127.0.0.1 Icrontian

    @primesuspect said:
    Chrome Remote Desktop not an option? I use it to do shit for my dad; it's free and easy. Works great.

    Can I initiate a connection without interaction from the other user? Can I remotely connect to my unattended PC at home?

  • GargGarg Purveyor of Lincoln Nightmares Icrontian

    The reddit thread OP @shwaip linked has lots of alternatives. The nice thing about TeamViewer was not having to mess around with port forwarding, but I guess I will, now.

    As far as I can tell, I has no hax. I hope my work laptop wasn't accessed, but I just handed it off to IT to get wiped (unrelated issues), so I'll never know.

    I suppose my let Chrome remember all my passwords strategy will have to be re-thought.

    @Linc said:
    That thing where you are reading about people getting their browser-saved passwords stolen and you have a minute of :horrified: until you remember they are talking about Windows and you laugh and close Reddit.

    Is this not a thing for OS X? I would think it's still a thing.

  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian

    @BlackHawk said:

    @primesuspect said:
    Chrome Remote Desktop not an option? I use it to do shit for my dad; it's free and easy. Works great.

    Can I initiate a connection without interaction from the other user? Can I remotely connect to my unattended PC at home?

    Yes

  • LincLinc Owner Detroit Icrontian

    @Gargoyle said:
    Is this not a thing for OS X? I would think it's still a thing.

    There is a native Keychain Access app that browsers interact with to store passwords. Requires your system password to retrieve them manually. There's no "dump passwords" access without it.

    Sonorous
  • BlackHawkBlackHawk Bible music connoisseur There's no place like 127.0.0.1 Icrontian

    @BlackHawk said:

    @BobbyDigi said:
    LogMeIn to be recommendable. Used to use it quite a bit when there was a free option. Still have clients that use it. They give me login info, I login through the website and have control.

    I've not used TeamViewer to express any kind of comparison.

    -Digi

    $149/yr for access to only 2 computers is a bit much. I need access to a minimum of 4 and $349/yr for that is laughable.

    I watched some of LogMeIn's YouTube videos and it seems "2 computers" may mean 2 separate users. You can login to as many of your own computers as you want.

    Don't quote me on that cause I may be wrong. There's not that many details.

  • GargGarg Purveyor of Lincoln Nightmares Icrontian

    @Linc said:

    @Gargoyle said:
    Is this not a thing for OS X? I would think it's still a thing.

    There is a native Keychain Access app that browsers interact with to store passwords. Requires your system password to retrieve them manually. There's no "dump passwords" access without it.

    The allegations are that the hackers actually opened up web pages on the clients and used the auto-filled login/pass fields to make purchases, rather than dumping passwords and using them elsewhere.

    In Chrome for Windows, there is (finally) also a keychain that asks for your system login to get to the password list.

  • SonorousSonorous F@H Fanatic US Icrontian

    @Gargoyle said:

    @Linc said:

    @Gargoyle said:
    Is this not a thing for OS X? I would think it's still a thing.

    There is a native Keychain Access app that browsers interact with to store passwords. Requires your system password to retrieve them manually. There's no "dump passwords" access without it.

    The allegations are that the hackers actually opened up web pages on the clients and used the auto-filled login/pass fields to make purchases, rather than dumping passwords and using them elsewhere.

    In Chrome for Windows, there is (finally) also a keychain that asks for your system login to get to the password list.

    LastPass has been a God send for me. You can even enable 2FA for it which I believe is something that Apples Keychain and the Windows equivalent will not do.

  • LincLinc Owner Detroit Icrontian

    @Gargoyle said:
    The allegations are that the hackers actually opened up web pages on the clients and used the auto-filled login/pass fields to make purchases, rather than dumping passwords and using them elsewhere.

    There is specific discussion in the Reddit thread of the possibility of someone dumping your entire browser saved password list with the access available from this hack. They don't need to stay on your system once you are compromised in this way.

  • CBCB Ƹ̵̡Ӝ̵̨̄Ʒ Der Millionendorf- Icrontian

    +1 for Chrome Remote Desktop. I use it on the regular to access my PC from my phone and my Chromebook. (I switched away from TeamVeiwer years ago because there was no way to use it on the Chromebook.)

  • KwitkoKwitko Sheriff of Banning (Retired) By the thing near the stuff Icrontian

    Probably a little much for home users, but I used DameWare at my old job. It's $365 per seat, buy you only need 1 seat for infinite PCs, and it's a perpetual license. They do offer yearly maintenance. For enterprise users it's definitely looking into.

  • GHoosdumGHoosdum Icrontian
    edited June 2016

    When I uninstalled TeamViewer, I filled out their uninstallation survey citing security concerns. They replied quickly with a canned statement:
    http://www.teamviewer.com/en/company/press/statement-on-potential-teamviewer-hackers/

    Seems like despite the evidence users are stacking up, they're still claiming it is due to password re-use on the part of thousands of individual end users. So basically what they're claiming is that someone else suffered a security breach of a password database but chose to roll the dice on identical username/pass combos and use TeamViewer as a vector. That doesn't pass the sniff test.

    That being said, I'm not sure which is a more secure method for unattended access on my main PC; TeamViewer with 2FA, or Chrome Remote Desktop... With Chrome Remote Desktop, can my PC only be accessed by a device logged into Chrome Remote Desktop on my own Google account? If that's the case, I'd consider Chrome Remote Desktop to be as safe as my Google account, and if someone has access to my Google account, they pretty much have everything.

  • BlackHawkBlackHawk Bible music connoisseur There's no place like 127.0.0.1 Icrontian

    @GHoosdum said:
    That being said, I'm not sure which is a more secure method for unattended access on my main PC; TeamViewer with 2FA, or Chrome Remote Desktop... With Chrome Remote Desktop, can my PC only be accessed by a device logged into Chrome Remote Desktop on my own Google account? If that's the case, I'd consider Chrome Remote Desktop to be as safe as my Google account, and if someone has access to my Google account, they pretty much have everything.

    I've read of people having their TeamViewer breached even with 2FA enabled. If true, TeamViewer must have some crappy 2FA tech. I'm personally gonna read up more on Chrome Remote Desktop.

  • KarmaKarma Likes yoga Icrontian

    I started using Chrome remote desktop mostly because I could use it from school pcs as all you need is chrome to do it. they use 6 digit pin to authenticate you for each session. plus I mean you have to log in so you'd need the Google password, the 2fa, and the pin to get access. plus the email you get sent saying you logged into something recently.

    the downside, it's kind of slow, but that may have just been me with my 1mb up trying to push a 4k resolution.

  • GargGarg Purveyor of Lincoln Nightmares Icrontian

    @Linc said:
    There is specific discussion in the Reddit thread of the possibility of someone dumping your entire browser saved password list with the access available from this hack. They don't need to stay on your system once you are compromised in this way.

    OK. Didn't see that, and not sure how that would be possible. I wonder if that's a hypothetical scenario like some others I've seen in that thread. E.g. now you can't trust your router, better get a new HD, burn your computer in an open field under a full moon, etc.

  • drasnordrasnor Starship Operator Hawthorne, CA Icrontian

    @Gargoyle said:

    @Linc said:
    There is specific discussion in the Reddit thread of the possibility of someone dumping your entire browser saved password list with the access available from this hack. They don't need to stay on your system once you are compromised in this way.

    OK. Didn't see that, and not sure how that would be possible. I wonder if that's a hypothetical scenario like some others I've seen in that thread. E.g. now you can't trust your router, better get a new HD, burn your computer in an open field under a full moon, etc.

    It's pretty easy; just remote desktop into your computer with TeamViewer and follow these helpful instructions from Google Chrome Help.

    The procedure for Firefox is pretty similar.

  • SonorousSonorous F@H Fanatic US Icrontian
    edited June 2016

    @drasnor said:

    @Gargoyle said:

    @Linc said:
    There is specific discussion in the Reddit thread of the possibility of someone dumping your entire browser saved password list with the access available from this hack. They don't need to stay on your system once you are compromised in this way.

    OK. Didn't see that, and not sure how that would be possible. I wonder if that's a hypothetical scenario like some others I've seen in that thread. E.g. now you can't trust your router, better get a new HD, burn your computer in an open field under a full moon, etc.

    It's pretty easy; just remote desktop into your computer with TeamViewer and follow these helpful instructions from Google Chrome Help.

    The procedure for Firefox is pretty similar.

    So on my MacPro at work, I was trying to log into an Asus router I brought in from home, and I knew I saved the username and password in chrome when it was set up at my house, but I couldn't remember it off hand. When I went into chrome on my Mac and went to view the password saved for that router, the Mac asked for my account password, as in the one for the Mac itself. Is that not the case for windows or does anyone know how to enable that so when you go to view a password in chrome, you need the PC/Mac user account to authenticate the request? Seems like a pretty easy way to prevent what seems to have happened here.

  • GargGarg Purveyor of Lincoln Nightmares Icrontian
    edited June 2016

    @drasnor said:
    It's pretty easy; just remote desktop into your computer with TeamViewer and follow these helpful instructions from Google Chrome Help.
    The procedure for Firefox is pretty similar.

    Right, but that's different than dumping them all at once, and it still requires a system login. Hackers were actually opening Amazon/Paypal/etc. pages on the victim's computer because then the passwords would be auto-filled on the pages (not visible, but usable), and wouldn't require the system password.

    @Sonorous said:
    So on my MacPro at work, I was trying to log into an Asus router I brought in from home, and I knew I saved the username and password in chrome when it was set up at my house, but I couldn't remember it off hand. When I went into chrome on my Mac and went to view the password saved for that router, the Mac asked for my account password, as in the one for the Mac itself. Is that not the case for windows or does anyone know how to enable that so when you go to view a password in chrome, you need the PC/Mac user account to authenticate the request? Seems like a pretty easy way to prevent what seems to have happened here.

    This is the same on Mac and PC. Most of the behavior is defined by Chrome. The part where it asks you for your system password when you try to view the list is provided by the OS, but is available in both Windows and OSX (and most Linux DEs).

  • SnarkasmSnarkasm Madison, WI Icrontian
    edited June 2016

    The thread reported an exe (webbrowserpassview.exe) that had the ability to dump your passwords. I assume that's what @Linc was referencing.

Sign In or Register to comment.