Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?
You are not logged in.
Pages: 1
So this happened yesterday:
TeamViewer denies hack after PCs hijacked, PayPal accounts drained
Maybe there was a security breach, maybe there wasn't, but either way you should:
- Stop teamviewer from starting automatically when you boot by going to Extras > Options > General and unchecking the "Start TeamViewer with Windows" checkbox,
- Quit teamviewer whenever you go afk for any decent length of time. Be aware that if you have the "Close to trey menu" checkbox checked in the "Advanced" tab of the settings, closing the application won't actually close teamviewer.
You might not have any sensitive information worth taking, but remote access can also be used to install ransomware/keyloggers etc.
EDIT:
While I'm at it, I've noticed that pretty much all people I connect to on Teamviewer haven't bothered to edit the permissions given to incoming connections. I think these default to "Full Access", allowing the connected user to do things like lock your keyboard and mouse.
My recommended settings:
Go to Extras > Options > Advanced. In the "Advanced settings for connections to this computer" section, change "Access Control" in the drop-down list to "Custom settings". Just below that, click "Configure..." and set the following settings:
- Connect and view my screen: Allowed
- Control this computer: After Confirmation
- Transfer files: After Confirmation (this allows the person to freely view the files on your PC, and transfer files both ways, or filebox you stuff without establishing a remote connection)
- Establish a VPN connection to this computer: After Confirmation
- Lock the local keyboard and mouse: Denied
- Control the local Teamviewer: Denied (you don't want anyone to change these settings)
- File transfer using the file box: Allowed
- Print on remote printer: Denied
- Change sides allowed: Allowed
One bot to rule them all, one bot to find them. One bot to bring them all... and with this cliché blind them.
Offline
Thanks for alerting the community Tomahawk!
Offline
The best solution is not to use TeamViewer it's so obvious and unsafe that if you are in teamviewer without your friend something bad will probably happen.
I'm assuming that if someone tries to connect and screw around while you're at the computer, you'll end it and blacklist them. At any other time, teamviewer would be off.
One bot to rule them all, one bot to find them. One bot to bring them all... and with this cliché blind them.
Offline
I didn't really understood how many people were affected by whatever happened.
Everybody edits, but some edit more than others
Offline
Don't you need to give someone a code, or send them an invite, before they can control your computer?
If you have a user's ID and current password, you can connect instantly and they receive no confirmation request or popup in which they can deny the incoming connection. This allows you to go into either remote control or file transfer.
One bot to rule them all, one bot to find them. One bot to bring them all... and with this cliché blind them.
Offline
There wasn't a security breach.
I've looked at their source code and looked at the way they handle authentication.
It's virtually impossible to establish a connection with their current security policies.
The best solution is not to use TeamViewer it's so obvious and unsafe that if you are in teamviewer without your friend something bad will probably happen.
You're more likely to get your house broken into and your electronics stolen than be compromised by TeamViewer.
I suppose you shouldn't live in a house then?
I didn't really understood how many people were affected by whatever happened.
There are 20+ million devices running TeamViewer at any given moment.
It's a matter of statistics.
*u stinky*
Offline
The reason why so many people were breached is because a lot of people let teamviewer start up upon system boot, that way they can access their pc remotely while at work/on school/at a friend. Obviously when teamviewer is on and the passwords are hacked, people can use it for other purposes too.
Offline
I prefer LogMeIn, it seems more secure.
Offline
I'd use SSH. Of course, don't allow the user to access as root on the machine.
Offline
I'd use SSH. Of course, don't allow the user to access as root on the machine.
How do I disable root? I have no idea how to do this.
Offline
Offline
capasha wrote:HG wrote:I'd use SSH. Of course, don't allow the user to access as root on the machine.
How do I disable root? I have no idea how to do this.
format the hdd
Make sure the root account doesn't have a password, or just set one impossible to guess or know. Then, create a new user with a password different from your main account, so that the person that will use SSH will connect to that account, unless he/she knows your main account username and password. Then, you can give him read-only, access to your important files, while letting them use their account for special things, without in any way damaging your computer.
Offline
Pages: 1
[ Started around 1732426798.696 - Generated in 0.072 seconds, 12 queries executed - Memory usage: 1.63 MiB (Peak: 1.82 MiB) ]