Official Everybody Edits Forums

Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?

You are not logged in.

#1 2016-06-02 21:24:22, last edited by Tomahawk (2016-07-08 15:10:22)

Tomahawk
Forum Mod
From: UK
Joined: 2015-02-18
Posts: 2,847

Teamviewer warning

So this happened yesterday:

TeamViewer denies hack after PCs hijacked, PayPal accounts drained

Maybe there was a security breach, maybe there wasn't, but either way you should:

- Stop teamviewer from starting automatically when you boot by going to Extras > Options > General and unchecking the "Start TeamViewer with Windows" checkbox,
- Quit teamviewer whenever you go afk for any decent length of time. Be aware that if you have the "Close to trey menu" checkbox checked in the "Advanced" tab of the settings, closing the application won't actually close teamviewer.

You might not have any sensitive information worth taking, but remote access can also be used to install ransomware/keyloggers etc.


EDIT:
While I'm at it, I've noticed that pretty much all people I connect to on Teamviewer haven't bothered to edit the permissions given to incoming connections. I think these default to "Full Access", allowing the connected user to do things like lock your keyboard and mouse.

My recommended settings:

Go to Extras > Options > Advanced. In the "Advanced settings for connections to this computer" section, change "Access Control" in the drop-down list to "Custom settings". Just below that, click "Configure..." and set the following settings:

- Connect and view my screen:                          Allowed
- Control this computer:                                    After Confirmation
- Transfer files:                                                After Confirmation (this allows the person to freely view the files on your PC, and transfer files both ways, or filebox you stuff without establishing a remote connection)
- Establish a VPN connection to this computer:    After Confirmation
- Lock the local keyboard and mouse:                Denied
- Control the local Teamviewer:                         Denied (you don't want anyone to change these settings)
- File transfer using the file box:                        Allowed
- Print on remote printer:                                  Denied
- Change sides allowed:                                    Allowed


One bot to rule them all, one bot to find them. One bot to bring them all... and with this cliché blind them.

Offline

Wooted by: (4)

#2 2016-06-02 21:49:07

Kikikan
Member
From: Hungary
Joined: 2015-08-10
Posts: 204

Re: Teamviewer warning

Thanks for alerting the community Tomahawk!

Offline

#3 2016-06-02 21:52:01

Vitalijus
Member
From: Lithuania
Joined: 2015-02-15
Posts: 1,384
Website

Re: Teamviewer warning

The best solution is not to use TeamViewer it's so obvious and unsafe that if you are in teamviewer without your friend something bad will probably happen.


wn7I7Oa.png

Offline

#4 2016-06-02 22:02:22

Tomahawk
Forum Mod
From: UK
Joined: 2015-02-18
Posts: 2,847

Re: Teamviewer warning

Vitalijus wrote:

The best solution is not to use TeamViewer it's so obvious and unsafe that if you are in teamviewer without your friend something bad will probably happen.

I'm assuming that if someone tries to connect and screw around while you're at the computer, you'll end it and blacklist them. At any other time, teamviewer would be off.


One bot to rule them all, one bot to find them. One bot to bring them all... and with this cliché blind them.

Offline

#5 2016-06-02 22:07:01

Zumza
Member
From: root
Joined: 2015-02-17
Posts: 4,656

Re: Teamviewer warning

I didn't really understood how many people were affected by whatever happened.


Everybody edits, but some edit more than others

Offline

#6 2016-06-02 22:08:07

mrjawapa
Corn Man 🌽
From: Ohio, USA
Joined: 2015-02-15
Posts: 5,840
Website

Re: Teamviewer warning

Don't you need to give someone a code, or send them an invite, before they can control your computer?


Discord: jawp#5123

Offline

#7 2016-06-02 22:24:00, last edited by Tomahawk (2016-06-02 22:26:45)

Tomahawk
Forum Mod
From: UK
Joined: 2015-02-18
Posts: 2,847

Re: Teamviewer warning

JaWapa wrote:

Don't you need to give someone a code, or send them an invite, before they can control your computer?

If you have a user's ID and current password, you can connect instantly and they receive no confirmation request or popup in which they can deny the incoming connection. This allows you to go into either remote control or file transfer.


One bot to rule them all, one bot to find them. One bot to bring them all... and with this cliché blind them.

Offline

#8 2016-06-02 23:00:06

XxAtillaxX
Member
Joined: 2015-11-28
Posts: 4,202

Re: Teamviewer warning

There wasn't a security breach.

I've looked at their source code and looked at the way they handle authentication.
It's virtually impossible to establish a connection with their current security policies.

Vitalijus wrote:

The best solution is not to use TeamViewer it's so obvious and unsafe that if you are in teamviewer without your friend something bad will probably happen.

You're more likely to get your house broken into and your electronics stolen than be compromised by TeamViewer.
I suppose you shouldn't live in a house then?

Zumza wrote:

I didn't really understood how many people were affected by whatever happened.

There are 20+ million devices running TeamViewer at any given moment.
It's a matter of statistics.


signature.png
*u stinky*

Offline

Wooted by: (4)

#9 2016-06-02 23:06:57

den3107
Member
From: Netherlands
Joined: 2015-04-24
Posts: 1,025

Re: Teamviewer warning

The reason why so many people were breached is because a lot of people let teamviewer start up upon system boot, that way they can access their pc remotely while at work/on school/at a friend. Obviously when teamviewer is on and the passwords are hacked, people can use it for other purposes too.

Offline

#10 2016-06-03 01:13:26

mrjawapa
Corn Man 🌽
From: Ohio, USA
Joined: 2015-02-15
Posts: 5,840
Website

Re: Teamviewer warning

Atilla's post is enough for me to say **** on all of this.


Discord: jawp#5123

Offline

#11 2016-06-07 17:53:58

John
Member
Joined: 2019-01-11
Posts: 2,011

Re: Teamviewer warning

I prefer LogMeIn, it seems more secure.


PW?scale=2

Offline

#12 2016-06-07 17:56:54, last edited by drunkbnu (2016-06-07 17:57:39)

drunkbnu
Formerly HG
Joined: 2017-08-16
Posts: 2,306

Re: Teamviewer warning

I'd use SSH. Of course, don't allow the user to access as root on the machine.

Offline

#13 2016-06-07 19:54:20

capasha
Member
Joined: 2015-02-21
Posts: 4,066

Re: Teamviewer warning

HG wrote:

I'd use SSH. Of course, don't allow the user to access as root on the machine.

How do I disable root? I have no idea how to do this.

Offline

#14 2016-06-07 19:58:26

hummerz5
Member
From: wait I'm not a secret mod huh
Joined: 2015-08-10
Posts: 5,853

Re: Teamviewer warning

capasha wrote:
HG wrote:

I'd use SSH. Of course, don't allow the user to access as root on the machine.

How do I disable root? I have no idea how to do this.

format the hdd

Offline

#15 2016-06-13 18:24:41

drunkbnu
Formerly HG
Joined: 2017-08-16
Posts: 2,306

Re: Teamviewer warning

hummerz5 wrote:
capasha wrote:
HG wrote:

I'd use SSH. Of course, don't allow the user to access as root on the machine.

How do I disable root? I have no idea how to do this.

format the hdd

Make sure the root account doesn't have a password, or just set one impossible to guess or know. Then, create a new user with a password different from your main account, so that the person that will use SSH will connect to that account, unless he/she knows your main account username and password. Then, you can give him read-only, access to your important files, while letting them use their account for special things, without in any way damaging your computer.

Offline

drunkbnu1465838681606378

Board footer

Powered by FluxBB

[ Started around 1732746288.3882 - Generated in 0.068 seconds, 12 queries executed - Memory usage: 1.63 MiB (Peak: 1.82 MiB) ]