This issue is not getting enough attention, please spread it.
Users are reporting breaches, and thousands of dollars have been stolen with the client, all over /r/teamviewer and at their support Twitter account. TV is blaming users with reusing passwords, yet users with 2FA and unique very long generated passwords were hacked.
Some also suggest that their DNS servers were hijacked and the clients believed the fake server, being the method of the attack.
One of the main problems are that they are not taking responsibility: (quoted from /u/rich-uk)
Teamviewer is being used as a vector of attack. This has happened on other sites where they had no critical information and within 48 hours everyone's logged in sessions were logged out, an email went round saying you had to click the link in the email (to verify ownership) and set up two factor auth as they knew they were being targeted. Teamviewer must know they are being targeted, and the stakes are high as the software allows complete access to a trusted machine - it's basically a master key - and there hasn't been a single response with teeth from teamviewer.
A few links:
Their official statement blaming user's passwords - archive.is snapshot
Their support Twitter account with user interactions - [Mirror of some] [canned replies] [in case they take them down]
The /r/teamviewer megathread
The Register article on the issue - They are getting canned replies too.
Inquisitr article on the issue
Alternatives:
LogMeIn - Now non-free, and had a bad reputation since "Microsoft Support" phone scammers used it.
Chrome Remote Desktop - You may be not able to control remotely if the user is not logged in (for unattended access).
RealVNC - Free only for non-commercial use
TightVNC - Free for any use, open source
UltraVNC - uvnc.com is their site, ultravnc.com seems to be redirecting to RealVNC - domain squatting?
Remote Desktop Connection - Built-in, only for Windows, third party clients available
by Executioner1337 http://ift.tt/1TLtHy5
No comments:
Post a Comment