Taking control of ones machine

From: Steven Bonici (sbonici@groupea.com)
Date: 12/20/01 

From: Steven Bonici <sbonici@groupea.com>
To: "'focus-ms@securityfocus.com'" <focus-ms@securityfocus.com>
Date: Thu, 20 Dec 2001 15:24:59 -0500

You have to forgive me with the following questions, as I am not sure if
this is the right group.

We have been asked by one of our software vendors to allow them to use WebEx
to take control of one of our servers. They explained to me that all I need
to do is to install a "plug-in" and they can take control of the server
through a web browser. We staged a test with a test server, and they came
right in and took control. Isn't way too easy?

I haven't contacted them yet, I thought I would ask here first. Is there
any documentation or white papers into how this actually works and what can
be done to protect the machine? Does anyone have any insight into WebEx? I
am really curious as to how easy this is. I know once you go to the WebEx
web site you need to agree and "allow" someone to actually connect, but it
just seems way too easy.

I know that websites can grab information from your browser, but again I
would love to know "how" and all this seems to be connected in some way. I
downloaded a copy of "pcaudit.exe" (by Internet Security Alliance), and that
just goes to prove how vulnerable one is.

Any information would be greatly appreciated.
Thanks - Steven

Relevant Pages

  • Asp.net Important Topics.
    ... ASP.NET server controls contained within the page. ... A custom server control is ... can also perform validation using client script. ... Where does the Web page belong in the .NET Framework class hierarchy? ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Entwicklung von Unix-Anwendung mit C++ (m/w)/ NRW : Ref.-Nr.: 37302/1
    ... I am responsible for design and implementation of the persistent data server working with mySQL. ... Developed within very short time the product was successfully installed ... Reengineering and implementing a display tool for Experimental Physics Industrial Control System ... Developed an operator interface under X Window for High Energy Physics Accelerator Control System. ...
    (de.markt.arbeit.d)
  • Software engineer
    ... I have a BS in Electrical Engineering and computer science and worked on my ... I have also been involved in hardware design. ... Developed an ATL DCOM based Server and MFC client GUI using Visual C++6.0. ... User can control the data acquisition parameters by modifying the script file. ...
    (FreeBSD-Security)
  • RE: Taking control of ones machine
    ... Still makes me leery -- they purposely wrote this product to circumvent ... firewalls. ... > Subject: RE: Taking control of ones machine ... Webex is not in the same class. ...
    (Focus-Microsoft)
  • Re: How to fire an event
    ... I have an Infragistic datagrid control, ... The button click event is being raised upon a post-back to the server. ... manipulating the grid in script would cause a server event to be raised. ... The problem here is that I have no idea whether the grid will raise the ...
    (microsoft.public.dotnet.languages.csharp)