Re: gotomypc

From: R. DuFresne (dufresne@sysinfo.com)
Date: 03/09/02 

Date: Sat, 9 Mar 2002 16:56:10 -0500 (EST)
From: "R. DuFresne" <dufresne@sysinfo.com>
To: kevin mckay <kevintmckay@yahoo.com>

And finally, from their own web site:

         Should you believe it necessary to prevent the GoToMyPC
         service from accessing your company computers,
         simply block access to the host poll.gotomypc.com.
         This will prevent anyone from starting a connection to access any
         computer inside your firewall.

Name: poll.gotomypc.com
Address: 63.251.224.177

Thanks,

Ron DuFresne

On Fri, 8 Mar 2002, kevin mckay wrote:

> Has anybody dealt with the services from https://www.gotomypc.com it
> seems to allow end users to completely circumvent an existing network
> security infrastructure.
>
> The user signs up with gotomypc and establishes a out bound connection
> through the firewall to a go to my pc server, then there server listens
> for a connection that is connected to your internal network
> and the scariest thing is that the listining ports for inbound
> connections are on a gotomypcserver so how would you even audit?.
>
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Try FREE Yahoo! Mail - the world's greatest free email!
> http://mail.yahoo.com/
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • [NEWS] eSeSIX Thintune Thin Client Multiple Vulnerabilities
    ... Get your security news from a reliable source. ... All Linux-based Thintune models with firmware version 2.4.38 and prior ... REMOTE ROOT SHELL / BACKDOOR ... ica con_0_10 - password for first ICA connection ...
    (Securiteam)
  • RE: SQL
    ... Subject: SQL ... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Insurance
    ... property--data beign deemed "intangible" for the purposes of insurance. ... for physical security testing there are often 3rd parties ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: Please, dont kill my WiFi!
    ... potentially bypassing whatever security is at the periphery of the company ... wants to block a connection, it does notify me. ... status suddenly changes from Connected to "Driver not loaded". ... user to choose to run that email attachment or allow that ActiveX control ...
    (microsoft.public.pocketpc.activesync)
  • RE: Pen-Testing Lotus Notes/Domino
    ... Subject: Pen-Testing Lotus Notes/Domino ... of document security. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)