Teamviewer hacked
-
@scottalanmiller said in Teamviewer hacked:
@MattSpeller said in Teamviewer hacked:
Edit: for clarity, points against them
- poor communication
- its ultimately their software
- could have put in stronger password requirements
- etc
Poor communication, certainly.
Ultimately their software... I don't agree. Ultimately it is end user access. If TV didn't have a breach, it's ultimately on the end user.
Stronger passwords requirements... not relevant. It's not their responsibility nor do those things really protect you.
This comes down to what is reasonable to expect out of our users. I don't think we will all agree on it.
-
@wirestyle22 said in Teamviewer hacked:
@scottalanmiller said in Teamviewer hacked:
@MattSpeller said in Teamviewer hacked:
Edit: for clarity, points against them
- poor communication
- its ultimately their software
- could have put in stronger password requirements
- etc
Poor communication, certainly.
Ultimately their software... I don't agree. Ultimately it is end user access. If TV didn't have a breach, it's ultimately on the end user.
Stronger passwords requirements... not relevant. It's not their responsibility nor do those things really protect you.
This comes down to what is reasonable to expect out of our users. I don't think we will all agree on it.
Doesn't matter what we expect of them. It's the end user's responsibility, period. Even if TV offered zero password requirements, as long as they offered a means of being safe, the fault is 100% not theirs.
-
@scottalanmiller said in Teamviewer hacked:
@wirestyle22 said in Teamviewer hacked:
@scottalanmiller said in Teamviewer hacked:
@MattSpeller said in Teamviewer hacked:
Edit: for clarity, points against them
- poor communication
- its ultimately their software
- could have put in stronger password requirements
- etc
Poor communication, certainly.
Ultimately their software... I don't agree. Ultimately it is end user access. If TV didn't have a breach, it's ultimately on the end user.
Stronger passwords requirements... not relevant. It's not their responsibility nor do those things really protect you.
This comes down to what is reasonable to expect out of our users. I don't think we will all agree on it.
Doesn't matter what we expect of them. It's the end user's responsibility, period. Even if TV offered zero password requirements, as long as they offered a means of being safe, the fault is 100% not theirs.
I can't argue that. You're right.
-
@MattSpeller said in Teamviewer hacked:
@wirestyle22 said in Teamviewer hacked:
@MattSpeller I don't think we can say it's a fact yet though. There is no proof yet.
You're 100% correct but in what way does that matter at all?
Certainly didn't for me, I uninstalled it from both my machines and my parents machine within an hour of Nic posting it.
Yup. I had it on a couple systems and it's gone now. I'll put it back on if everything is straightened out and we find out it wasn't really them, but not until then. Better to be safe than sorry.
-
@johnhooks said in Teamviewer hacked:
@MattSpeller said in Teamviewer hacked:
@wirestyle22 said in Teamviewer hacked:
@MattSpeller I don't think we can say it's a fact yet though. There is no proof yet.
You're 100% correct but in what way does that matter at all?
Certainly didn't for me, I uninstalled it from both my machines and my parents machine within an hour of Nic posting it.
Yup. I had it on a couple systems and it's gone now. I'll put it back on if everything is straightened out and we find out it wasn't really them, but not until then. Better to be safe than sorry.
Yeah, that's the biggest problem right now. Until we KNOW what happened, it is too much of a risk.
-
This post is deleted! -
@scottalanmiller said in Teamviewer hacked:
@MattSpeller said in Teamviewer hacked:
Edit: for clarity, points against them
- poor communication
- its ultimately their software
- could have put in stronger password requirements
- etc
Poor communication, certainly.
Ultimately their software... I don't agree. Ultimately it is end user access. If TV didn't have a breach, it's ultimately on the end user.
Stronger passwords requirements... not relevant. It's not their responsibility nor do those things really protect you.
Then what do you have to say for my case? Passwords changed from an 18 character password to 20+, unattended access disabled, computer wiped and my computer was still compromised using their software. How can I not point the finger at their software having a security hole?
-
@david.wiese said in Teamviewer hacked:
@scottalanmiller said in Teamviewer hacked:
@MattSpeller said in Teamviewer hacked:
Edit: for clarity, points against them
- poor communication
- its ultimately their software
- could have put in stronger password requirements
- etc
Poor communication, certainly.
Ultimately their software... I don't agree. Ultimately it is end user access. If TV didn't have a breach, it's ultimately on the end user.
Stronger passwords requirements... not relevant. It's not their responsibility nor do those things really protect you.
Then what do you have to say for my case? Passwords changed from an 18 character password to 20+, unattended access disabled, computer wiped and my computer was still compromised using their software. How can I not point the finger at their software having a security hole?
None of that is related to what I said. I only said that IF they didn't have a breach, they they are not at fault. If they DID have a breach the post does not apply.
So I'm unclear of the question.
-
@scottalanmiller said in Teamviewer hacked:
@david.wiese said in Teamviewer hacked:
@scottalanmiller said in Teamviewer hacked:
@MattSpeller said in Teamviewer hacked:
Edit: for clarity, points against them
- poor communication
- its ultimately their software
- could have put in stronger password requirements
- etc
Poor communication, certainly.
Ultimately their software... I don't agree. Ultimately it is end user access. If TV didn't have a breach, it's ultimately on the end user.
Stronger passwords requirements... not relevant. It's not their responsibility nor do those things really protect you.
Then what do you have to say for my case? Passwords changed from an 18 character password to 20+, unattended access disabled, computer wiped and my computer was still compromised using their software. How can I not point the finger at their software having a security hole?
None of that is related to what I said. I only said that IF they didn't have a breach, they they are not at fault. If they DID have a breach the post does not apply.
So I'm unclear of the question.
Sorry miss-ready what you wrote.
-
@david.wiese said
Then what do you have to say for my case? Passwords changed from an 18 character password to 20+, unattended access disabled, computer wiped and my computer was still compromised using their software. How can I not point the finger at their software having a security hole?
Honestly. I would re-contact them, and post what they say here. If this happened, they have sworn to take it seriously. The ML users will be able to tear their responses apart if they are BS.
Everyone on Reddit said the same thing, then clammed up when asked for proof. I'm not saying it didn't happen to you, it's just that many people have said this happened to them, then disappeared when TV showed up on reddit and started asking questions.
Just out of curiosity ... since you were hacked via TV, why did you put it back on your machine? People haven't even been hacked and are distancing themselves from it. I got pwned once via VNC, and have been afraid of it ever since. (Though I am thinking of going back to it.)
BTW: way back when when that happened to me with VNC, they blamed me. And it was indeed my fault for having not have updated to the latest version. (If you can blame require manual updating a fault of the user.)
-
@BRRABill said in Teamviewer hacked:
@david.wiese said
Then what do you have to say for my case? Passwords changed from an 18 character password to 20+, unattended access disabled, computer wiped and my computer was still compromised using their software. How can I not point the finger at their software having a security hole?
Honestly. I would re-contact them, and post what they say here. If this happened, they have sworn to take it seriously. The ML users will be able to tear their responses apart if they are BS.
Everyone on Reddit said the same thing, then clammed up when asked for proof. I'm not saying it didn't happen to you, it's just that many people have said this happened to them, then disappeared when TV showed up on reddit and started asking questions.
Just out of curiosity ... since you were hacked via TV, why did you put it back on your machine? People haven't even been hacked and are distancing themselves from it. I got pwned once via VNC, and have been afraid of it ever since. (Though I am thinking of going back to it.)
BTW: way back when when that happened to me with VNC, they blamed me. And it was indeed my fault for having not have updated to the latest version. (If you can blame require manual updating a fault of the user.)
I haven't had time to go back to them yet since the compromise was over 4 months ago. And in terms of why haven't I removed it? Because my organization still uses it for remote support. We are currently evaluating different companies but have yet to make a decision. The software is installed on over 300 computers so it is going to be a fun project.
-
300 is nothing
We moved thousands when we dropped LogMeIn! -
@scottalanmiller said in Teamviewer hacked:
300 is nothing
We moved thousands when we dropped LogMeIn!300 is a lot when i'm the only one doing IT support for the company. I am sure I could write a script to do an uninstall, but the last time I did that, things went sideways and we had to end up manually uninstalling vipre a/v on about 80 computers.
-
@scottalanmiller said in Teamviewer hacked:
300 is nothing
We moved thousands when we dropped LogMeIn!We're so small, we only moved 100
-
@Dashrender said in Teamviewer hacked:
@scottalanmiller said in Teamviewer hacked:
300 is nothing
We moved thousands when we dropped LogMeIn!We're so small, we only moved 100
I've switched to using ZeroTier, 100 is big
-
And in terms of why haven't I removed it? Because my organization still uses it for remote support.
But weren't you super nervous after you got hacked the first time with a very complex password?
I nervous just thinking about it, LOL.
-
@david.wiese said
The software is installed on over 300 computers so it is going to be a fun project.
Have you checked to see if any of them were compromised?
If you look at the reddit threads on the beginning of this thread, they detail exactly what to look for.
