I've seen people using LogMeIn to remotely access their home computers, and it made me wonder what is the security profile of that setup.
Well, the perfectly ordinary security risk is that the client software will have an exploitable bug in it, leaving you open to worms, bots and viruses. That's a risk with any program you install, but especially one that has to accept connections from the internet. The next problem is that the LogMeIn servers might get hijacked, giving the attackers not only access to your machine, but every other client too. The next thing to realise is that LogMeIn employees don't even need to do anything special to gain control of your account on their servers. They can reset your password even if they don't have your old one, then go to your account and poke around in your files for fun. You implicitly trust the employees - all of them - not to do that, and you trust their programmers not to put in botnet back doors.
Of course, any LogMeIn employee caught taking control of user accounts would probably be fired, but that is likely to be little comfort if he has trashed your computer in the meantime.
Mokalus of Borg
PS - I may try the service myself, though.
PPS - It would be convenient sometimes.
No comments:
Post a Comment