| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEKDPcG8XUxhWpaJDCH-8p0=W7WzB8XjkycuxnmioPFQ2c-dLg@mail.gmail.com> Date: Thu, 8 May 2014 13:55:25 -0400 From: Keith I Myers <keithiokepamyers@...il.com> To: HHeilemann@...o-s.de Cc: fulldisclosure@...lists.org Subject: Re: [FD] Discussion: Teamviewer "Feature" or "Bug"? Good Afternoon, This sounds more like a feature than a bug as it is present is most "live support" software such as LogMeIn Rescue, Bomgar, etc. Most of these applications have controls to limit clipboard sharing. Some even have restrictions on bidirectional sharing. There are a number of legitimate uses for Shared Clipboards such as sending long URLs, pasting command line arguments and more. In hindsight, techs who use Live Support software should be conscious of what may be contained in their clipboard as it is possible that they could accidentally expose confidential information that they may have previously pasted into an email. On Thu, May 8, 2014 at 5:00 AM, <HHeilemann@...o-s.de> wrote: > > Hello List, > > today i remote-controlled a device with teamviewer. This is not very > special. But: with me connected was another person (technican) from another > company. He did some maintenance work on the device and me i simply > followed him. > > Now, here comes the issue: > the technican copies with STRG+C and STRG-V some passes between his client > and the managed device. > I did nothing, exept opend a notepad on my computer and hit STRG+V several > times. > > Guess what: his clipboard entries was shown in my notepad. > > So: Is this a Feature or a Security Bug? > > > > Mit freundlichen Grüßen, > i. A. Heiko Heilemann > > > ----------------------------------------------------------------------------------------- > > PGP Fingerprint: > EA45 F8FE 05AD 2D4B DF29 B14A 80B0 D800 B0B9 D63E > > PGP Key ID: B0B9D63E > > ----------------------------------------------------------------------------------------- > > > MEKO-S GmbH > Lise-Meitner-Str. 6, 28359 Bremen > Telefon: +49 421 388 90 222 > Telefax: +49 421 388 90 19 > > Mail: hheilemann@...o-s.de > http://www.meko-s.de > > AG Bremen, HRB 20031 > Geschäftsführer: > Peter Behrens, Luigi Argentato > Ein Unternehmen der Diersch & Schröder Gruppe, Bremen > > > Diese Mail enthält vertrauliche oder rechtlich geschützte > Informationen. Wenn Sie nicht der Adressat sind oder diese Mail > irrtümlich erhalten haben, informieren Sie bitte den Absender > und löschen Sie diese Mail. > Das unerlaubte Kopieren oder die > Weitergabe der Daten ist nicht gestattet. > > ------------------------------------ > This message may contain confidential or privileged material. > Any unauthorized recipient is obliged to contact the sender and > delete the message without reading, reviewing, retransmitting or > disseminating it. > > > _______________________________________________ > Sent through the Full Disclosure mailing list > http://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > -- Keith Myers Mobile : (305) 929-3475 EMail : KeithIokepaMyers@...il.com +Keith I Myers <http://plus.kmyers.me> _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists