lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 8 May 2014 13:55:25 -0400
From: Keith I Myers <keithiokepamyers@...il.com>
To: HHeilemann@...o-s.de
Cc: fulldisclosure@...lists.org
Subject: Re: [FD] Discussion: Teamviewer "Feature" or "Bug"?

Good Afternoon,
This sounds more like a feature than a bug as it is present is most "live
support" software such as LogMeIn Rescue, Bomgar, etc. Most of these
applications have controls to limit clipboard sharing. Some even have
restrictions on bidirectional sharing.

There are a number of legitimate uses for Shared Clipboards such as sending
long URLs, pasting command line arguments and more.

In hindsight, techs who use Live Support software should be conscious of
what may be contained in their clipboard as it is possible that they could
accidentally expose confidential information that they may have previously
pasted into an email.


On Thu, May 8, 2014 at 5:00 AM, <HHeilemann@...o-s.de> wrote:

>
> Hello List,
>
> today i remote-controlled a device with teamviewer. This is not very
> special. But: with me connected was another person (technican) from another
> company. He did some maintenance work on the device and me i simply
> followed him.
>
> Now, here comes the issue:
> the technican copies with STRG+C and STRG-V some passes between his client
> and the managed device.
> I did nothing, exept opend a notepad on my computer and hit STRG+V several
> times.
>
> Guess what: his clipboard entries was shown in my notepad.
>
> So: Is this a Feature or a Security Bug?
>
>
>
> Mit freundlichen Grüßen,
> i. A. Heiko Heilemann
>
>
> -----------------------------------------------------------------------------------------
>
> PGP Fingerprint:
> EA45 F8FE 05AD 2D4B DF29  B14A 80B0 D800 B0B9 D63E
>
> PGP Key ID: B0B9D63E
>
> -----------------------------------------------------------------------------------------
>
>
> MEKO-S GmbH
> Lise-Meitner-Str. 6, 28359 Bremen
> Telefon:       +49 421 388 90 222
> Telefax:       +49 421 388 90 19
>
> Mail: hheilemann@...o-s.de
> http://www.meko-s.de
>
> AG Bremen, HRB 20031
> Geschäftsführer:
> Peter Behrens, Luigi Argentato
> Ein Unternehmen der Diersch & Schröder Gruppe, Bremen
>
>
> Diese Mail enthält vertrauliche oder rechtlich geschützte
> Informationen. Wenn Sie nicht der Adressat sind oder diese Mail
> irrtümlich erhalten haben, informieren Sie bitte den Absender
> und löschen Sie diese Mail.
> Das unerlaubte Kopieren oder die
> Weitergabe der Daten ist nicht gestattet.
>
> ------------------------------------
> This message may contain confidential or privileged material.
> Any unauthorized recipient is obliged to contact the sender and
> delete the message without reading, reviewing, retransmitting or
> disseminating it.
>
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> http://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
>



-- 

Keith Myers
Mobile : (305) 929-3475
EMail : KeithIokepaMyers@...il.com

+Keith I Myers <http://plus.kmyers.me>

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists