Emails flagged as spam is a solvable problem, but apparently not for Citrix.Ĭitrix says both that they were hacked, and, that they were not hacked. I spent too much time fighting with this as I had to disable spam filtering on multiple accounts just to receive the password reset emails. The emails from Citrix were also a problem, multiple email systems classified them as spam. Rather than do something specific for this problem, they opted to use their existing forgotten password procedure. But, they did not require the customer to enter the old password which would have been more secure. Citrix then emails a link which, when clicked, lets their customer chose a new password. It starts off with entering the email address of a GoToMyPC customer on a Forgot Password page. The password reset procedure also left something to be desired. But other accounts, where the password had not been changed in years, were forced to pick a new password. The forced password change happened the next day, Tuesday the 21st, but all passwords did not have to change.Ī couple accounts where I had changed the password on Monday worked fine on Tuesday. I was able to use three different GoToMyPC accounts that day without changing any passwords. At PC World, Nick Mediati wrote "Before you next use GoToMyPC, you’ll have to reset your password." At Fortune, Barb Darrow wrote that Citrix "had proactively reset all customer passwords." Their incident report said "Effective immediately, you will be required to reset your GoToMYPC password before you can login again."Įveryone took this at face value without confirming it. Krebs had not verified what Citrix told him, and the person he spoke with was ill-informed.īy Monday, Citrix was telling everyone that GoToMyPC users had to change their password, despite its not being true. As noted earlier, I am a GoToMyPC customer and on Monday, June 20th, when Krebs wrote that, passwords had not been changed. But his report, Citing Attack, GoToMyPC Resets All Passwords, was wrong. It's also unclear whether password were even stolen, or whether the attackers are simply logging into GoToMYPC accounts en masse with stolen credentials from another attack. Citrix also hasn't indicated just how, exactly, attackers got their hands on these stolen passwords. it's unclear just how many users were potentially affected. Graham Cluley wrote "It's also a pity that the details are a little sketchy." Mark Wilson of BetaNews said "details are a little thin on the ground at the moment" and Catalin Cimpanu noted that "The company didn't provide any other details."ĭavid Murphy, writing in PC Magazine put it best: This was a common gripe running through all the articles I read initially. Thus, I go months on end without ever looking at the GoToMyPC site, and I'm probably not the only customer who works this way.Īnd, what Citrix did say, at least at first, wasn't much. Remotely controlling a computer, at least from a Windows machine, can be done via a desktop shortcut, bypassing the GoToMyPC website. Many Citrix customers, I'm sure, did not see the note when it was posted. Instead of emailing its customers, Citrix posted a note on its website. I have been a GoToMyPC customer for years, but their actions the last few days have caused me to lose trust in the company.įor one thing, I found out about this security incident by accident, while scanning the tech news last weekend. When security issues come up, you would expect the company to deal with them quickly and in an above-board manner, much like LastPass did last year or TeamViewer more recently. Given this, you would think Citrix would be on its best behavior at all times. Unlike RealVNC, Citrix knows, at all times, which computers can be remotely controlled, where they are, and the passwords. GoToMyPC customers have to assume that Citrix employees can get into their computers at any time. Citrix serves as a man in the middle and makes the connection between the two computers.Īs such, there is a lot of trust involved. A GoToMyPC customer, seeking to remotely control a computer, contacts Citrix, the company behind GoToMyPC. When the server side of GoToMyPC software is installed on a computer, it phones home to Citrix and maintains that connection at all times.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |