Cybersecurity

6914 readers

206 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

kid

[email protected]

AnyDesk says hackers breached its production servers, resets passwords (www.bleepingcomputer.com)

submitted 1 year ago by [email protected] to c/cybersecurity

10 comments fedilink hide all child comments

top 10 comments

sorted by: hot top controversial new old

[–] [email protected] 22 points 1 year ago (1 children)

"We can confirm that the situation is under control and it is safe to use AnyDesk."

Yeah, nah.

[–] [email protected] 3 points 1 year ago (2 children)

Any other recommendations aside from TeamViewer? AnyDesk has been getting worse with each update. Can’t even use a free account to have a dedicated hostname anymore…

[–] [email protected] 12 points 1 year ago* (last edited 1 year ago) (2 children)

An open source option is RustDesk

https://github.com/rustdesk/rustdesk

https://rustdesk.com

I use it, I like it.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago)

The owners are sketchy and they have closed source pro features (which was expected to be honest). They also don't like criticism and ban accounts on reddit for questioning some of their practices (like why has a vulnerability PR not been merged for more than a year). I should know, they banned me from their subreddit for asking this and deleted my comment. I later found out that this was common practice with them.

[–] [email protected] 2 points 1 year ago

Isn't that run by some dodgy chinese firm

[–] [email protected] 3 points 1 year ago

I really like ScreenConnect.

[–] spaghettiwestern 12 points 1 year ago* (last edited 1 year ago) (1 children)

At least Anydesk didn't take Teamviewer's approach and deny the breach for 3 years while blaming their customers for the problem, but it's time to rethink using these remote access apps.

In the past year for personal use I've moved to VNC and Nomachine server apps that are inaccessible from the Internet without first activating a Wireguard tunnel. The tunnel ports don't even appear to be open when scanned. Hopefully this setup offers more security than relying on a company to make sure their systems are up to date.

[–] [email protected] 1 points 1 year ago (1 children)

Doesn't mean their systems are not up to date, it just means that a security hole has been discovered. Hopefully, it's patched now.

My biggest concern is them having the source.

[–] spaghettiwestern 1 points 1 year ago

Doesn’t mean their systems are not up to date...

IMO we will never know. Every company has a vested interest in hiding the cause of a breach if it makes them look bad.

[–] [email protected] 1 points 1 year ago

Yay... :(