Re: question about NVDA remote, why is it insecure?
Re: question about NVDA remote, why is it insecure? Correct. If you aren't using autologon, you 're fine. URL: http://forum.audiogames.net/viewtopic.php?pid=274673#p274673 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: question about NVDA remote, why is it insecure?
Re: question about NVDA remote, why is it insecure? So, it shouldn't be a problem if I'm not using the auto logon feature, right? URL: http://forum.audiogames.net/viewtopic.php?pid=274660#p274660 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: question about NVDA remote, why is it insecure?
Re: question about NVDA remote, why is it insecure? Most encryption algorithms in common use today are actually public knowledge; knowing how the algorithm works is generally not enough to defeat it unless the user's password or key is weak. So encryption with a well-tested algorithm would theoretically fix the problem if strong passwords are used. URL: http://forum.audiogames.net/viewtopic.php?pid=274591#p274591 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: question about NVDA remote, why is it insecure?
Re: question about NVDA remote, why is it insecure? As I said when this topic originally came up, Teamviewer doesn't exactly have a golden reputation either. Some bad things happened to people who were using it a couple of months ago, which may or may not have been the software devs' fault. I don't think what really happened ever became public knowledge, although I'd be willing to bet that a large part of it was user error and stupidity, or at the very least naivety.It drives me crazy when people think that just because a product costs money, it's somehow better. That's why we have scams in which people buy programs that are supposed to clean your PC, which employ scare tactics or worse to get the job done. That's why we have paid antivirus solutions that are absolutely no better than the free ones. Speaking of that, I have a friend whose parents once ripped into me and made me feel like I was about 3 inches tall just because I had the audacity to install Avast on my friend's computer. he had Norton at the time, and keep in mind that this was around 8 years ago, when Avast was still accessible and Norton was the unwieldy, inaccessible, bloated, system resource eating hog that it's always been, which of course was a bigger deal back then on lower spec machines. The point is, when I pressed them about why their son being able to do his own virus scanning was a bad thing, they said, "well, Norton is better because we paid for it!" I felt pretty smug when Avast found a trojan on its first scan of that machine, though, and it wasn't a false positive.The point is, open source software, and even the model itself, does have its shortcomings. But money does not equal glory, either, and I wish people would realize that. URL: http://forum.audiogames.net/viewtopic.php?pid=274541#p274541 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: question about NVDA remote, why is it insecure?
Re: question about NVDA remote, why is it insecure? The people who are saying it's insecure are probably the same people that, like the majority who don't read terms of service, would not read a disclaimer attached to any remote access service. Unless you know the friend in person, or know an internet friend extremely well, or the guy's a professional, remote access of any kind is always a risk. Teamviewer isn't automatically more secure just because it is a paid service. In fact, it being one, it's not transparent, so you can't see the sourcecode for yourself to decide if it's more secure, you just gotta put your trust in the company which, today has become an extremely! suspicious statement right there. With nvda remote's sourcecode available users could see for themselves that yes, the autoconnect feature does store your code locally. Is this a problem? Yes, a big problem, but it's not like it can't be solved. If you use the autoconnect feature, never, ever do autoconnect on a pu blic server. Just, don't do it. That's automatically putting yourself at risk. If you don't use autoconnect, then you're fine, because the one-use key isn't stored locally. People who use remote access stuff should have a good general knowledge of the security risks involved when using any remote access software, and know how to prevent such risks. Nvda Remote is not insecure. It has a security flaw, but that flaw can be very easily prevented. And yes, encripting will just make matters worse. As long as the source is available, anyone can write a decryption program for it. On the other hand, if the key was encrypted on the server, and nvda contacted the server to get the key, that would be a little more secure, until someone, again, grabs the lines out of the source that instruct the engine to contact the source, then writes yet another decryption program. This is exactly why businesses throw a fit about open source software, and why it takes a lot of poking and prodding to get them to embrace nvda. It sucks, I know. They should just embrace it, but this is exactly the reason why. With open source, you can never be truly secure in all cases. What they refuse to believe, though, is that you can be secure by gaining a general knowledge of the risks, and preventing them. URL: http://forum.audiogames.net/viewtopic.php?pid=274490#p274490 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: question about NVDA remote, why is it insecure?
Re: question about NVDA remote, why is it insecure? The people who are saying it's insecure are probably the same people that, like the majority who don't read terms of service, would not read a disclaimer attached to any remote access service. Unless you know the friend in person, or know an internet friend extremely well, or the guy's a professional, remote access of any kind is always a risk. Teamviewer isn't automatically more secure just because it is a paid service. In fact, it being one, it's not transparent, so you can't see the sourcecode for yourself to decide if it's more secure, you just gotta put your trust in the company which, today has become an extremely! suspicious statement right there. With nvda remote's sourcecode available users could see for themselves that yes, the autoconnect feature does store your code locally. Is this a problem? Yes, a big problem, but it's not like it can't be solved. If you use the autoconnect feature, never, ever do autoconnect on a pu blic server. Just, don't do it. That's automatically putting yourself at risk. If you don't use autoconnect, then you're fine, because the one-use key isn't stored locally. People who use remote access stuff should have a good general knowledge of the security risks involved when using any remote access software, and know how to prevent such risks. Nvda Remote is not insecure. It has a security aflw, t thabut aw flcan be very easily prevented. URL: http://forum.audiogames.net/viewtopic.php?pid=274490#p274490 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: question about NVDA remote, why is it insecure?
Re: question about NVDA remote, why is it insecure? @livrobo Yes, that is an issue. To add to what you said, many people overreacted. Chris or Tyler can't fix it, because if they tried, someone could just grab the source on GitHub and decrypt the file, so encrypting it would do nothing but give people a false sense of security that isn't there. And besides, if you ran an application, it could do much worse things to your computer anyway. But for the majority of people that just use it to get access to a computer for a short time, the addon is still safe to use. URL: http://forum.audiogames.net/viewtopic.php?pid=274489#p274489 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: question about NVDA remote, why is it insecure?
Re: question about NVDA remote, why is it insecure? It's not as insecure as some people are making it out to be. Honestly I think a lot of them are overreacting.The problem is with the auto-connect feature. If you use this feature, it will store your Remote password in a file in your appdata directory. Of course, someone with bad intentions could write a program that grabs and uploads the information in this file so that they could see your password. They could then connect to your computer while you are away and do whatever they want. URL: http://forum.audiogames.net/viewtopic.php?pid=274482#p274482 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: question about NVDA remote, why is it insecure?
Re: question about NVDA remote, why is it insecure? It's not insecure; some people are just overreacting. The problem is with the auto-connect feature. If you use this feature, it will store your Remote password in a file in your appdata directory. Of course, someone with bad intentions could write a program that grabs and uploads the information in this file so that they could see your password. They could then connect to your computer while you are away and do whatever they want. URL: http://forum.audiogames.net/viewtopic.php?pid=274482#p274482 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
question about NVDA remote, why is it insecure?
question about NVDA remote, why is it insecure? Hi.Straight to the point, I heard from a lot of people on this forum that the NVDA remote service is insecure up to a certain point.I am wondering, why is it insecure and how could you use it for example?I mean, if someone needs to do something, I would activate remote, and sit at the computer while he is doing what he needs to do so I always have a watchful eye on the things he does.So, what is the problem with that and how can I block something like hacking atempts?Just for clarification, I am not aiming to do something elegal with NVDA remote, I am just curious why it is unsecure. URL: http://forum.audiogames.net/viewtopic.php?pid=274461#p274461 ___ Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
