cancel
Showing results for 
Search instead for 
Did you mean: 
New Contributor

Published binary file hashes

Our security software is not happen with what might be legitimate GotoMeeting updates.  I am unable to find a web page here that lists the current file hashes (SHA256) in order to verify these files are legitimate???

Tags (1)
5 REPLIES 5
LogMeIn Contributor

Re: Published binary file hashes

Hi Eddie,

Firewall information can be found here:  https://support.logmeininc.com/gotowebinar/help/optimal-firewall-configuration-g2w060025

 

Release notes and updates will be found here:  https://community.logmein.com/t5/GoToMeeting-News/bg-p/GoToMeeting-Release-Notes

 

 

New Contributor

Re: Published binary file hashes

Thanks, but none of those links have hashes of the executables.  SHA256 hashes are what most antivirus tools are using and these need to be published for .EXE files that GotoMeeting pushes out.  At this point your files are being flagged as malware/ransomware and being deleted by our security software -- or someone naming their malware similar to names used by GotoMeeting.

 

Other vendors publish hashes for their files... often they publish SHA1 and SHA256 so a receiver can verify the file was transmitted completely and has not been modified by a hacker on a mirror site.

LogMeIn Contributor

Re: Published binary file hashes

I'm sorry we don't have those file names listed publicly currently, as I'm not sure if they remain static.  Which security software are you currently trying to work with?

New Contributor

Re: Published binary file hashes

We use Cylance, a next generation antivirus product that looks at the make up of the file to determine it is dangerous vs. relying on lists of bad things after a virus has run amuck on the internet.  We do see occasional issues with the product flagging what is considered okay software, even though the code uses similar techniques as hackers who want to ransom our data.

 

Yes, the hashes are not static.  Each time code is promoted to production the hashes should be created and posted for every program the company provides.  Just about every other vendor who provides downloads for programs provides this so a person can verify the authenticity of a download as well as the integrity in case the download didn't complete successfully. 

 

LogMeIn needs to provide the hashed values for all of its software as released.  LogMeIn should have a software development process and part of that process should include updating a web page with filenames of programs and the SHA256 hash so customers can verify a file is legit.

New Contributor

Re: Published binary file hashes

LogMeIn continues to distribute new versions of their GotoWebinar software that causes the same issue...most likely a false positive, but without published SHA256 hashes our security stack will not allow these to run.  I opened a ticket and got nowhere with vendor...is anyone listening here?  Please, publish your programs with their SHA256 hashes so we can verify the software is actually from you!