Re: Re[2]: Remote control

From: Rich Henning (seclsts@fast.net)
Date: 06/17/02


Date: Mon, 17 Jun 2002 12:23:36 -0400
From: Rich Henning <seclsts@fast.net>
To: "Calhoun, Heath" <CalhounH@gsci.state.ms.us>

On Fri, Jun 14, 2002 at 01:46:49PM -0500, Calhoun, Heath wrote:
> We used to use VNC on some systems on our network, but found it to be to
> slow and very unsecure. through a google search off of this list I think,
> we found a tool anyone can download to crack the vnc password. You can also
> go into the registery searching for vnc and guess what... There is the
> password in clear text.

TightVNC (http://www.tightvnc.com) uses compression, which will not only
speed up the connection, but also obscure traffic passing across it,
making it more difficult to glean anything by simple sniffing. I
understand security through obscurity is not the answer, but its
definitely a step-up on plain-text everything.

If you're worried about encrypting your VNC sessions, this can be done
by running them over an SSH tunnel, and there are many articles
available via google to point you in the right direction to get this
done.

> Guess you get what ya pay for...
I've found this statement to be generally false. There's lots of
excellent security (and other) projects out there that are completely
free and can compete right along side of commercial projects in my
personal opinion.

-- 
[ rich henning      ]                                             /"\
[ henninrp@fast.net ]                                             \ /
                                                                   X
support the ascii ribbon campaign against html e-mail             / \