Re: Re[2]: Remote control

From: Rich Henning (seclsts@fast.net)
Date: 06/17/02


Date: Mon, 17 Jun 2002 12:23:36 -0400
From: Rich Henning <seclsts@fast.net>
To: "Calhoun, Heath" <CalhounH@gsci.state.ms.us>

On Fri, Jun 14, 2002 at 01:46:49PM -0500, Calhoun, Heath wrote:
> We used to use VNC on some systems on our network, but found it to be to
> slow and very unsecure. through a google search off of this list I think,
> we found a tool anyone can download to crack the vnc password. You can also
> go into the registery searching for vnc and guess what... There is the
> password in clear text.

TightVNC (http://www.tightvnc.com) uses compression, which will not only
speed up the connection, but also obscure traffic passing across it,
making it more difficult to glean anything by simple sniffing. I
understand security through obscurity is not the answer, but its
definitely a step-up on plain-text everything.

If you're worried about encrypting your VNC sessions, this can be done
by running them over an SSH tunnel, and there are many articles
available via google to point you in the right direction to get this
done.

> Guess you get what ya pay for...
I've found this statement to be generally false. There's lots of
excellent security (and other) projects out there that are completely
free and can compete right along side of commercial projects in my
personal opinion.

-- 
[ rich henning      ]                                             /"\
[ henninrp@fast.net ]                                             \ /
                                                                   X
support the ascii ribbon campaign against html e-mail             / \



Relevant Pages

  • RE: Re[2]: Remote control
    ... We used to use VNC on some systems on our network, but found it to be to ... through a google search off of this list I think, ... we found a tool anyone can download to crack the vnc password. ... Subject: Remote control ...
    (Security-Basics)
  • Re: VNC Security
    ... The current design of the internet lends itself to a certain level of ... Tunnels and other layered security measures attempt to address this, ... VNC as it is, though the newer releases of VNC do make this ... >unencrypted VNC session over the Internet is seen as such a horrible ...
    (Security-Basics)
  • RE: PCanywhere: security of it and operation over DSL/cable modem s
    ... I work for Expertcity, the company that makes GoToMyPC, so you might want to ... Subject: PCanywhere: security of it and operation over DSL/cable ... then x-forwarding the *nix version of VNC that connects to the windows ... that's less secure again. ...
    (Security-Basics)
  • Re: Problems on the DOS-Prompt
    ... One strategy for getting an interactive network session is to install VNC ... execute winvnc -install, then net start winvnc, and finally winvnc ... Idealy this trojan would drop a bindshell running ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • VNC conection problem after upgrade FC5
    ... hour ago, I was working with a remote machine using VNC, I updated VNC on that machine because new version fix a security issue. ... SConnection: Client requests security type VncAuth ... Load "vnc" ...
    (Fedora)