sity, Mackenzie Building
1125 Colonel By Drive
Ottawa, Ontario
Canada K1S 5B6
[EMAIL PROTECTED]
===
>
> Date: Wed, 22 May 2002 15:33:28 -0500
> From: Paul Simon <[EMAIL PROTECTED]>
> Subject: RE: Security Risk?
>
> Well I know the VNC d
Well I know the VNC daemon will lock you out (possibly for a time limit??)
after several (maybe 5) bad password attempts...
-Original Message-
From: Shing-Fat Fred Ma [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 22, 2002 11:33 AM
To: [EMAIL PROTECTED]
Subject: Re: Security Risk?
I
PROTECTED]
===
>
> Date: Tue, 21 May 2002 18:31:21 -0400
> From: Glenn Mabbutt <[EMAIL PROTECTED]>
> Subject: RE: Security Risk?
>
> No, these risks and others still exist. If security is a necessity (ie,
> outside of a local network, or even inside one if nosy people exist), o
Is there a place you can point me that shows the vulnerabilities of VNC in
it's current state?
Thanks,
Paul
-Original Message-
From: Glenn Mabbutt [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 21, 2002 4:31 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Security Risk?
No,
No, these risks and others still exist. If security is a necessity (ie,
outside of a local network, or even inside one if nosy people exist), one
normally tunnels the VNC session inside of SSH or Zebedee or other encrypted
tunnel. There are a couple of patches to do NT domain authentication, and
If you can get to a key board you can sniff a hub/switch or un secured router.
This means ANY computer on the network can be used to go sniffing.. You don't
need physical access to the router. That would just make life to easy
Patrick Corneli_en <[EMAIL PROTECTED]> wrote:
> Hello Michael Os
On Fri, Feb 22, 2002 at 10:38:34AM +0100, Patrick Corneli_en wrote:
>
> That's not the problem, the Datatransfer is going through my local hub
> (in my room) and the rest of the house is completely switched, so I
> see no problem here.
> I will use it only from here, not over the internet.
That's
On Thu, Feb 21, 2002 at 07:56:42PM +0100, Patrick Corneli_en wrote:
>
> are there any known security holes in VNC?
> I'd like to use it on my server and the server has a public-static-IP
> adress.
Some would say that VNC _is_ a security hole. The authentication method
looks somewhat secure, b
Those are good questions to ask at the beginning of the process Sara -
most people wait until after deployment to do so.
The methodology you use for setting up your remote control system is
actually what will determine how easy it is to manage VNC centrally -
which is what it sounds like your cen
I found that with a simple policy to turn on the screen saver and lock the
workstation works will for a little added security. If someone did get the
VNC password to a machine it would still be fairly secure because the person
conencting to the machine would get the Windows NT login prompt.
search the mailing list archives - this has come up many times.
-Original Message-
From: Paul Brown [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 29, 2001 4:19 PM
To: [EMAIL PROTECTED]
Subject: Security Problems?
Does anyone know of any security leaks or problems with VNC? Password
Yes "VNCCrack" was mentioned a while back in this list.
-Original Message-
From: Paul Brown [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 29, 2001 4:19 PM
To: [EMAIL PROTECTED]
Subject: Security Problems?
Does anyone know of any security leaks or problems with VNC? Password?
Or Enc
>Is there a security setting that prevents users from accessing the VNC
>properties?
Please search the FAQ and archives for the "AllowProperties" registry
setting. This does not involve hiding the icon, it merely disables the
menu. If you *really* need to hide the icon, install TridiaVNC.
Thanks I will look into that.
At 12:18 PM 2001-05-09 -0400, you wrote:
>According to the Documentation it can only be done by modifying the source
>code. I found that in win2k it will work by removing the reference under the
>"run" hive in Microsoft current control.
>
>Z
>
>-Original Message-
According to the Documentation it can only be done by modifying the source
code. I found that in win2k it will work by removing the reference under the
"run" hive in Microsoft current control.
Z
-Original Message-
From: Tony Do [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 09, 2001 11:
I have an old fix for this on my Win2K box from the time it was last brought
up on BugTraq (search the VNC archives for that discussion). I never really
got around to sending the patch around because this list has a MIME stripper
and I lost interest there for a while.
The fix is simple:
I did an
Well, on NT/2000 I believe it's possible to restrict access to the registry.
And if you have administrator access, you can see everything anyway. On
95/98, just delete regedit.exe from the user's machine ;)
-Original Message-
From: John Ineson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday,
On Wed, Jan 24, 2001 at 03:55:19PM +, John Ineson wrote:
> P.S. I've just signed up, so sorry if this issue's come up before. I
> have looked at the archives & docs and couldn't find anything.
Take another look. There is a security advisory in the archive that's
about a day old.
Not to men
> I now find that (in this, a standard install) the password hash is
> readable to all users, power users and administrators
> (HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\Default). This astounded me,
> and the other WinVNC users I know.
>
> So, if I'm not mistaken, by default even normal (i.e. only
>
19 matches
Mail list logo
