Dave, The fix was posted next day after the flaw was discovered. At that time there was no exploits or they were not prevalent. I am not so sure what VNC team could do to better inform people. Discovery of flaw was published on slashdot and this list. I am not trying to tell that this is your fault but just wondering what do you want VNC team to do.
IMHO running VNC server exposed to the Internet is a bad idea in the first place. Regards, Alex Dave Dyer wrote: >> Both of you need to keep up on your software -- a new version was recently >> released to solve severe security flaw in the v4.x line. The trojans you got >> obviously exploited this flaw. > > I can't argue with that, but this security flaw and the need for updating > didn't get a lot of airplay. I'm just trying to raise the level Of > awareness - that its not just a theoretical vulnerability - it's being > actively exploited. > _______________________________________________ > VNC-List mailing list > VNC-List@realvnc.com > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
