Robin & Daan, VNC Free Edition 4.1 & 4.1.1 were affected. VNC Free Edition 4.0, and 4.1.2 and later are not affected. Legacy VNC 3 based servers are also unaffected.
Regards, Wez @ RealVNC Ltd. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Robin Hill > Sent: 09 July 2006 20:23 > To: [email protected] > Subject: Re: hacking situation > > On Sun Jul 09, 2006 at 07:48:18PM +0200, Daan den Engelsman wrote: > > > Last week when i was in france my wife, called me with the > question, if i > > was on the computer. There was some one on my system and in > second he > > removed allot of windows components. How can I ( beside a > vpn connection) > > secure this, and how is it possible that someone can hack > my password > > > You don't say what version of VNC you're running, but there was a bug > in v4.0-v4.1.1 through which a modified client could connect without > requiring a password. If you're running a later (or previous) version > then the only method I know of would be guessing the password (though > VNC does limit connection attempts to make brute-force attacks more > difficult). > > As for methods to secure the system, unless you know the > address you're > connecting from then a VPN type system is really the only > option. This > could be as simple as tunneling the connection through SSH, which > requires only an SSH server on your system and restricting VNC > connections to localhost - there's plenty of docs online on how to set > this up. > > HTH, > Robin > -- > ___ > ( ' } | Robin Hill <[EMAIL PROTECTED]> | > / / ) | Little Jim says .... | > // !! | "He fallen in de water !!" | > > [demime 1.01d removed an attachment of type application/pgp-signature] > _______________________________________________ > VNC-List mailing list > [email protected] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
