On Thu, Feb 21, 2002 at 07:56:42PM +0100, Patrick Corneli_en wrote: > > are there any known security holes in VNC? > I'd like to use it on my server and the server has a public-static-IP > adress.
Some would say that VNC _is_ a security hole. The authentication method looks somewhat secure, but the session data is entirely unencrypted, key strokes and all. In order to run VNC securely over the public Internet, it should be tunneled over SSH, Zebedee, or some kind of VPN. Also, the commonly used VNC binaries probably haven't undergone any significant testing for buffer overflows and the like, and you need to watch out for host security issues on the systems VNC is installed on. -- Mike Ossmann, Tarantella/UNIX Engineer/Instructor Alternative Technology, Inc. http://www.alttech.com/ --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
