What are you thoughts on the security of running from Windows PC -> Linux via SSH?
For example, from Windows: ssh2 -L 5901:my.vnc.server:5900 my.vnc.server -l userid Then fire up VNC and connect to localhost:1 Andrew van der Stock wrote: > > Mike, > > Check out the Foundstone guys, and in particular the guys who wrote the > particularly poorly titled "Hacking Exposed". In the book, they discuss > in detail all the ins and outs of remote control technology for a > variety of products from pcAnywhere to Terminal Services, including a > decent set of VNC weaknesses. > > I spoke to a couple of them (George in particular) last year when I > spoke at Blackhat, and they're quite decent guys. Feel free to approach > them. > > Current VNC security weaknesses in order of exploitability: > > * reversible passwords - there simply is no excuse > * MITM attacks > http://www.securiteam.com/securitynews/5ZP0P1535W.html > * the lack of username and passwords (one factor authentication) > * non-existent registry security on NT > * lack of a protocol tester to prove robustness and interoperability > * running as LOCALSYSTEM on NT presents a huge remote buffer overrun > risk as well as quite a decent local exploit target > * the inbuilt web server on port 5800 is not necessary for most people, > and is a good DoS target (look at code for greater clarity on this risk) > * buffer / heap overflow possible in functions using > VSocket::GetPeerName() and %s expansion (this one is doable, trust me) > * it's probably possible to connect to the same port over and over again > to avoid the inbuilt authentication brute-force limiters. Phoss is a > perfect example of a tool that could be used again if they look > carefully. > > The list will probably go on and on. This is one of the reasons I've > been working on and off on RFB 4.0, which basically ditches the RFB > handshake in favor of something cryptographically secure. However, > protocol level weaknesses aside, the backwards compatibility element > plus a load of old code that no one is really going through with a fine > tooth comb presents a boat load of residual risk. > > Good luck with the presentation! > > Andrew > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Michael Ossmann > Sent: Tuesday, 5 March 2002 10:50 AM > To: [EMAIL PROTECTED] > Subject: Thin client security presentation > > I will be speaking at Rubi Con (http://www.rubi-con.org/) in April about > thin client and remote desktop security. I'll discuss Citrix, > Tarantella, VNC, the X window system, Windows Terminal Services, and > possibly some other things. > > Firstly, I'd like to invite everyone. If you are attending Rubi Con, > I'd love to meet you. > > Secondly, I'm gathering information for my presentation. If you have > any links to security information on VNC or any of the other > technologies, I'd appreciate an email. I have quite a bit of material > already, but I'd like to fill in as many gaps in my knowledge as > possible before I get bombarded with questions. :-) > > Thanks, > > Mike > -- > Mike Ossmann, Tarantella/UNIX Engineer/Instructor > Alternative Technology, Inc. http://www.alttech.com/ > --------------------------------------------------------------------- > To unsubscribe, mail [EMAIL PROTECTED] with the line: > 'unsubscribe vnc-list' in the message BODY > See also: http://www.uk.research.att.com/vnc/intouch.html > --------------------------------------------------------------------- > --------------------------------------------------------------------- > To unsubscribe, mail [EMAIL PROTECTED] with the line: > 'unsubscribe vnc-list' in the message BODY > See also: http://www.uk.research.att.com/vnc/intouch.html > --------------------------------------------------------------------- -- Janyne Kizer CNE-3, CNE-4, CNE-5 Systems Programmer Administrator I NC State University, College of Agriculture & Life Sciences Extension and Administrative Technology Services Phone: (919) 515-3609 --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
