>Sure it's possible to authenticate against a nasty server if they have >discovered your password.
A rogue server could ask for a password, send a challenge, and then ignore the response and just let you in, and then set up the exploit on the viewer. It wouldn't even need to send you through to the original server - it would appear as though the VNC client had crashed, and the human response time to *that* is probably long enough for a backdoor to be set up through the hole. I'm no expert on security, but I do know how fast computers can work. -- -------------------------------------------------------------- from: Jonathan "Chromatix" Morton mail: [EMAIL PROTECTED] (not for attachments) website: http://www.chromatix.uklinux.net/ geekcode: GCS$/E dpu(!) s:- a21 C+++ UL++ P L+++ E W+ N- o? K? w--- O-- M++$ V? PS PE- Y+ PGP++ t- 5- X- R !tv b++ DI+++ D G e+ h+ r++ y+(*) tagline: The key to knowledge is not to rely on people to teach you it. --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
