Revelation

Robert S. Huss rhuss "at" ecs.umass.edu
Fri, 23 Oct 1998 15:39:42 +0000


In a classroom or computer lab you always have the risk of a new malicious
program being run.  We prevent this by using a software licensing program
that prevents anyone from running a program not in its database.

Bob Huss

At 09:05 AM 10/23/98 +0100, Nick Torkington wrote:
>We install VNC on classroom PCs so that it can be used as a teaching aid,
>broadcasting one screen to several students.  We stuff a standard password
>into each student's registry so that we can assist them remotely should they
>require help.
>
>Even when VNC is executed as a service, students can easily call up the
>properties dialog and then use Revelation to discover this password,
>allowing them to maliciously "take over" other students PCs.
>
>This has *actually* happened, despite some claims in this forum that it is
>not possible because VNC doesn't work in that way.
>
>I'd like to continue to use VNC as it has saved us a lot of time over the
>past few weeks, but until this security problem is addressed we're forced to
>withdraw it.
>
>Nick Torkington
>I.T. Support
>The Oldham College
>UK
>
>
>---------------------------------------------------------------------
>The VNC mailing list     -   see http://www.orl.co.uk/vnc/intouch.html
>---------------------------------------------------------------------
>
>
Robert S. Huss, Ph.D.           Department of Chemical Engineering
Project Director                University of Massachusetts
Decision Making by Design       Amherst MA 01003
Curriculum Project              Phone: (413) 545-2819
rhuss "at" ecs.umass.edu             Fax: (413) 545-1647

---------------------------------------------------------------------
The VNC mailing list     -   see http://www.orl.co.uk/vnc/intouch.html
---------------------------------------------------------------------