VNC Security Problem...

Alan Cox alan "at" cymru.net
Tue, 27 Oct 1998 14:47:18 +0000


> A program called "Revelation" allows students to find out the VNC (and
> other) passwords with ease.  By hovering the mouse over any password field,
> the program reveals the underlying password.  The program can be found at
> http://www.snadboy.com - take a look.

Its a toy

> I note that "Revelation" doesn't work with NT User Manager as the passwords
> are not displayed with one asterisk per hidden character.

Actually with better toys you can steal all the NT lan manager passwords,
you can modify data in file share requests and a million more things. Its
good you've realised, its so sad that most commercial and other sites run
around proactively rather than building a secure infrastructure. 

VNC over ssh is fine for example. I dont know if you can fit VNC/ssh or
VNC/SSL effectively into the Windows32 environment right now.

Alan



---------------------------------------------------------------------
The VNC mailing list     -   see http://www.orl.co.uk/vnc/intouch.html
---------------------------------------------------------------------