embedding secure tuneling (zebedee) in vnc

Dave Dyer ddyer "at" bigfoot.com
Thu, 16 Aug 2001 18:20:04 +0000

Tunneling works with VNC, but isn't a really satisfactory
solution for several reasons.

 (1) it's a pain to set up initially,
 (2) even if used properly, the insecure VNC port is still open.

 (3) using a tunnel server opens another point of attack on the host 
 machine: for example, ZeBeDee's default server mode opens redirection 
 of all ports.  If misconfigured in this way, any incoming request can
 appear to be from the local host; and in any case, security measures 
 based on  host identity are useless.

The only really satisfactory solution is to embed the encryption
layer of ZeBeDee (or some similar program) into VNC.  It seems to 
me that both programs ought already to be structured such that 
one call to "open socket" could be replaced.
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html