VNC is "hackable" (was "VPN and VNC")

[Mike Miller]

On Wed, 28 Aug 2002, Seth Kurtzberg wrote:

> The statement that VNC is hackable is correct, and any hackable piece of
> software is generally frowned on by us security folks, but if they can't
> get to the machine then they can't back VNC on the machine.


What does it meant to say that VNC is 'hackable'?  I often hear this kind
of talk but I am not concerned because it seems to me that it would be
difficult for someone to get into my box by a VNC exploit.  Am I wrong?
Wouldn't they have to sniff packets and decrypt to get the password?  I
suppose it can be done, but I don't know that anyone is doing it.

More info on hackability would be appreciated.  As a relatively naive VNC
user, I would like to know what dangers I am exposing myself to.

Mike