Insecure VNC through corporate firewalls
Andrew van der Stock
ajv "at" greebo.net
Tue, 15 Jan 2002 03:01:51 +0000
Dave,
Do you make it harder for the NT users to retrieve or set the password
key from the registry? The password key should be System:FullControl,
Administrators:Full Control (and that's it).
Lots of boxes do not have local or remote registry permissions, allowing
VNC to be hijacked from the local LAN.
Andrew
-----Original Message-----
From: owner-vnc-list "at" uk.research.att.com
[mailto:owner-vnc-list "at" uk.research.att.com] On Behalf Of Dave Dyer
Sent: Tuesday, 15 January 2002 1:49 PM
To: vnc-list "at" uk.research.att.com
Subject: Insecure VNC through corporate firewalls
Just a reminder to those concerned about the inherent insecurity of
VNC protocols ( and those who would recommend tunneling with SSH ) I've
produced a version of VNCViewer and WinVNC which automatically
use a secure connection. I've got lots of users and no complaints:
http://people.we.mediaone.net/ddyer/znc/zvnc.html
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY See also:
http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------