DoS attack VNC 4.0
David Balazic
david.balazic "at" hermes.si
Wed Sep 1 14:05:00 2004
> ----------
> From: vnc-list-admin "at" realvnc.com[SMTP:vnc-list-admin "at" realvnc.com]
> on behalf of Alex K. Angelopoulos[SMTP:aka "at" mvps.org]
> Sent: 31. avgust 2004 21:47
> To: William Hooper; vnc-list "at" realvnc.com
> Subject: Re: DoS attack VNC 4.0
>
> William Hooper wrote:
>
> > I disagree. Encryption is something best left to programs that
> > specialize in encryption. Why try to maintain your own codebase when
> > there are other secure codebases out there that are easy to set up?
> > Not to mention the ability to choose the one that best fits your needs
> > (SSH is dead simple for *nix systems, stunnel or Zeebede is simple
> > Windows based systems, etc.).
>
> I tend to agree with William. Reimplementing secure communication on a
> tool-by-tool basis is needless multiplication of entities; over the long
> run, it tends to make secure communication less stable. A core shared
> subsystem is easier to maintain.
>
A shared subsystem like .... OpenSSL ? ;-)
As long as developers ( all, not just VNC ) try to avoid the responsibility
for
security, software will be unsecure. You can just go around and blame the
users.
It would be nice to have encryption on IP level, but I guess there will be
snow in hell
before that. :-(
Regards,
David