DoS attack VNC 4.0

[Brachmann Shaun]

The Enterprise version of RealVNC has very nice encryption incorporated.
RSA and AES, if I remember correctly.

Email inquiries to RealVNC directly or perhaps Wez will be kind enough to
enlighten us here.


Cheers,

Shaun 

-----Original Message-----
From: vnc-list-admin "at" realvnc.com [mailto:vnc-list-admin "at" realvnc.com] On
Behalf Of David Balazic
Sent: Wednesday, September 01, 2004 8:03 AM
To: William Hooper; vnc-list "at" realvnc.com; 'Alex K. Angelopoulos'
Subject: RE: DoS attack VNC 4.0

> ----------
> From: 	vnc-list-admin "at" realvnc.com[SMTP:vnc-list-admin "at" realvnc.com]
> on behalf of Alex K. Angelopoulos[SMTP:aka "at" mvps.org]
> Sent: 	31. avgust 2004 21:47
> To: 	William Hooper; vnc-list "at" realvnc.com
> Subject: 	Re: DoS attack VNC 4.0
> 
> William Hooper wrote:
> 
> > I disagree.  Encryption is something best left to programs that 
> > specialize in encryption.  Why try to maintain your own codebase 
> > when there are other secure codebases out there that are easy to set up?
> > Not to mention the ability to choose the one that best fits your 
> > needs (SSH is dead simple for *nix systems, stunnel or Zeebede is 
> > simple Windows based systems, etc.).
> 
> I tend to agree with William.  Reimplementing secure communication on  
> a tool-by-tool basis is needless multiplication of entities; over the 
> long run, it tends to make secure communication less stable. A core 
> shared subsystem is easier to maintain.
> 
A shared subsystem like .... OpenSSL ? ;-)

As long as developers ( all, not just VNC ) try to avoid the responsibility
for security, software will be unsecure. You can just go around and blame
the users.

It would be nice to have encryption on IP level, but I guess there will be
snow in hell before that. :-(

Regards,
David