I was hacked by a VNC user!
James Weatherall
jnw "at" realvnc.com
Fri Feb 10 11:48:01 2006
Stephen,
There's more to session security than simply visibility of key-presses to
nosey network neighbours. Without proper tanper-proofing, for example, it's
possible for an attacker to gain access to a system by listening in on an
established session & hi-jacking it.
Wez @ RealVNC Ltd.
> -----Original Message-----
> From: Stephen Fromm [mailto:stephen.fromm "at" gmail.com]
> Sent: 10 February 2006 11:32
> To: James Weatherall; vnc-list "at" realvnc.com
> Subject: Re: I was hacked by a VNC user!
>
> > We don't advise use of VNC Free Edition across the Internet
> except via
> > some
> > sort of secure tunnelling protocol. VNC Enterprise &
> Personal Editions
> > have
> > in-built session security for this purpose. All current VNC Server
> > releases
> > also support querying the local user to accept connections, which is
> > advisable if you are concerned that the password you are
> using is weak or
> > widely known.
>
> But if I don't type any passwords, etc, once my connection is
> established,
> what does the additional protection actually afford me?
> (Meaning, again, if
> the datastream itself doesn't need to be protected, but only
> the password
> and ability to connect to the server.)
>
> Thanks in advance,
>
> SJF