New to VNC List...

Tue Oct 10 02:30:01 2006

This came up at least 100 times. You are running VNC version 4.1.1 or 
earlier which had a security problem allowing attacker to login without 
a password. The update was posted few days after the problem was 
discovered but it seems that no one bothers to update.

You need to redeploy the latest version of VNC and do whatever other 
procedures are required in your company after break in has been detected.
IMHO, running free vnc software exposed to the Internet is not very 
smart thing to do to begin with.

Regards,
Alex

Craig Musgrove wrote:
> Evening...
>  
> No doubt this has been asked in the past, but I have no access to this
> information..
>  
> I have numerous users using the free version of VNC... over the last week I
> have had 3 users calling me and reporting to me their mouse is moving on its
> own and they are asking me if its me connected.
>  
> I have witnessed the after affects of such a visit, as well as seen as it is
> happening.. these users are dialing into the computer and trying to install
> an exe file from a server... this exe file is installing all kind of
> nasties....
>  
> How are these users getting access to the system? Some of these passwords
> are fairly complex, and we are using default VNC port... In the short term,
> I have instructed all my users to uninstall VNC as it is not proving to be
> secure (at least from the login / password side of it).
>  
> Feedback?
>  
> 
> 
> 
> 
> 
> Craig Musgrove 
> MCSE, MCP+I, MCP 
> 
> BC Canada
> _______________________________________________
> VNC-List mailing list
> VNC-List "at" realvnc.com
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list