[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
- From: Ben Bucksch <news@xxxxxxxxxxx>
- Date: Wed, 25 Jan 2012 00:47:28 +0100
On 25.01.2012 00:09, Dan Kaminsky wrote:
> IP KVM, in which the foreign server basically gets only inbound
> Keyboard and Mouse and outbound uncompressed pixels.
That is *precisely* what VNC is: an open-source IP KVM.
And please don't turn this into "you're stupid", because I've seen
others with the same setup. As mentioned, I know of a government agency
with highly competent IT staff who had a similar setup: normal and
sensitive work is on the desktop/notebook and Internet access (which is
considered insecure) is on a remote machine, with a viewer on the desktop.
To make it clear: I take offense in the copying being *automatic*. I
have nothing against the clipboard feature, per se. But if something
happens automatically, how am I supposed to know that it happens? The
user should make a conscious choice. That thinking would also help him
realize the risk. "Secure by default".
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/