[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
- To: Ben Bucksch <news@xxxxxxxxxxx>
- Subject: Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
- From: coderman <coderman@xxxxxxxxx>
- Date: Tue, 24 Jan 2012 21:31:46 -0800
On Tue, Jan 24, 2012 at 6:45 PM, Ben Bucksch <news@xxxxxxxxxxx> wrote:
> ...
> "The VNC protocol (RFB) is very simple, based on one graphic primitive
> from server to client ('Put a rectangle of pixel data at the specified
> X,Y position') and event messages from client to server."
what Dan was trying to point out to you was the vast difference in
attack surface between an IP KVM and the VNC protocol and
architecture.
IP KVM: keyboard, video, mouse interface to physical ports. dumb dumb dumb.
VNC: not so simple full of bugs year after year privileged service
running on host hooking into various OS facilities and exposing all
sorts of vulnerabilities between server and client. sma^H^H^H^H stupid
stupid stupid (from a security perspective)
if you believe these present *precisely* the same risk profile,
well... can i have some of what you're smoking?
On Tue, Jan 24, 2012 at 6:34 PM, Ben Bucksch <news@xxxxxxxxxxx> wrote:
> On 25.01.2012 02:05, coderman wrote:
>> you keep using that word.
>> i do not think it means what you think it means...
>
> Where else did I use that word?
> And what does it mean, in your understanding, that differs from my usage? I
> checked the dict and it seems fine.
let me spell it out: your precise equivalency between a KVM device and
a VNC service is neither accurate nor correct.
http://www.youtube.com/watch?v=OHVjs4aobqs
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/