Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: VNC viewers: Clipboard of host automatically sent to remote machine

From: coderman <coderman () gmail com>
Date: Tue, 24 Jan 2012 21:31:46 -0800
On Tue, Jan 24, 2012 at 6:45 PM, Ben Bucksch <news () bucksch org> wrote:

...
"The VNC protocol (RFB) is very simple, based on one graphic primitive
from server to client ('Put a rectangle of pixel data at the specified
X,Y position') and event messages from client to server."


what Dan was trying to point out to you was the vast difference in
attack surface between an IP KVM and the VNC protocol and
architecture.

IP KVM: keyboard, video, mouse interface to physical ports. dumb dumb dumb.

VNC: not so simple full of bugs year after year privileged service
running on host hooking into various OS facilities and exposing all
sorts of vulnerabilities between server and client. sma^H^H^H^H stupid
stupid stupid (from a security perspective)

if you believe these present *precisely* the same risk profile,
well... can i have some of what you're smoking?



On Tue, Jan 24, 2012 at 6:34 PM, Ben Bucksch <news () bucksch org> wrote:

On 25.01.2012 02:05, coderman wrote:

you keep using that word.
i do not think it means what you think it means...


Where else did I use that word?
And what does it mean, in your understanding, that differs from my usage? I
checked the dict and it seems fine.


let me spell it out: your precise equivalency between a KVM device and
a VNC service is neither accurate nor correct.

http://www.youtube.com/watch?v=OHVjs4aobqs

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: