lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4F1F0483.4020304@bucksch.org>
Date: Tue, 24 Jan 2012 20:20:35 +0100
From: Ben Bucksch <news@...ksch.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: VNC viewers: Clipboard of host automatically
 sent to remote machine

On 24.01.2012 20:08, Giles Coochey wrote:
> I have seen this is an often requested feature

Yes, I understand. It can be highly useful. That's why I proposed to 
make a "Paste" button in the main toolbar (probably with a keyboard 
shortcut, too). So, the user would have to press one more button / key 
(3 actions instead of 2) to for the information to travel to the remote 
host. Compared to the risk, I think that's an acceptable tradeoff.

Please tell me that you have never ever copied a password (or anything 
else highly sensitive) using the clipboard.

I guess what makes my case and the government agency case different is 
that for you and others, VNC is typically the primary focus, but here on 
my machine it's running all the time, I have several test machines with 
untrusted software running and connected *always*.

> --- a/src/vncconnection.c
> +++ b/src/vncconnection.c 

Thanks for the patch!

Giles +1

Ben

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ