lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4F1F4310.1010004@bucksch.org>
Date: Wed, 25 Jan 2012 00:47:28 +0100
From: Ben Bucksch <news@...ksch.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: VNC viewers: Clipboard of host automatically
 sent to remote machine

On 25.01.2012 00:09, Dan Kaminsky wrote:
> IP KVM, in which the foreign server basically gets only inbound 
> Keyboard and Mouse and outbound uncompressed pixels.

That is *precisely* what VNC is: an open-source IP KVM.

And please don't turn this into "you're stupid", because I've seen 
others with the same setup. As mentioned, I know of a government agency 
with highly competent IT staff who had a similar setup: normal and 
sensitive work is on the desktop/notebook and Internet access (which is 
considered insecure) is on a remote machine, with a viewer on the desktop.

To make it clear: I take offense in the copying being *automatic*. I 
have nothing against the clipboard feature, per se. But if something 
happens automatically, how am I supposed to know that it happens? The 
user should make a conscious choice. That thinking would also help him 
realize the risk. "Secure by default".

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ