lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Jan 2012 00:47:28 +0100 From: Ben Bucksch <news@...ksch.org> To: full-disclosure@...ts.grok.org.uk Subject: Re: VNC viewers: Clipboard of host automatically sent to remote machine On 25.01.2012 00:09, Dan Kaminsky wrote: > IP KVM, in which the foreign server basically gets only inbound > Keyboard and Mouse and outbound uncompressed pixels. That is *precisely* what VNC is: an open-source IP KVM. And please don't turn this into "you're stupid", because I've seen others with the same setup. As mentioned, I know of a government agency with highly competent IT staff who had a similar setup: normal and sensitive work is on the desktop/notebook and Internet access (which is considered insecure) is on a remote machine, with a viewer on the desktop. To make it clear: I take offense in the copying being *automatic*. I have nothing against the clipboard feature, per se. But if something happens automatically, how am I supposed to know that it happens? The user should make a conscious choice. That thinking would also help him realize the risk. "Secure by default". _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists