lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 25 Jan 2012 20:33:55 +1100
From: GloW - XD <doomxd@...il.com>
To: Dan Yefimov <dan@...htwave.net.ru>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: VNC viewers: Clipboard of host automatically
 sent to remote machine

nice to send THIS one to fd, and you ssomehow admit to knowing it here
yet, i told you what it was, exactly, dont try make me look bad fag,
or i will drop your fucking domain, for a month :)
ciao beech,.
xd


On 25 January 2012 19:55, Dan Yefimov <dan@...htwave.net.ru> wrote:
> On 25.01.2012 5:45, Ben Bucksch wrote:
>> On 25.01.2012 00:52, Henri Salo wrote:
>>> On Wed, Jan 25, 2012 at 12:47:28AM +0100, Ben Bucksch wrote:
>>>> On 25.01.2012 00:09, Dan Kaminsky wrote:
>>>>> IP KVM, in which the foreign server basically gets only inbound
>>>>> Keyboard and Mouse and outbound uncompressed pixels.
>>>> That is *precisely* what VNC is: an open-source IP KVM.
>>> What the hell? Seriously..
>>>
>>> http://en.wikipedia.org/wiki/VNC
>>
>> hihi. Thanks.
>>
>> "It transmits the keyboard and mouse events from one computer to
>> another, relaying the graphical screen updates back in the other
>> direction, over a network."
>> "The VNC protocol (RFB) is very simple, based on one graphic primitive
>> from server to client ('Put a rectangle of pixel data at the specified
>> X,Y position') and event messages from client to server."
>>
>> Compare to above.
>>
>> Now, the part where it defines that clipboard is also a standard part of
>> VNC... oh, huch, it's not there! (Just a random note that Unicode is
>> impossible, but not that clipboard is defined as part of the protocol at
>> all.) Ah, I know... Surely, it must be on
>> <http://en.wikipedia.org/wiki/RFB_protocol>... No, same thing there.
>> Strange.
>>
> It should be strictly understood that something not being mentioned in the
> Wikipedia article doesn't mean that doesn't exist at all, since Wikipedia is
> _not_ authoritative information source. The authoritative information source
> would be the formal specification of the protocol explicitly defining the set of
> event types and explicitly prohibiting non-defined event types, otherwise
> implementations are free to define and use their own event types being in fact
> extensions of the protocol. It's defined nowhere that VNC is _exactly_
> open-source IP KVM and nothing more.
>
>> P.S. I was just reporting bug. I hope at least some software finds a
>> better solution. Have fun.
>>
> I'd suggest you find alternative product allowing you to explicitly configure
> that clipboard is not transmitted to the host under control instead of
> struggling with the product limitations and design flaws.
> --
>
> Sincerely Yours, Dan.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ