Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: VNC viewers: Clipboard of host automatically sent to remote machine
From: Ben Bucksch <news () bucksch org>
Date: Tue, 24 Jan 2012 20:20:35 +0100

On 24.01.2012 20:08, Giles Coochey wrote:
I have seen this is an often requested feature

Yes, I understand. It can be highly useful. That's why I proposed to 
make a "Paste" button in the main toolbar (probably with a keyboard 
shortcut, too). So, the user would have to press one more button / key 
(3 actions instead of 2) to for the information to travel to the remote 
host. Compared to the risk, I think that's an acceptable tradeoff.

Please tell me that you have never ever copied a password (or anything 
else highly sensitive) using the clipboard.

I guess what makes my case and the government agency case different is 
that for you and others, VNC is typically the primary focus, but here on 
my machine it's running all the time, I have several test machines with 
untrusted software running and connected *always*.

--- a/src/vncconnection.c
+++ b/src/vncconnection.c 

Thanks for the patch!

Giles +1


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]