Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: VNC viewers: Clipboard of host automatically sent to remote machine
From: Ben Bucksch <news () bucksch org>
Date: Wed, 25 Jan 2012 00:47:28 +0100

On 25.01.2012 00:09, Dan Kaminsky wrote:
IP KVM, in which the foreign server basically gets only inbound 
Keyboard and Mouse and outbound uncompressed pixels.

That is *precisely* what VNC is: an open-source IP KVM.

And please don't turn this into "you're stupid", because I've seen 
others with the same setup. As mentioned, I know of a government agency 
with highly competent IT staff who had a similar setup: normal and 
sensitive work is on the desktop/notebook and Internet access (which is 
considered insecure) is on a remote machine, with a viewer on the desktop.

To make it clear: I take offense in the copying being *automatic*. I 
have nothing against the clipboard feature, per se. But if something 
happens automatically, how am I supposed to know that it happens? The 
user should make a conscious choice. That thinking would also help him 
realize the risk. "Secure by default".

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]