Re: [SLUG] VNC on the internet

From: Derek Glidden (dglidden@illusionary.com)
Date: Fri May 11 2001 - 11:43:18 EDT


Ed Centanni wrote:
>
> I'm considering running a VNC server so I can access my machine
> remotely. Yea, I know I should use ssh instead but I thought I'd ask if
> anyone knew if VNC is relatively secure is it a welcome mat for
> crackers.

It is absolutely NOT secure and there are many warnings as such on their
website. I'd guess it'd be rather trivially hacked if someone felt it
was worth the effort, but since it's a pretty obscure bit of code, I
doubt it's the highest-profile target in the world.

If you dig around their website some, there are some rather obscure
instructions on how you can tunnel it through SSH, which substantially
increases its overall security. (i.e. from "none" to "some" :)

Of course, then the question begs: are you talking about using VNC to
access a Linux box, and if so, why *wouldn't* you be using SSH? SSH has
the ability to forward X apps, and if you get really desperate, you can
even run Xnest over an SSH tunnel, which is very similar to VNC,
although a bit weirder... What would be the benefit of running VNC
rather than logging in via SSH?

And someone remind me to mention the time I ssh'ed into my machine in
Tampa from San Jose, ran Xnest over an SSH tunnel, opened an xterm,
telnet'd from that xterm to my Sun box with that wierd old WABI thing
and started up a Win3.1 session....

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl -w
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
$t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
print+x"C*",@a}';s/x/pack+/g;eval 

usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \ | extract_mpeg2 | mpeg2dec -

http://www.eff.org/ http://www.opendvd.org/ http://www.cs.cmu.edu/~dst/DeCSS/Gallery/



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:07:06 EDT