Re: Remote Desktop vs VPN on Windows 2003

[Michael Gale <michael.gale () bluesuperman com>]

Hello,

	Think of it like this ... the number of hacks vs the number of 
connections available.

SSH is widely used on the Internet because it allows a secure 
connection, where in Microsoft documents does it say "RDP is safe and 
there are no concerns about using it over the Internet natively".

Plus there has been more then one RDP vulnerability, I have read on-line 
at a few security sites where they have stated that they have reported 
security vulnerabilities to Microsoft and Microsoft refused to accept them.

So how many RDP bugs / issues get reported and turned down ?

Also Microsoft has that stupid agreement EULA, if you report a 
vulnerability to Microsoft the bug can not be made public until a fix 
has been released or until Microsoft has been given ampull time to 
release a patch.

How many bugs exist in RDP that you don't know of ??

You can not compare current RDP release to years SSH releases ... that 
is like saying XP is more secure then your first ever release of Linux. 
Compare current versions and releases.

Michael.


Roger A. Grimes wrote:
> SSH multiple hacks...RDP one in 2002.  How is RDP the worse tool?  I
> keep waiting for facts? 
>
> -----Original Message-----
> From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net] 
> Sent: Wednesday, January 19, 2005 12:05 PM
> To: security-basics () securityfocus com
> Subject: Re: Remote Desktop vs VPN on Windows 2003
>
> On 2005-01-18 Roger A. Grimes wrote:
>
> > but if the Windows tool can do the same or better job, why not use the
>
>
> > free tools in the system?
>
>
> Because it can't.
>
> Regards
> Ansgar Wiechers
> --
> "Those who would give up liberty for a little temporary safety deserve
> neither liberty nor safety, and will lose both."
> --Benjamin Franklin