Security Basics mailing list archives
RE: Remote Desktop vs VPN on Windows 2003
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Wed, 19 Jan 2005 17:46:55 -0500
RDP's be around since Microsoft bought the Terminal Server technology from Citrix...was that 1997 or 1998...product was code-named Hydra then. They made RDP because they didn't get ICA from Citrix. Odds are that if RDP had an active hack, it would be publicly known. I'm quite familiar with the bug reporting to MS and you can report bugs without abiding to any EULA. It's your choice. It's not as if they can stop you from sending an email to secure () microsoft com and reporting on the bug any way you want. Many people report the bug to Bugtraq, not MS. How many bugs exist in SSH that you don't of? It's an unanswerable question on both sides. -----Original Message----- From: Michael Gale [mailto:michael.gale () bluesuperman com] Sent: Wednesday, January 19, 2005 5:26 PM To: Roger A. Grimes; security-basics () securityfocus com Subject: Re: Remote Desktop vs VPN on Windows 2003 Hello, Think of it like this ... the number of hacks vs the number of connections available. SSH is widely used on the Internet because it allows a secure connection, where in Microsoft documents does it say "RDP is safe and there are no concerns about using it over the Internet natively". Plus there has been more then one RDP vulnerability, I have read on-line at a few security sites where they have stated that they have reported security vulnerabilities to Microsoft and Microsoft refused to accept them. So how many RDP bugs / issues get reported and turned down ? Also Microsoft has that stupid agreement EULA, if you report a vulnerability to Microsoft the bug can not be made public until a fix has been released or until Microsoft has been given ampull time to release a patch. How many bugs exist in RDP that you don't know of ?? You can not compare current RDP release to years SSH releases ... that is like saying XP is more secure then your first ever release of Linux. Compare current versions and releases. Michael. Roger A. Grimes wrote:
SSH multiple hacks...RDP one in 2002. How is RDP the worse tool? I keep waiting for facts? -----Original Message----- From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net] Sent: Wednesday, January 19, 2005 12:05 PM To: security-basics () securityfocus com Subject: Re: Remote Desktop vs VPN on Windows 2003 On 2005-01-18 Roger A. Grimes wrote:but if the Windows tool can do the same or better job, why not use thefree tools in the system?Because it can't. Regards Ansgar Wiechers -- "Those who would give up liberty for a little temporary safety deserve
neither liberty nor safety, and will lose both." --Benjamin Franklin
Current thread:
- RE: Remote Desktop vs VPN on Windows 2003, (continued)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 19)
- RE: Remote Desktop vs VPN on Windows 2003 Frank Hamersley (Jan 20)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 19)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 19)
- Re: Remote Desktop vs VPN on Windows 2003 Ansgar -59cobalt- Wiechers (Jan 19)
- Re: Remote Desktop vs VPN on Windows 2003 Michael Gale (Jan 20)
- RE: Remote Desktop vs VPN on Windows 2003 Conlan Adams (Jan 20)
- heroes Dave Aronson (Jan 24)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 20)
- RE: Remote Desktop vs VPN on Windows 2003 Nero, Nick (Jan 20)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 20)
- RE: Remote Desktop vs VPN on Windows 2003 Roger A. Grimes (Jan 19)