Full Disclosure mailing list archives
Re: VNC viewers: Clipboard of host automatically sent to remote machine
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 25 Jan 2012 11:50:20 +1300
Ben Bucksch wrote:
Even then, that is not sufficient, as explained in length.
No -- what you "explained in length" _and_ seem impervious to understanding, despite a couple of respondents explaining it quite clearly, is that you have chosen to perform ongoing "sensitive" work in an environment where doing so is, at best, represents a highly questionable security stance. _Part_ of what contributes to that questionability is your choice to more-or-less continuously run an application that you should always have known leaks access to the clipboard of what you oddly choose to describe as a "trusted desktop" (odd, because you should know that exposing the host clipboard to the client is common -- in fact, probably the standard default -- functionality of VNC clients). That your chosen/preferred/whatever VNC client does not allow you to turn off, or otherwise modify or monitor this functionality is not a security vulnerability or bug, as you seem intent on portraying it. It may be an undesirable feature (or, more accurately, lack of a feature) but don't you have other VNC clients to choose from? Must you use this particular VNC client? If so and this method of working is so critical to you, should you not choose a different platform for your "trusted desktop" and run a more suitably configurable VNC client? Or, if your sensitive work is really that sensitive, should you not invest in a second machine for remotely monitoring/interacting with the the untrusted, sandboxed applications you need to run, so that they really are securely separated (can we all say "air gap"?) from your more "sensitive" operations? It would not have to be a very heavy-duty machine -- a very low-end netbook style machine, or possibly even a cheap tablet-style device may more than suffice... ... Another part of that questionability is obvious to anyone with nous reading this list... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- VNC viewers: Clipboard of host automatically sent to remote machine Ben Bucksch (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Giles Coochey (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Ben Bucksch (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Giles Coochey (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Ben Bucksch (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Giles Coochey (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Ben Bucksch (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Nick FitzGerald (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Dan Kaminsky (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Ben Bucksch (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Henri Salo (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Ben Bucksch (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine coderman (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Valdis . Kletnieks (Jan 24)
- Message not available
- Re: VNC viewers: Clipboard of host automatically sent to remote machine coderman (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Gage Bystrom (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Carlos Pantelides (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Giles Coochey (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Dan Yefimov (Jan 25)