Re: VNC Security

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2005-08-12 nixuser23 () hotmail com wrote:
> Yes, you've installed a remote admin tool, used it appropriately, then
> disabled it.
>
> But, here's where you are missing the point. You haven't removed it.
>
> The user asks a friend to help out, the friend sees VNC and heard it's
> cool, starts the service to run automatically. Now it's live, all the
> time.

The very same friend may not see VNC, have heard it's cool, and install
it to run automatically.

> Okay, another scenario. The user is bright, but his 13 year old kid
> gets this joke from a friend, and is logged in as, guess what? The
> administrator, opens the joke, oh, it's a trojan, worm, the next best
> script, whatever. Finds windows firewall, disables it, finds a virus
> scanner, disables it, finds VNC, enables it and sends an email back to
> somewhere in mainland China.

Finds windows firewall, disables it, finds a virus scanner, disables it,
downloads VNC, enables it and sends an e-mail back to somewhere in
mainland China.

Run malware with administrative privileges and you're toast. Period.

> End result is, you've provided excellent tech support, but you've left
> the user open to exploit in the future by not minimizing services and
> have left the user open to downstream liability.

If you think you have a point here: you don't.

In any of your scenarios VNC is just as easily installed as simply
re-enabled.

Regards
Ansgar Wiechers
-- 
"Another option [for defragmentation] is to back up your important files,
erase the hard disk, then reinstall Mac OS X and your backed up files."
--http://docs.info.apple.com/article.html?artnum=25668