Security Basics mailing list archives
Re: VNC Security
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Fri, 12 Aug 2005 18:57:00 +0200
On 2005-08-12 nixuser23 () hotmail com wrote:
Yes, you've installed a remote admin tool, used it appropriately, then disabled it. But, here's where you are missing the point. You haven't removed it. The user asks a friend to help out, the friend sees VNC and heard it's cool, starts the service to run automatically. Now it's live, all the time.
The very same friend may not see VNC, have heard it's cool, and install it to run automatically.
Okay, another scenario. The user is bright, but his 13 year old kid gets this joke from a friend, and is logged in as, guess what? The administrator, opens the joke, oh, it's a trojan, worm, the next best script, whatever. Finds windows firewall, disables it, finds a virus scanner, disables it, finds VNC, enables it and sends an email back to somewhere in mainland China.
Finds windows firewall, disables it, finds a virus scanner, disables it, downloads VNC, enables it and sends an e-mail back to somewhere in mainland China. Run malware with administrative privileges and you're toast. Period.
End result is, you've provided excellent tech support, but you've left the user open to exploit in the future by not minimizing services and have left the user open to downstream liability.
If you think you have a point here: you don't. In any of your scenarios VNC is just as easily installed as simply re-enabled. Regards Ansgar Wiechers -- "Another option [for defragmentation] is to back up your important files, erase the hard disk, then reinstall Mac OS X and your backed up files." --http://docs.info.apple.com/article.html?artnum=25668
Current thread:
- Re: Re: VNC Security nixuser23 (Aug 12)
- Re: VNC Security Ansgar -59cobalt- Wiechers (Aug 15)
- <Possible follow-ups>
- Re: VNC Security rebootd (Aug 16)
- Re: VNC Security Ansgar -59cobalt- Wiechers (Aug 23)