Re: Windows Remote Desktop - any known vulnerabilities?

[Ronald van der Westen <rvdwesten () gmail com>]

Hi Chuck

I wouldnt recommend running rdp straight om the internet. 

Especially for the "less secure" clients. It is possible that à man in the middle attack gathers sensitive data, like 
passwords, whenever you type in your session.

Try one of the free services on the internet, like logmein.com. They are not the best option but might be better than 
rdp. 

They are available using ssl-tunneling so in most cases available everywhere you want. 


Regards,
Ronald van der Westen

Verstuurd vanaf mijn iPhone

Op 28 nov. 2010 om 03:21 heeft Chuck Mayers <chuck.mayers () gmail com> het volgende geschreven:

> About 6 months ago, I wanted to connect to my home computer (which
> runs Windows 7) from work, so I enabled Remote Desktop, with the
> option "Allow connections from computers running any version of Remote
> Desktop (less secure)". It was a one time thing, and I've never used
> it since. I left these options on.
>
> Today I noticed an event in the event log:
>
> The RDP protocol component X.224 detected an error in the protocol
> stream and has disconnected the client.
>
> This same error also appears one other time, 2 months ago.
>
> I've googled the message, it sounds like it could simply be an error
> you'd get if a remote user closed his session... except that there
> shouldn't be any remote users! At the time of the event, I'm not even
> sure if I was using the computer, but I know that I have not used RDP
> for 6 months and no one else should be connecting.
>
> Are there any known Remote Desktop vulnerabilities (for a PC acting as
> the server) that I should be worried about?
>
> Is there any other way this event would be in the event log, besides
> the obvious - someone had connected to my PC?
>
> I looked in the event log for anything obviously strange around the
> times of these events, and I don't see anything. The PC seems fine and
> I don't have any reason to think it was compromised except for this
> strange event message.
>
> I'm wondering if there is anything else I can check for, to figure out
> what this cryptic message means.
>
> Thanks
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------