On Tue, 16 Sep 2003, Bjvrn Persson wrote: > If I wanted to sniff other people's VNC traffic i'd first try to find an > existing program to do this. If I couldn't find one I would: > > 1: use one of the existing programs that can intercept TCP sessions. > Maybe I'd have to teach it how to recognize the RFB protocol. That's no > big problem. > > 2: feed the keystrokes to a small program that would write them to a log > file. If I'd need a translation table I could get one from any VNC > server. > > 3: feed the screen updates to one of those VNC viewers that can record > them as a video file. > > 4: feed the image data to one of the existing programs that perform > character recognition on screenshots, and log the character data.
In other words, it's not worth the effort and it will probably never happen. Does anyone know if this kind of thing has actually been done? Not as a demonstration -- has anyone actually been attacked in this way? > I'd be surprised if no one has done this already, and maybe even put the > pieces together to a convenient program, but if not, it's probably just > a matter of time. But it might not be a matter of time because it's so much work for so little gain? > On the Internet, either you have encryption, or you have *no* security. There are degrees. Some things get attacked constantly and some don't. Mike -- Michael B. Miller, Ph.D. Assistant Professor Division of Epidemiology and Institute of Human Genetics University of Minnesota http://taxa.epi.umn.edu/~mbmiller/ _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
