>I think everyone is missing the point. It doesn't matter if VNC is the >application that one uses the shatter attack on or not. The point is that >VNC, or any remote access program as pointed out, effectively gives the same >ability of being physically present at the server. You can cut-and-paste >ploit code over the VNC session and use the shatter attack on ANOTHER >program, such as a virus detection program as documented in the shatter >attack.
Then the situation is as clear as it always was. Don't give a user remote-desktop access to a Windows machine unless you'd be happy about them sitting physically in front of it. -- -------------------------------------------------------------- from: Jonathan "Chromatix" Morton mail: [EMAIL PROTECTED] website: http://www.chromatix.uklinux.net/ geekcode: GCS$/E dpu(!) s:- a21 C+++ UL++ P L+++ E W+ N- o? K? w--- O-- M++$ V? PS PE- Y+ PGP++ t- 5- X- R !tv b++ DI+++ D G e+ h+ r++ y+(*) tagline: The key to knowledge is not to rely on people to teach you it. _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
