Carlyle:
Heya. Yes, it's a safe bet that many people on this list
have a router with port 5900 forward to a Windows machine. Of
course, this increases "risk", but only some much as the integrity
of what *listens* to that port, namely the VNC Server itself.
Of course, as I wrote back in Sept on a similar thread, I
agree with you that VNC users should try to use a secure-tunnel
whenever they VNC across the Internet. That just a inarguable Good
Idea. For those using VNC to remotely administer their content-
sensitive servers, I'm sure it's one of the first things done.
But even a secure tunnel isn't a panacea. To implement a
good network security strategy (and/or a good network attack
strategy), go after the biggest holes first. For VNC users, the
biggest weakness isn't forwarding ports, it's choosing weak VNC
passwords. For *all* Windows, the even-bigger weakness is reading
email with Outlook and not keeping up with MSoft's near-weekly
release of security patches. Maybe 5th or 6th on my list would be
"running VNC without a secure-tunnel". Your mileage may vary. :)
In closing, as I used to tell my IT clients and I'm sure
you know, the Black Hats don't want to break into your PC to steal
your credit card numbers. Not their intent. If it were, then the
rationalization I heard 90-percent of the time ("Oh, I don't keep
anything on that computer anyone would want to steal") would make
good sense. Instead, though, the Black Hats want to break into your
computer so that when they next try to crash Amazon's servers, or
setup an illegal content reflector, they do it from *your* computer.
cheers,
Scott
> Let me echo Jack with a bit of emphasis. Look, some of you
> are publishing the IP addresses of your routers, the make and version
> of your routers, WHICH PORTS YOU ARE OPENING and the ip
> addresses and operating systems of the machines behind your
> routers. This is a public mailing list that anybody can subscribe to.
> Your routers should be serving as FIREWALLS and many of you
> are degrading them to be simple routers and then letting the world
> know where to send their probes.
>
> Please look into VPN and SSH. Use VNC exclusively through one of
> these.
<snip>
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
