Stephen, There's more to session security than simply visibility of key-presses to nosey network neighbours. Without proper tanper-proofing, for example, it's possible for an attacker to gain access to a system by listening in on an established session & hi-jacking it.
Wez @ RealVNC Ltd. > -----Original Message----- > From: Stephen Fromm [mailto:[EMAIL PROTECTED] > Sent: 10 February 2006 11:32 > To: James Weatherall; [email protected] > Subject: Re: I was hacked by a VNC user! > > > We don't advise use of VNC Free Edition across the Internet > except via > > some > > sort of secure tunnelling protocol. VNC Enterprise & > Personal Editions > > have > > in-built session security for this purpose. All current VNC Server > > releases > > also support querying the local user to accept connections, which is > > advisable if you are concerned that the password you are > using is weak or > > widely known. > > But if I don't type any passwords, etc, once my connection is > established, > what does the additional protection actually afford me? > (Meaning, again, if > the datastream itself doesn't need to be protected, but only > the password > and ability to connect to the server.) > > Thanks in advance, > > SJF _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
