Rick, The vulnerability affecting VNC Server Free Edition 4.1 & 4.1.1 servers has been addressed in VNC Server Free Edition 4.1.2 - please ensure that your server has been upgraded to that version, and use your virus-scanner to ensure that no malicious "drops" have been placed on your system when it was compromised.
Note that VNC Free Edition's VNC Password Authentication considers only the first 8 characters of the password, and ignores further characters. VNC Enterprise & Personal Editions support long passwords, of up to 255 characters. Regards, Wez @ RealVNC Ltd. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rick > Sent: 25 July 2006 14:15 > To: [email protected] > Subject: backdoor in vnc > > Hello, > > I got the vnc free version to try for a few days and then was > going to purchase the 'good' version. I find it is a really > nice program except for one problem I found. A few days > after I installed it, I been noticing funny things happening. > When I got home from work, icons were moved, an FTP program > was up and many files have been deleted, and my DVD burner > software was opened. I thought I just made a mistake till > last nite. I was reading a web page and then the mouse moved > and brought up the start menu without me doing it, then I > noticed the vnc icon was black instead of white. some one > was on it. I also looked in tht XP admin logs that vnc had > several logins by other IPs, some not even in the USA. I > have set several different passwords every day that are just > random 10 to 12 characters in length. I have confirming > reports from others that vnc has a back door that people go > scanning for. Does anyone have any of the same experiances. > > Thank you > > -Rick > > http://www.rkratt.com > _______________________________________________ > VNC-List mailing list > [email protected] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
