Adrian Powell wrote:
Is Real VNC considered current safe enough (generally) to use across the internet ?.
Free edition: NO! It is not encrypted, and although the password is checked securely, you can only have a password of a maximum length of 8 characters. Any keypresses (for typing passwords, etc.) you send within the session are send "in the clear." Similarly, if the work you are doing on screen is sensitive, that is not encrypted. However, you can tunnel VNC through a VPN or SSH connection. Try googling "VNC and SSH HOWTO" or "VNC and VPN HOWTO" for details on how to go about this.
It is my understanding that RealVNC Personal edition and Enterprise edition address these issues. There are also variants on different versions of RealVNC Free edition that have encryption added in, such as VeNCrypt, maintained by myself and Martin Koegler. See http://sourceforge.net/projects/vencrypt for details.
Googling for VNC exploits appears to imply that there have been many vulnerabilities in the past, and having free source code available only compounds the security risk.
Open source does not make it any more/less secure than any other solution. Many security schemes are open, either from open source implementations or the algorithm is publicly known. There is no security in hiding your method - considerably less in fact, since that means fewer people can analyse the situation. For example, ssh is open source but considered a very secure mechanism.
Stewart Becker _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
