Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | (show all)   Print Thread
Standard User mikebear
(regular) Sat 16-Aug-14 11:22:15
Print Post

Thousands of computers open to eavesdropping and hijacking


[link to this post]
 
I have just read this in a newsletter from Sophos regarding potential security problems for people using VNC :-

https://nakedsecurity.sophos.com/2014/08/15/thousand...

I'm not sure if many members could be affected so decided to post warning just in case it applies.
Standard User caffn8me
(knowledge is power) Sat 16-Aug-14 12:56:21
Print Post

Re: Thousands of computers open to eavesdropping and hijacki


[re: mikebear] [link to this post]
 
A relatively straghtforward and free fix is to install Cygwin on the computer along with the OpenSSH and Cygrunsrv packages. Step by step instructions for getting sshd to run and start automatically can be found at http://www.noah.org/ssh/cygwin-sshd.html

This allows access to the computer by SSH and you then tunnel your VNC connection over the SSH link. You should then set the VNC server only to allow access from localhost.

A good free SSH client for the remote machine is Putty.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User BatBoy
(legend) Sat 16-Aug-14 12:56:59
Print Post

Re: Thousands of computers open to eavesdropping and hijacki


[re: mikebear] [link to this post]
 
Oh, Defcon


______________________________________________________________________________________False_Authority_Syndrome__________________


Register (or login) on our website and you will not see this ad.

Standard User Pipexer
(eat-sleep-adslguide) Sat 16-Aug-14 14:19:23
Print Post

Re: Thousands of computers open to eavesdropping and hijacki


[re: mikebear] [link to this post]
 
This is why I always use Remote Desktop.

AAISP Home::1
Standard User Andrue
(knowledge is power) Sat 16-Aug-14 14:54:44
Print Post

Re: Thousands of computers open to eavesdropping and hijacki


[re: Pipexer] [link to this post]
 
In reply to a post by Pipexer:
This is why I always use Remote Desktop.
Plus RDP is a more efficient protocol and because it's not based around sending images doesn't need to scale or scroll the remote desktop. It just renders things onto the local screen as if it were attached to the remote computer.

---
Andrue Cope
Brackley, UK
Standard User Zadeks
(experienced) Sat 16-Aug-14 14:56:56
Print Post

Re: Thousands of computers open to eavesdropping and hijacki


[re: mikebear] [link to this post]
 
This could have been an article from the 90s.
Administrator MrSaffron
(staff) Sat 16-Aug-14 17:43:56
Print Post

Re: Thousands of computers open to eavesdropping and hijacki


[re: mikebear] [link to this post]
 
Or just the basic thing of adding a password to the VNC access, since article suggests the ones found had NO PASSWORD set at all.

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User TMCR
(member) Sat 16-Aug-14 18:36:54
Print Post

Re: Thousands of computers open to eavesdropping and hijacki


[re: mikebear] [link to this post]
 
"...if VNC isn't locked down with a strong, unique password..."
How many people would leave an access point like this open without a password?

I've used VNC for years and have always set a password, I don't want any tom dick or harry peeping into my stuff. It's usually the second of those guys who try, and often fail.

Virgin Cable (50/3)
Standard User BatBoy
(legend) Sat 16-Aug-14 22:36:36
Print Post

Re: Thousands of computers open to eavesdropping and hijacki


[re: TMCR] [link to this post]
 
How can you tell if he guesses your password?


______________________________________________________________________________________False_Authority_Syndrome__________________
Standard User TMCR
(member) Sat 16-Aug-14 22:44:29
Print Post

Re: Thousands of computers open to eavesdropping and hijacki


[re: BatBoy] [link to this post]
 
Dick? He'll never guess my password, he's not clever enough. smile

Virgin Cable (50/3)
Pages in this thread: 1 | 2 | (show all)   Print Thread

Jump to