I just read this on the ukcrypto mailing list and thought it
might be of interest to some on this list..[1]
David Howe wrote:
> [T]he VNC client (and registry key decoder) is freely
> available from [ATT's] website so if the code isn't
> locally patched to include a different DES key than
> the default, anyone else on the network can pull
> out the key and connect to anyone else they know the
> ip address of...
sfaics, the WinXP built-in firewall leaves WinVNC (and other
network services) particularly vulnerable, with no distinction
made between trusted and public IP networks - I may well be
very wrong but it looks like it's an all or nothing firewall -
ports are either open to all, or they are closed altogether,
there is no inbetween. Am I right?
Continuing on the subject of security, has anybody gotten a
working patched tcpd for the current or recent Cygwin and have
they got sshd to compile with libwrap support? I saw some
mention of this on the Cygwin mailing lists from some months
ago, but have read nothing more recent. [2]
Lastly, is there anything achieved by running sshd out of
inetd but without tcpd?
Regards,
Mongo
[1] http://www.chiark.greenend.org.uk/pipermail/ukcrypto/
[2] http://www.cygwin.com/ml/cygwin/2001-07/msg01566.html
-- List Information: http://tech.erdelynet.com/maillist-ssh-l.asp List Archives: http://erdelynet.com/archive/ssh-l/Received on Sat Mar 30 16:52:38 2002
This archive was generated by hypermail 2.1.8 : Fri Jul 29 2005 - 17:33:33 EDT