May 17th, 2006, 06:13 PM
- That makes me feel a lot better....
I like VPN and Remote Desktop personally...
In our company, we also use openVPN and Windows' RDP on accessing our server farm. And we never had any problems with it yet.
openVPN server runs in UNIX, while we use the client in our WinXP machines and it is very useful in our remote administration tasks.
May 18th, 2006, 10:13 PM
Found at: http://isc.sans.org/
RealVNC exploits in the wild (NEW)
Last Updated: 2006-05-18 17:10:59 UTC by Swa Frantzen
Active use of RealVNC to break into systems is being reported anonymously.
If you can share more details or just can report attempts, please let us know
If you have any RealVNC exposed, check if you are hacked, and if not take measures immediately. If you want an inherently more secure solution check how to run vnc over ssh
on your specific platform.
See more of the vulnerability in the May 15th diary
by Kyle Haugsness.
List of exploits reported to us by our readers:
- Austin from the UK reports that all shared printers in his office stated to print:
Dear Network Administrator. Please do not be alarmed. My team is network security specialist. You are using a vulnerable version of VNC. Please upgrade your version soon.We have not accessed your data but we could have. Have a nice dayThe intrusion reportedly happened on a workstation where a visitor left a VNC server running.
- He notes that "RealVNC logs all connection IP addresses in the event manager which some people didn't know"
- An Anonymous report about the installation of typical tools installed by the warez and hacker crowd such as Serv-U and pwdump.
Keep them coming!
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu
, The Art of War
May 19th, 2006, 06:21 AM
Yeah, we're seeing a fair amount of scans from the Internet looking for port 5900...no worries though, we dont allow (and dont have open as we audit regulary) VNC over the Internet. Plus we mostly use UltraVNC.
So wonder how long until a network worm is released exploiting this issue.....or existing malware for say botnets get this exploit built into it. sigh