Slashdot Mirror

← Back to Stories (view on slashdot.org)

VNC, No Longer Orphaned

Posted by ryuzaki0 on from the pc-anywhere-with-the-right-price dept.

geogeek6_7 writes "Icronic informs us of a couple new developments to everyone's favorite piece of remote-managment software, VNC. You may remember that the UK Lab responsible for the creation and maintainence of VNC closed. A company called RealVNC has been formed, sporting the original coders from the AT&T lab, and aiming to 'act as the focal point for open source VNC.' Secondly, the new company has released version 3.3.4 of VNC for Windows and Linux. Greater security and a new, speed-enhancing auto-encoding feature are included among many others in the new version."

5 of 205 comments (clear)

  1. Re:They have a lot of work on their hands by fault0 · · Score: 5, Informative

    I'd have to agree that VNC isn't exactly good on dialup connections or even ISDN.

    However, this is what tightvnc is for. Regular VNC works very well in a LAN though, and works quite well from every broadband connection I've used.

  2. Re:Make sure the version... by Istealmymusic · · Score: 4, Informative
    Reference: VNC authentication weakness, Bugtraq 07/24/2002. In summary:

    VNC uses a DES-encrypted challenge-response system to avoid passing passwords over the wire in plaintext.

    However, it seems that a weakness in the way the challenge is generated by some servers would make this useless.

    The following program attempts to repeatedly connect to a vnc server and prints the challenge string.

    Against tightvnc-1.2.1_unixsrc, you'll see output like

    • $ python pvc.py somehost:1
    • 4b24fbab355452b55729d630fcf73d43
    • b3acdf3fab422b7aa49b8d786f93def3
    • b3acdf3fab422b7aa49b8d786f93def3
    • b3acdf3fab422b7aa49b8d786f93def3
    • b3acdf3fab422b7aa49b8d786f93def3
    • 88e37f1677c4e4f56eb2fa00a2804ded
    • 88e37f1677c4e4f56eb2fa00a2804ded
    • 88e37f1677c4e4f56eb2fa00a2804ded
    • 88e37f1677c4e4f56eb2fa00a2804ded

    [...] each time the same string is printed twice in a row the server has repeated a challenge.

    WinVNC version 3.3.3R9 will display output more like

    • $ python pvc.py otherhost:0
    • Server declined connection
    • Server declined connection
    • 91ff701f7dce8c6eebbc6062ffebcc6a
    • Server declined connection
    • Server declined connection
    • [...]
    It appears that connects are rate-limited, even if the connects come from two distinct machines. This appears to foil the below attack on VNC authentication. (Whether this means there is a good DoS opportunity against WinVNC is a separate question)

    If your server will give the same challenge repeatedly, and you can sniff somebody else's challenge and response, it appears that you could authenticate without knowing the password simply by connecting within the 1-second window to get the same challenge, and then send the same response as the legitimate client.

    Shocking.
    --
    "The lesson to be learned is not to take the comments on slashdot too literally." --Vinnie Falco, BearShare
  3. ssh tunnel by goombah99 · · Score: 5, Informative
    I tunnel vnc through multiple firewalls all the time (over DSL);both direction run through a single port so it's actually easier than tunneling X windows. not to mention more secure than xhosts. And in my experience if you use the right client is WAY more robust and faster than remote x-windows. especially for real-time mouse actions (use a bad client and it stinks, so shop around).

    some tips: generally you are better off NOT enabling ssh compression as VNC's compression works better. Supposedly tightVNC is the best for narrow pipes. But on fat pipes in actually is better not to compress. if you are worried about security do two things. first always turn off the http port (on by default at 580x). Second, for extra security only allow connections to/from loopback 127.0.0.1. Then use ssh to send it where you want. Finally, note that VNC itself is not encoded so the ONLY protection you are getting is the SSH encoding. If you dont tunnel all the way you are exposed. However since it is graphics info and not plain ascii, it takes a clever hacker to actually decode what you are sending in the clear.

    --
    Some drink at the fountain of knowledge. Others just gargle.
  4. the new version is MUCH faster on win2k by e40 · · Score: 4, Informative

    I use the client and server on win2k boxes, and the new version is noticeably faster. I definitely recommend an upgrade for anyone using the older version on windows.

  5. they accept donations by havaloc · · Score: 4, Informative

    If you use VNC, they are accepting donations at http://www.realvnc.com/contribute.html.