Comments on: Recommendation: SecurityFocus.com http://www.zackrippy.com/2006/06/05/recommendation-securityfocuscom/ Mon, 03 May 2010 13:52:07 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Philip Williams http://www.zackrippy.com/2006/06/05/recommendation-securityfocuscom/comment-page-1/#comment-300 Philip Williams Tue, 06 Jun 2006 00:52:17 +0000 http://www.zackrippy.com/2006/06/05/recommendation-securityfocuscom/#comment-300 Excellent resource. And I mean that. I used this site to get some information on a new hack that is out for VNC (a remote network kvm application). I was using this application with a port forward from a firewall at my in-laws house. Yes, I know I should have been forwarding the connection through SSH or some other secure connection, but I didn't, ok? Well anyway, someone used a kit that bypassed the authorization on my in-laws' VNC server. This allowed them to log in without a password and they installed an IRC rootkit and ftp server. So, be aware that there is a new version of VNC that should have fixed this problem. Please, if you use VNC and are open to the Internet, get the latest version of VNC. Excellent resource. And I mean that. I used this site to get some information on a new hack that is out for VNC (a remote network kvm application). I was using this application with a port forward from a firewall at my in-laws house. Yes, I know I should have been forwarding the connection through SSH or some other secure connection, but I didn’t, ok? Well anyway, someone used a kit that bypassed the authorization on my in-laws’ VNC server. This allowed them to log in without a password and they installed an IRC rootkit and ftp server.

So, be aware that there is a new version of VNC that should have fixed this problem. Please, if you use VNC and are open to the Internet, get the latest version of VNC.

]]>