Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine

[Dan Yefimov]

On 25.01.2012 5:45, Ben Bucksch wrote:
 On 25.01.2012 00:52, Henri Salo wrote:
 On Wed, Jan 25, 2012 at 12:47:28AM +0100, Ben Bucksch wrote:
 On 25.01.2012 00:09, Dan Kaminsky wrote:
 IP KVM, in which the foreign server basically gets only inbound
 Keyboard and Mouse and outbound uncompressed pixels.
 That is *precisely* what VNC is: an open-source IP KVM.
 What the hell? Seriously..

 http://en.wikipedia.org/wiki/VNC

 hihi. Thanks.

 It transmits the keyboard and mouse events from one computer to
 another, relaying the graphical screen updates back in the other
 direction, over a network.
 The VNC protocol (RFB) is very simple, based on one graphic primitive
 from server to client ('Put a rectangle of pixel data at the specified
 X,Y position') and event messages from client to server.

 Compare to above.

 Now, the part where it defines that clipboard is also a standard part of
 VNC... oh, huch, it's not there! (Just a random note that Unicode is
 impossible, but not that clipboard is defined as part of the protocol at
 all.) Ah, I know... Surely, it must be on
 http://en.wikipedia.org/wiki/RFB_protocol... No, same thing there.
 Strange.

It should be strictly understood that something not being mentioned in the 
Wikipedia article doesn't mean that doesn't exist at all, since Wikipedia is 
_not_ authoritative information source. The authoritative information source 
would be the formal specification of the protocol explicitly defining the set 
of 
event types and explicitly prohibiting non-defined event types, otherwise 
implementations are free to define and use their own event types being in fact 
extensions of the protocol. It's defined nowhere that VNC is _exactly_ 
open-source IP KVM and nothing more.

 P.S. I was just reporting bug. I hope at least some software finds a
 better solution. Have fun.

I'd suggest you find alternative product allowing you to explicitly configure 
that clipboard is not transmitted to the host under control instead of 
struggling with the product limitations and design flaws.
-- 

Sincerely Yours, Dan.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] WINDOWS KERNEL SOURCE LEAK GET IT NOW B4 INEVITABLE TAKEDOWN

[Dan Yefimov]

On 23.03.2010 1:08, james o' hare wrote:
 That's why its an *idea* for Valdis to jump on an ordinary email
 address and conform with internet social norms.

May be it's an idea for you to stop teaching Valdis and everyone else what they 
have to do? Valdis like everyone else is COMPLETELY FREE to do everything he 
wants without asking for your consent.
-- 

Sincerely Yours, Dan.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: stealthbomb

[Dan Yefimov]

On 26.02.2010 15:35, RandallM wrote:
 anyone see this and know about it? How it works and good detection?

 http://www.brickhousesecurity.com/pc-computer-spy.html

I doubt very much in that. The matter is that USB hardware is able to transfer 
data only when host requests that, IOW it is the host that decides from where, 
to where and how much data to transfer. If that was an IEEE 1394 device, those 
assertions would be correct.
-- 

Sincerely Yours, Dan.

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/