Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
Why yes, yes there is. :) More of a distinction, in fact, than there is in Linux world! On Thu, Jan 26, 2012 at 9:02 AM, wrote: > On Wed, 25 Jan 2012 17:54:02 PST, Alyx said: > > Are you looking at kernel code or userland code? (: > > Is there a clear distinction in the Windows world? :) > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
Yes :| -- phocean <0...@phocean.net> Le jeudi 26 janvier 2012 à 12:02 -0500, valdis.kletni...@vt.edu a écrit : > On Wed, 25 Jan 2012 17:54:02 PST, Alyx said: > > Are you looking at kernel code or userland code? (: > > Is there a clear distinction in the Windows world? :) > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On Wed, 25 Jan 2012 17:54:02 PST, Alyx said: > Are you looking at kernel code or userland code? (: Is there a clear distinction in the Windows world? :) pgpD56WqAeNhf.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
Are you looking at kernel code or userland code? (: On Wed, Jan 25, 2012 at 2:35 AM, GloW - XD wrote: > INSECURE i mean* > > > On 25 January 2012 21:30, Christian Sciberras wrote: > > That's not necessarily true. On windows you can add custom > clipboard formats > > that would contain a 'link' to the original source, causing the data > to be > > actually > > passed when pasting. An example of this is when one copy+pastes a file. > > See the Windows Clipboard API for more info. > > > > Chris. > > > > > > > > On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas wrote: > >> > >> I'm not sure how the clipboard works in Linux desktops (I understand > >> it's a little different), but at least in Windows environments data > >> has to be copied to the clipboard when you hit Ctrl-C. It can't be > >> copied when you hit Ctrl-V because then the applications wouldn't know > >> if there is anything to paste (like you said, the button would be > >> grayed). > >> > >> So to replicate this behavior it's necessary to send the data as it's > >> copied, not as it's pasted. Most (not all, but most) desktop systems > >> assume clipboard data can be freely shared with all applications and > >> don't have any kind of isolation at all. VNC was designed with the > >> same idea. > >> > >> The bottom line is, the problem here is using VNC for what Ben is > >> using it. There are many more problems with that scenario and > >> clipboard sharing may be the least of them. > >> > >> On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg wrote: > >> > On 01/24/2012 07:18 PM, Mario Vilas wrote: > >> >>> Guys, could you please read carefully everything before you reply? > >> >> I read carefully. It still didn't make sense, though. > >> >> > >> >>> And you wouldn't be allowed to use copy&paste while you edit > sensitive > >> >>> documents either, I guess? > >> >> I don't know how you could get to such a conclusion from what I > wrote. > >> >> > >> >> You're reporting that if you copy and paste sensitive information and > >> >> connect to a VNC session your clipboard data gets sent to the remote > >> >> machine. That's pretty obvious and not a security hole that needs to > >> >> be plugged. > >> > > >> > I don't think that is what Ben is saying. The clipboard get sent to > the > >> > the server even before it is pasted, this happens without the user > >> > knowing of it. > >> > > >> > Notepad would have the paste button grayed otherwise, if the clipboard > >> > is empty, right? So it is already on the server before paste is > pressed. > >> > > >> > So what ever was in the clipboard buffer is transmitted to the server > on > >> > connection. > >> > > >> > This is at least the assumption I make from reading Ben's mails. Or... > >> > Is there a cliboard flag saying there is something on the clipboard, > but > >> > it isn't transmitted until the user actually pastes? I haven't really > >> > got any experience with how the clipboard feature is implemented. My > >> > assumption is however that it has to be on server for notepad to be > >> > aware that Paste shouldn't be grayed out... > >> > > >> > I think Ben's report make complete sense actually, it would be better > to > >> > have the clipboard feature as a default. Security before features... > =) > >> > > >> > ___ > >> > Full-Disclosure - We believe in it. > >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> > Hosted and sponsored by Secunia - http://secunia.com/ > >> > >> > >> > >> -- > >> “There's a reason we separate military and the police: one fights the > >> enemy of the state, the other serves and protects the people. When the > >> military becomes both, then the enemies of the state tend to become > >> the people.” > >> > >> ___ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
> Those who try to manage potentially malicious servers do so over IP KVM, in which the foreign server basically gets only inbound Keyboard and Mouse and outbound uncompressed pixels. Feature or bug, vnc or ip kvm, the same behavior has a virtual box virtualized machine with shared clipboard. You can choose disabled, direction and bidirectional (by default) Something to keep in mind, at least the beginners like me. Just run in the guest and see your clipboard, sure there are more elegant ways of doing the same. (tested linux in linux with virtual box and linux in mac with vmware) while true; do xsel -p echo xsel -s echo xsel -b echo done Carlos Pantelides - http://seguridad-agile.blogspot.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
What was the "offlist" message he was referring to? Cause yeah, he sounds pretty new here with that kind of message. People bring in outside conversations all the time, especially if they feel it is relevant to the topic at hand. Speaking of the topic at hand: I agree with the crowd that says it is not explicitly a security bug, but more like a lack of a good feature. It should be off by default, and someone on the list already made a patch to remove the clipboard which you shouldn't be using for sensitive information while connected to untrustworthy computers anyways. The developers should be notified that they need the feature to turn clipboard sharing off, but if they don't choose a different vnc and be on your way. I don't view it as a security bug because its policy bug. It's not something where "this problem exists ergo I can exploit it", its a problem where "if they do something stupid, I can take advantage of it, and oh hey their client by default doesn't mitigate this." And before someone yells at me for how I seperate software bugs and policy bugs by pointing out something like a client side attack: I view such things as a mix. Policy bug that they are falling for it, and software bug for the actual exploit. And really this is a good example of a situation where if you are worried about this you have bigger problems. Why must you use vnc? Why is what you're connecting to untrustworthy? What information is directly at risk if the box you're connecting to is compromised? What information is indirectly at risk? Does the box running suspicious programs have access to the internet? Etc. Once you start going down the list on things that should be done, the need to worry about this kind of bug becomes less and less relevant. Meaning if this kind of problem IS relevant then I would almost bet money that you are doing other things really wrong and so an attacker or a bad app doesn't need to use this because they got far more easier and more rewarding things to try. On Jan 25, 2012 9:45 AM, "coderman" wrote: > On Wed, Jan 25, 2012 at 2:55 AM, Ben Bucksch wrote: > > Dear coderman, > > > > posting mails that were explicitly marked "offlist" on the public list is > > no-go. > > you must be new around here... why not let everyone learn from your fail? > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On Wed, Jan 25, 2012 at 2:55 AM, Ben Bucksch wrote: > Dear coderman, > > posting mails that were explicitly marked "offlist" on the public list is > no-go. you must be new around here... why not let everyone learn from your fail? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
For the record... who are the other 'many on this list' that know you don't troll other than your alter egos? 'course you don't troll can you quote me where I ever said VNC is secure? With that, I'll let you troll in peace. I have no interest talking to you anyway... :) On Wed, Jan 25, 2012 at 12:04 PM, GloW - XD wrote: > and stupidly, you forgot to addin the second PRIVT post i sent you, > saying i meant *insecure :) > now, go try tell me windows vnc is secure again...and, then setup a > vnc on your box, and, under win32, try your best, when your ready, > yell out, so i can make a compete fucking fool of ya. > ok ? > if this is how you want to play, i am challenging you, if i can own a > shitty windows setup you 'secure' as best you8 can, here on fd, is > this trolling is it ? > its a challenge... maybe, if you read the lame rfb and, pixelisation > via IP KVM, unfortunately for windows, it aint any different, a pixel > is placed at X or Y, and, you can place data calls to it, from server > wich, could be, my bot :) > want more proof,...keep going with my challenge then. > > > On 25 January 2012 21:38, Christian Sciberras wrote: > > No, I only read the manual. > > > > Now go troll somwhere else. :) > > > > On Wed, Jan 25, 2012 at 11:35 AM, GloW - XD wrote: > >> > >> Windows is even more secure, have you actually, read any of the code / > >> > >> > >> On 25 January 2012 21:30, Christian Sciberras > wrote: > >> > That's not necessarily true. On windows you can add custom > >> > clipboard formats > >> > that would contain a 'link' to the original source, causing the data > >> > to be > >> > actually > >> > passed when pasting. An example of this is when one copy+pastes a > file. > >> > See the Windows Clipboard API for more info. > >> > > >> > Chris. > >> > > >> > > >> > > >> > On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas > wrote: > >> >> > >> >> I'm not sure how the clipboard works in Linux desktops (I understand > >> >> it's a little different), but at least in Windows environments data > >> >> has to be copied to the clipboard when you hit Ctrl-C. It can't be > >> >> copied when you hit Ctrl-V because then the applications wouldn't > know > >> >> if there is anything to paste (like you said, the button would be > >> >> grayed). > >> >> > >> >> So to replicate this behavior it's necessary to send the data as it's > >> >> copied, not as it's pasted. Most (not all, but most) desktop systems > >> >> assume clipboard data can be freely shared with all applications and > >> >> don't have any kind of isolation at all. VNC was designed with the > >> >> same idea. > >> >> > >> >> The bottom line is, the problem here is using VNC for what Ben is > >> >> using it. There are many more problems with that scenario and > >> >> clipboard sharing may be the least of them. > >> >> > >> >> On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg wrote: > >> >> > On 01/24/2012 07:18 PM, Mario Vilas wrote: > >> >> >>> Guys, could you please read carefully everything before you > reply? > >> >> >> I read carefully. It still didn't make sense, though. > >> >> >> > >> >> >>> And you wouldn't be allowed to use copy&paste while you edit > >> >> >>> sensitive > >> >> >>> documents either, I guess? > >> >> >> I don't know how you could get to such a conclusion from what I > >> >> >> wrote. > >> >> >> > >> >> >> You're reporting that if you copy and paste sensitive information > >> >> >> and > >> >> >> connect to a VNC session your clipboard data gets sent to the > remote > >> >> >> machine. That's pretty obvious and not a security hole that needs > to > >> >> >> be plugged. > >> >> > > >> >> > I don't think that is what Ben is saying. The clipboard get sent to > >> >> > the > >> >> > the server even before it is pasted, this happens without the user > >> >> > knowing of it. > >> >> > > >> >> > Notepad would have the paste button grayed otherwise, if the > >> >> > clipboard > >> >> > is empty, right? So it is already on the server before paste is > >> >> > pressed. > >> >> > > >> >> > So what ever was in the clipboard buffer is transmitted to the > server > >> >> > on > >> >> > connection. > >> >> > > >> >> > This is at least the assumption I make from reading Ben's mails. > >> >> > Or... > >> >> > Is there a cliboard flag saying there is something on the > clipboard, > >> >> > but > >> >> > it isn't transmitted until the user actually pastes? I haven't > really > >> >> > got any experience with how the clipboard feature is implemented. > My > >> >> > assumption is however that it has to be on server for notepad to be > >> >> > aware that Paste shouldn't be grayed out... > >> >> > > >> >> > I think Ben's report make complete sense actually, it would be > better > >> >> > to > >> >> > have the clipboard feature as a default. Security before > features... > >> >> > =) > >> >> > > >> >> > ___ > >> >> > Full-Disclosure - We believe in it. > >> >> > Charter: http://lists.grok.org.uk/full-
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
and stupidly, you forgot to addin the second PRIVT post i sent you, saying i meant *insecure :) now, go try tell me windows vnc is secure again...and, then setup a vnc on your box, and, under win32, try your best, when your ready, yell out, so i can make a compete fucking fool of ya. ok ? if this is how you want to play, i am challenging you, if i can own a shitty windows setup you 'secure' as best you8 can, here on fd, is this trolling is it ? its a challenge... maybe, if you read the lame rfb and, pixelisation via IP KVM, unfortunately for windows, it aint any different, a pixel is placed at X or Y, and, you can place data calls to it, from server wich, could be, my bot :) want more proof,...keep going with my challenge then. On 25 January 2012 21:38, Christian Sciberras wrote: > No, I only read the manual. > > Now go troll somwhere else. :) > > On Wed, Jan 25, 2012 at 11:35 AM, GloW - XD wrote: >> >> Windows is even more secure, have you actually, read any of the code / >> >> >> On 25 January 2012 21:30, Christian Sciberras wrote: >> > That's not necessarily true. On windows you can add custom >> > clipboard formats >> > that would contain a 'link' to the original source, causing the data >> > to be >> > actually >> > passed when pasting. An example of this is when one copy+pastes a file. >> > See the Windows Clipboard API for more info. >> > >> > Chris. >> > >> > >> > >> > On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas wrote: >> >> >> >> I'm not sure how the clipboard works in Linux desktops (I understand >> >> it's a little different), but at least in Windows environments data >> >> has to be copied to the clipboard when you hit Ctrl-C. It can't be >> >> copied when you hit Ctrl-V because then the applications wouldn't know >> >> if there is anything to paste (like you said, the button would be >> >> grayed). >> >> >> >> So to replicate this behavior it's necessary to send the data as it's >> >> copied, not as it's pasted. Most (not all, but most) desktop systems >> >> assume clipboard data can be freely shared with all applications and >> >> don't have any kind of isolation at all. VNC was designed with the >> >> same idea. >> >> >> >> The bottom line is, the problem here is using VNC for what Ben is >> >> using it. There are many more problems with that scenario and >> >> clipboard sharing may be the least of them. >> >> >> >> On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg wrote: >> >> > On 01/24/2012 07:18 PM, Mario Vilas wrote: >> >> >>> Guys, could you please read carefully everything before you reply? >> >> >> I read carefully. It still didn't make sense, though. >> >> >> >> >> >>> And you wouldn't be allowed to use copy&paste while you edit >> >> >>> sensitive >> >> >>> documents either, I guess? >> >> >> I don't know how you could get to such a conclusion from what I >> >> >> wrote. >> >> >> >> >> >> You're reporting that if you copy and paste sensitive information >> >> >> and >> >> >> connect to a VNC session your clipboard data gets sent to the remote >> >> >> machine. That's pretty obvious and not a security hole that needs to >> >> >> be plugged. >> >> > >> >> > I don't think that is what Ben is saying. The clipboard get sent to >> >> > the >> >> > the server even before it is pasted, this happens without the user >> >> > knowing of it. >> >> > >> >> > Notepad would have the paste button grayed otherwise, if the >> >> > clipboard >> >> > is empty, right? So it is already on the server before paste is >> >> > pressed. >> >> > >> >> > So what ever was in the clipboard buffer is transmitted to the server >> >> > on >> >> > connection. >> >> > >> >> > This is at least the assumption I make from reading Ben's mails. >> >> > Or... >> >> > Is there a cliboard flag saying there is something on the clipboard, >> >> > but >> >> > it isn't transmitted until the user actually pastes? I haven't really >> >> > got any experience with how the clipboard feature is implemented. My >> >> > assumption is however that it has to be on server for notepad to be >> >> > aware that Paste shouldn't be grayed out... >> >> > >> >> > I think Ben's report make complete sense actually, it would be better >> >> > to >> >> > have the clipboard feature as a default. Security before features... >> >> > =) >> >> > >> >> > ___ >> >> > Full-Disclosure - We believe in it. >> >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> >> > Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> >> >> >> >> >> -- >> >> “There's a reason we separate military and the police: one fights the >> >> enemy of the state, the other serves and protects the people. When the >> >> military becomes both, then the enemies of the state tend to become >> >> the people.” >> >> >> >> ___ >> >> Full-Disclosure - We believe in it. >> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> >> Hosted and sponsored by Secunia
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
fuckoff you ragdoll... i dont troll, and many on this fucking list knows it... fuckit... i aint paying shit to anyone on this list, enjoy finding your 0days, and, the next admins, go ahead and rm me, coz i will be dropping your ass of a FD , until it makes me. go die, and, maybe, you wont have money, and then, maybe, you will have 10 wives, with 10 kids,. now go eat a burger. rat On 25 January 2012 21:38, Christian Sciberras wrote: > No, I only read the manual. > > Now go troll somwhere else. :) > > On Wed, Jan 25, 2012 at 11:35 AM, GloW - XD wrote: >> >> Windows is even more secure, have you actually, read any of the code / >> >> >> On 25 January 2012 21:30, Christian Sciberras wrote: >> > That's not necessarily true. On windows you can add custom >> > clipboard formats >> > that would contain a 'link' to the original source, causing the data >> > to be >> > actually >> > passed when pasting. An example of this is when one copy+pastes a file. >> > See the Windows Clipboard API for more info. >> > >> > Chris. >> > >> > >> > >> > On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas wrote: >> >> >> >> I'm not sure how the clipboard works in Linux desktops (I understand >> >> it's a little different), but at least in Windows environments data >> >> has to be copied to the clipboard when you hit Ctrl-C. It can't be >> >> copied when you hit Ctrl-V because then the applications wouldn't know >> >> if there is anything to paste (like you said, the button would be >> >> grayed). >> >> >> >> So to replicate this behavior it's necessary to send the data as it's >> >> copied, not as it's pasted. Most (not all, but most) desktop systems >> >> assume clipboard data can be freely shared with all applications and >> >> don't have any kind of isolation at all. VNC was designed with the >> >> same idea. >> >> >> >> The bottom line is, the problem here is using VNC for what Ben is >> >> using it. There are many more problems with that scenario and >> >> clipboard sharing may be the least of them. >> >> >> >> On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg wrote: >> >> > On 01/24/2012 07:18 PM, Mario Vilas wrote: >> >> >>> Guys, could you please read carefully everything before you reply? >> >> >> I read carefully. It still didn't make sense, though. >> >> >> >> >> >>> And you wouldn't be allowed to use copy&paste while you edit >> >> >>> sensitive >> >> >>> documents either, I guess? >> >> >> I don't know how you could get to such a conclusion from what I >> >> >> wrote. >> >> >> >> >> >> You're reporting that if you copy and paste sensitive information >> >> >> and >> >> >> connect to a VNC session your clipboard data gets sent to the remote >> >> >> machine. That's pretty obvious and not a security hole that needs to >> >> >> be plugged. >> >> > >> >> > I don't think that is what Ben is saying. The clipboard get sent to >> >> > the >> >> > the server even before it is pasted, this happens without the user >> >> > knowing of it. >> >> > >> >> > Notepad would have the paste button grayed otherwise, if the >> >> > clipboard >> >> > is empty, right? So it is already on the server before paste is >> >> > pressed. >> >> > >> >> > So what ever was in the clipboard buffer is transmitted to the server >> >> > on >> >> > connection. >> >> > >> >> > This is at least the assumption I make from reading Ben's mails. >> >> > Or... >> >> > Is there a cliboard flag saying there is something on the clipboard, >> >> > but >> >> > it isn't transmitted until the user actually pastes? I haven't really >> >> > got any experience with how the clipboard feature is implemented. My >> >> > assumption is however that it has to be on server for notepad to be >> >> > aware that Paste shouldn't be grayed out... >> >> > >> >> > I think Ben's report make complete sense actually, it would be better >> >> > to >> >> > have the clipboard feature as a default. Security before features... >> >> > =) >> >> > >> >> > ___ >> >> > Full-Disclosure - We believe in it. >> >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> >> > Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> >> >> >> >> >> -- >> >> “There's a reason we separate military and the police: one fights the >> >> enemy of the state, the other serves and protects the people. When the >> >> military becomes both, then the enemies of the state tend to become >> >> the people.” >> >> >> >> ___ >> >> Full-Disclosure - We believe in it. >> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> >> Hosted and sponsored by Secunia - http://secunia.com/ >> > >> > >> > >> > ___ >> > Full-Disclosure - We believe in it. >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> > Hosted and sponsored by Secunia - http://secunia.com/ > > ___ Full-Disclosure - We believe in it. Charter:
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On 25.01.2012 08:44, Peter Osterberg wrote: > I don't think that is what Ben is saying. The clipboard get sent to the > the server even before it is pasted, this happens without the user > knowing of it. > > Notepad would have the paste button grayed otherwise, if the clipboard > is empty, right? So it is already on the server before paste is pressed. Exactly. I take offense in that "without the user knowing it" part. I chose my reproduction specifically with a mouse action and not Ctrl-V so that the VNC viewer cannot know I tried to paste in notepad.exe and cannot have transmitted the information at that moment only. It means that Windows had the information all along, at the moment when I copied, which means the remote Windows reads all my copies on the local X11, not just when I paste in Windows. That and only that is the problem. Possible solution, concretely: "Paste" button on VNC viewer toolbar If the user presses the button, the viewer sends the clipboard to the remote machine at that moment, and then triggers a Ctrl-V keypress in the remove machine. If the user doesn't press the button, but focuses the VNC viewer and presses Ctrl-V, the viewer sends the clipboard to the remote machine and only then sends the Ctrl-V to the remote machine. In both cases, mouse or keyboard, you wouldn't need any more actions in practice. You still do Ctrl-C in your Linux app, switch to the viewer, press Ctrl-V there, and you got the text in notepad.exe. Of course that would be configurable so that you can change they key combo, e.g. for Macs, or to disable sending the key combo after the Paste button, or to disable the clipboard entirely. Dan Yefimov, the RFB specification from 2007 happens to be linked from the page I mentioned, and funny enough... copy&paste / clipboard isn't mentioned with a single word either. Now, obviously, it is possible somehow, because it's working, so there is some way, but it was never part of the protocol. And it cannot be claimed that every user somehow naturally knows how exactly it works and he realizes what it implies concretely for his work. Ben ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
No, I only read the manual. Now go troll somwhere else. :) On Wed, Jan 25, 2012 at 11:35 AM, GloW - XD wrote: > Windows is even more secure, have you actually, read any of the code / > > > On 25 January 2012 21:30, Christian Sciberras wrote: > > That's not necessarily true. On windows you can add custom > clipboard formats > > that would contain a 'link' to the original source, causing the data > to be > > actually > > passed when pasting. An example of this is when one copy+pastes a file. > > See the Windows Clipboard API for more info. > > > > Chris. > > > > > > > > On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas wrote: > >> > >> I'm not sure how the clipboard works in Linux desktops (I understand > >> it's a little different), but at least in Windows environments data > >> has to be copied to the clipboard when you hit Ctrl-C. It can't be > >> copied when you hit Ctrl-V because then the applications wouldn't know > >> if there is anything to paste (like you said, the button would be > >> grayed). > >> > >> So to replicate this behavior it's necessary to send the data as it's > >> copied, not as it's pasted. Most (not all, but most) desktop systems > >> assume clipboard data can be freely shared with all applications and > >> don't have any kind of isolation at all. VNC was designed with the > >> same idea. > >> > >> The bottom line is, the problem here is using VNC for what Ben is > >> using it. There are many more problems with that scenario and > >> clipboard sharing may be the least of them. > >> > >> On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg wrote: > >> > On 01/24/2012 07:18 PM, Mario Vilas wrote: > >> >>> Guys, could you please read carefully everything before you reply? > >> >> I read carefully. It still didn't make sense, though. > >> >> > >> >>> And you wouldn't be allowed to use copy&paste while you edit > sensitive > >> >>> documents either, I guess? > >> >> I don't know how you could get to such a conclusion from what I > wrote. > >> >> > >> >> You're reporting that if you copy and paste sensitive information and > >> >> connect to a VNC session your clipboard data gets sent to the remote > >> >> machine. That's pretty obvious and not a security hole that needs to > >> >> be plugged. > >> > > >> > I don't think that is what Ben is saying. The clipboard get sent to > the > >> > the server even before it is pasted, this happens without the user > >> > knowing of it. > >> > > >> > Notepad would have the paste button grayed otherwise, if the clipboard > >> > is empty, right? So it is already on the server before paste is > pressed. > >> > > >> > So what ever was in the clipboard buffer is transmitted to the server > on > >> > connection. > >> > > >> > This is at least the assumption I make from reading Ben's mails. Or... > >> > Is there a cliboard flag saying there is something on the clipboard, > but > >> > it isn't transmitted until the user actually pastes? I haven't really > >> > got any experience with how the clipboard feature is implemented. My > >> > assumption is however that it has to be on server for notepad to be > >> > aware that Paste shouldn't be grayed out... > >> > > >> > I think Ben's report make complete sense actually, it would be better > to > >> > have the clipboard feature as a default. Security before features... > =) > >> > > >> > ___ > >> > Full-Disclosure - We believe in it. > >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> > Hosted and sponsored by Secunia - http://secunia.com/ > >> > >> > >> > >> -- > >> “There's a reason we separate military and the police: one fights the > >> enemy of the state, the other serves and protects the people. When the > >> military becomes both, then the enemies of the state tend to become > >> the people.” > >> > >> ___ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
INSECURE i mean* On 25 January 2012 21:30, Christian Sciberras wrote: > That's not necessarily true. On windows you can add custom clipboard formats > that would contain a 'link' to the original source, causing the data to be > actually > passed when pasting. An example of this is when one copy+pastes a file. > See the Windows Clipboard API for more info. > > Chris. > > > > On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas wrote: >> >> I'm not sure how the clipboard works in Linux desktops (I understand >> it's a little different), but at least in Windows environments data >> has to be copied to the clipboard when you hit Ctrl-C. It can't be >> copied when you hit Ctrl-V because then the applications wouldn't know >> if there is anything to paste (like you said, the button would be >> grayed). >> >> So to replicate this behavior it's necessary to send the data as it's >> copied, not as it's pasted. Most (not all, but most) desktop systems >> assume clipboard data can be freely shared with all applications and >> don't have any kind of isolation at all. VNC was designed with the >> same idea. >> >> The bottom line is, the problem here is using VNC for what Ben is >> using it. There are many more problems with that scenario and >> clipboard sharing may be the least of them. >> >> On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg wrote: >> > On 01/24/2012 07:18 PM, Mario Vilas wrote: >> >>> Guys, could you please read carefully everything before you reply? >> >> I read carefully. It still didn't make sense, though. >> >> >> >>> And you wouldn't be allowed to use copy&paste while you edit sensitive >> >>> documents either, I guess? >> >> I don't know how you could get to such a conclusion from what I wrote. >> >> >> >> You're reporting that if you copy and paste sensitive information and >> >> connect to a VNC session your clipboard data gets sent to the remote >> >> machine. That's pretty obvious and not a security hole that needs to >> >> be plugged. >> > >> > I don't think that is what Ben is saying. The clipboard get sent to the >> > the server even before it is pasted, this happens without the user >> > knowing of it. >> > >> > Notepad would have the paste button grayed otherwise, if the clipboard >> > is empty, right? So it is already on the server before paste is pressed. >> > >> > So what ever was in the clipboard buffer is transmitted to the server on >> > connection. >> > >> > This is at least the assumption I make from reading Ben's mails. Or... >> > Is there a cliboard flag saying there is something on the clipboard, but >> > it isn't transmitted until the user actually pastes? I haven't really >> > got any experience with how the clipboard feature is implemented. My >> > assumption is however that it has to be on server for notepad to be >> > aware that Paste shouldn't be grayed out... >> > >> > I think Ben's report make complete sense actually, it would be better to >> > have the clipboard feature as a default. Security before features... =) >> > >> > ___ >> > Full-Disclosure - We believe in it. >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> > Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> >> -- >> “There's a reason we separate military and the police: one fights the >> enemy of the state, the other serves and protects the people. When the >> military becomes both, then the enemies of the state tend to become >> the people.” >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
Windows is even more secure, have you actually, read any of the code / On 25 January 2012 21:30, Christian Sciberras wrote: > That's not necessarily true. On windows you can add custom clipboard formats > that would contain a 'link' to the original source, causing the data to be > actually > passed when pasting. An example of this is when one copy+pastes a file. > See the Windows Clipboard API for more info. > > Chris. > > > > On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas wrote: >> >> I'm not sure how the clipboard works in Linux desktops (I understand >> it's a little different), but at least in Windows environments data >> has to be copied to the clipboard when you hit Ctrl-C. It can't be >> copied when you hit Ctrl-V because then the applications wouldn't know >> if there is anything to paste (like you said, the button would be >> grayed). >> >> So to replicate this behavior it's necessary to send the data as it's >> copied, not as it's pasted. Most (not all, but most) desktop systems >> assume clipboard data can be freely shared with all applications and >> don't have any kind of isolation at all. VNC was designed with the >> same idea. >> >> The bottom line is, the problem here is using VNC for what Ben is >> using it. There are many more problems with that scenario and >> clipboard sharing may be the least of them. >> >> On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg wrote: >> > On 01/24/2012 07:18 PM, Mario Vilas wrote: >> >>> Guys, could you please read carefully everything before you reply? >> >> I read carefully. It still didn't make sense, though. >> >> >> >>> And you wouldn't be allowed to use copy&paste while you edit sensitive >> >>> documents either, I guess? >> >> I don't know how you could get to such a conclusion from what I wrote. >> >> >> >> You're reporting that if you copy and paste sensitive information and >> >> connect to a VNC session your clipboard data gets sent to the remote >> >> machine. That's pretty obvious and not a security hole that needs to >> >> be plugged. >> > >> > I don't think that is what Ben is saying. The clipboard get sent to the >> > the server even before it is pasted, this happens without the user >> > knowing of it. >> > >> > Notepad would have the paste button grayed otherwise, if the clipboard >> > is empty, right? So it is already on the server before paste is pressed. >> > >> > So what ever was in the clipboard buffer is transmitted to the server on >> > connection. >> > >> > This is at least the assumption I make from reading Ben's mails. Or... >> > Is there a cliboard flag saying there is something on the clipboard, but >> > it isn't transmitted until the user actually pastes? I haven't really >> > got any experience with how the clipboard feature is implemented. My >> > assumption is however that it has to be on server for notepad to be >> > aware that Paste shouldn't be grayed out... >> > >> > I think Ben's report make complete sense actually, it would be better to >> > have the clipboard feature as a default. Security before features... =) >> > >> > ___ >> > Full-Disclosure - We believe in it. >> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> > Hosted and sponsored by Secunia - http://secunia.com/ >> >> >> >> -- >> “There's a reason we separate military and the police: one fights the >> enemy of the state, the other serves and protects the people. When the >> military becomes both, then the enemies of the state tend to become >> the people.” >> >> ___ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
That's not necessarily true. On windows you can add custom clipboard formats that would contain a 'link' to the original source, causing the data to be actually passed when pasting. An example of this is when one copy+pastes a file. See the Windows Clipboard API for more info. Chris. On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas wrote: > I'm not sure how the clipboard works in Linux desktops (I understand > it's a little different), but at least in Windows environments data > has to be copied to the clipboard when you hit Ctrl-C. It can't be > copied when you hit Ctrl-V because then the applications wouldn't know > if there is anything to paste (like you said, the button would be > grayed). > > So to replicate this behavior it's necessary to send the data as it's > copied, not as it's pasted. Most (not all, but most) desktop systems > assume clipboard data can be freely shared with all applications and > don't have any kind of isolation at all. VNC was designed with the > same idea. > > The bottom line is, the problem here is using VNC for what Ben is > using it. There are many more problems with that scenario and > clipboard sharing may be the least of them. > > On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg wrote: > > On 01/24/2012 07:18 PM, Mario Vilas wrote: > >>> Guys, could you please read carefully everything before you reply? > >> I read carefully. It still didn't make sense, though. > >> > >>> And you wouldn't be allowed to use copy&paste while you edit sensitive > >>> documents either, I guess? > >> I don't know how you could get to such a conclusion from what I wrote. > >> > >> You're reporting that if you copy and paste sensitive information and > >> connect to a VNC session your clipboard data gets sent to the remote > >> machine. That's pretty obvious and not a security hole that needs to > >> be plugged. > > > > I don't think that is what Ben is saying. The clipboard get sent to the > > the server even before it is pasted, this happens without the user > > knowing of it. > > > > Notepad would have the paste button grayed otherwise, if the clipboard > > is empty, right? So it is already on the server before paste is pressed. > > > > So what ever was in the clipboard buffer is transmitted to the server on > > connection. > > > > This is at least the assumption I make from reading Ben's mails. Or... > > Is there a cliboard flag saying there is something on the clipboard, but > > it isn't transmitted until the user actually pastes? I haven't really > > got any experience with how the clipboard feature is implemented. My > > assumption is however that it has to be on server for notepad to be > > aware that Paste shouldn't be grayed out... > > > > I think Ben's report make complete sense actually, it would be better to > > have the clipboard feature as a default. Security before features... =) > > > > ___ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > -- > “There's a reason we separate military and the police: one fights the > enemy of the state, the other serves and protects the people. When the > military becomes both, then the enemies of the state tend to become > the people.” > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On 01/25/2012 10:54 AM, Mario Vilas wrote: > The bottom line is, the problem here is using VNC for what Ben is > using it. There are many more problems with that scenario and > clipboard sharing may be the least of them. That may very well be true. I am not trying to debate that. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
Fair enough :) On Wed, Jan 25, 2012 at 10:59 AM, Peter Osterberg wrote: > > > On 01/25/2012 10:54 AM, Mario Vilas wrote: >> The bottom line is, the problem here is using VNC for what Ben is >> using it. There are many more problems with that scenario and >> clipboard sharing may be the least of them. > That may very well be true. I am not trying to debate that. > > -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
I'm not sure how the clipboard works in Linux desktops (I understand it's a little different), but at least in Windows environments data has to be copied to the clipboard when you hit Ctrl-C. It can't be copied when you hit Ctrl-V because then the applications wouldn't know if there is anything to paste (like you said, the button would be grayed). So to replicate this behavior it's necessary to send the data as it's copied, not as it's pasted. Most (not all, but most) desktop systems assume clipboard data can be freely shared with all applications and don't have any kind of isolation at all. VNC was designed with the same idea. The bottom line is, the problem here is using VNC for what Ben is using it. There are many more problems with that scenario and clipboard sharing may be the least of them. On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg wrote: > On 01/24/2012 07:18 PM, Mario Vilas wrote: >>> Guys, could you please read carefully everything before you reply? >> I read carefully. It still didn't make sense, though. >> >>> And you wouldn't be allowed to use copy&paste while you edit sensitive >>> documents either, I guess? >> I don't know how you could get to such a conclusion from what I wrote. >> >> You're reporting that if you copy and paste sensitive information and >> connect to a VNC session your clipboard data gets sent to the remote >> machine. That's pretty obvious and not a security hole that needs to >> be plugged. > > I don't think that is what Ben is saying. The clipboard get sent to the > the server even before it is pasted, this happens without the user > knowing of it. > > Notepad would have the paste button grayed otherwise, if the clipboard > is empty, right? So it is already on the server before paste is pressed. > > So what ever was in the clipboard buffer is transmitted to the server on > connection. > > This is at least the assumption I make from reading Ben's mails. Or... > Is there a cliboard flag saying there is something on the clipboard, but > it isn't transmitted until the user actually pastes? I haven't really > got any experience with how the clipboard feature is implemented. My > assumption is however that it has to be on server for notepad to be > aware that Paste shouldn't be grayed out... > > I think Ben's report make complete sense actually, it would be better to > have the clipboard feature as a default. Security before features... =) > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
>> IP KVM, in which the foreign server basically gets only inbound >> Keyboard and Mouse and outbound uncompressed pixels. > > That is *precisely* what VNC is: an open-source IP KVM. No, it's not. I won't go into the differences because other people already did in this thread. > And please don't turn this into "you're stupid", because I've seen > others with the same setup. As mentioned, I know of a government agency > with highly competent IT staff who had a similar setup: normal and > sensitive work is on the desktop/notebook and Internet access (which is > considered insecure) is on a remote machine, with a viewer on the desktop. That proves nothing. For example, there are many SCADA devices owned by government agencies connected to the Internet, but that doesn't mean it's a good idea to do so. -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
I could never lower myself to your level so I guess you win On 01/25/2012 10:32 AM, GloW - XD wrote: > you are seriously more retarded than even the n3td3v+me+you > together...damn army..! > > > On 25 January 2012 19:29, Peter Osterberg wrote: >> Wasn't the original thread originally about VNC? >> >> On 01/25/2012 09:27 AM, GloW - XD wrote: >>> derp, do you know what KVM IP is ? >>> readup on how that relays ;) >>> thats that. >>> XD >>> >>> >>> On 25 January 2012 18:44, Peter Osterberg wrote: On 01/24/2012 07:18 PM, Mario Vilas wrote: >> Guys, could you please read carefully everything before you reply? > I read carefully. It still didn't make sense, though. > >> And you wouldn't be allowed to use copy&paste while you edit sensitive >> documents either, I guess? > I don't know how you could get to such a conclusion from what I wrote. > > You're reporting that if you copy and paste sensitive information and > connect to a VNC session your clipboard data gets sent to the remote > machine. That's pretty obvious and not a security hole that needs to > be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
ooops my bad, wriong guy, or, you dont understand this either ?
On 25 January 2012 19:55, Dan Yefimov wrote:
> On 25.01.2012 5:45, Ben Bucksch wrote:
>> On 25.01.2012 00:52, Henri Salo wrote:
>>> On Wed, Jan 25, 2012 at 12:47:28AM +0100, Ben Bucksch wrote:
On 25.01.2012 00:09, Dan Kaminsky wrote:
> IP KVM, in which the foreign server basically gets only inbound
> Keyboard and Mouse and outbound uncompressed pixels.
That is *precisely* what VNC is: an open-source IP KVM.
>>> What the hell? Seriously..
>>>
>>> http://en.wikipedia.org/wiki/VNC
>>
>> hihi. Thanks.
>>
>> "It transmits the keyboard and mouse events from one computer to
>> another, relaying the graphical screen updates back in the other
>> direction, over a network."
>> "The VNC protocol (RFB) is very simple, based on one graphic primitive
>> from server to client ('Put a rectangle of pixel data at the specified
>> X,Y position') and event messages from client to server."
>>
>> Compare to above.
>>
>> Now, the part where it defines that clipboard is also a standard part of
>> VNC... oh, huch, it's not there! (Just a random note that Unicode is
>> impossible, but not that clipboard is defined as part of the protocol at
>> all.) Ah, I know... Surely, it must be on
>> ... No, same thing there.
>> Strange.
>>
> It should be strictly understood that something not being mentioned in the
> Wikipedia article doesn't mean that doesn't exist at all, since Wikipedia is
> _not_ authoritative information source. The authoritative information source
> would be the formal specification of the protocol explicitly defining the set
> of
> event types and explicitly prohibiting non-defined event types, otherwise
> implementations are free to define and use their own event types being in fact
> extensions of the protocol. It's defined nowhere that VNC is _exactly_
> open-source IP KVM and nothing more.
>
>> P.S. I was just reporting bug. I hope at least some software finds a
>> better solution. Have fun.
>>
> I'd suggest you find alternative product allowing you to explicitly configure
> that clipboard is not transmitted to the host under control instead of
> struggling with the product limitations and design flaws.
> --
>
> Sincerely Yours, Dan.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
nice to send THIS one to fd, and you ssomehow admit to knowing it here
yet, i told you what it was, exactly, dont try make me look bad fag,
or i will drop your fucking domain, for a month :)
ciao beech,.
xd
On 25 January 2012 19:55, Dan Yefimov wrote:
> On 25.01.2012 5:45, Ben Bucksch wrote:
>> On 25.01.2012 00:52, Henri Salo wrote:
>>> On Wed, Jan 25, 2012 at 12:47:28AM +0100, Ben Bucksch wrote:
On 25.01.2012 00:09, Dan Kaminsky wrote:
> IP KVM, in which the foreign server basically gets only inbound
> Keyboard and Mouse and outbound uncompressed pixels.
That is *precisely* what VNC is: an open-source IP KVM.
>>> What the hell? Seriously..
>>>
>>> http://en.wikipedia.org/wiki/VNC
>>
>> hihi. Thanks.
>>
>> "It transmits the keyboard and mouse events from one computer to
>> another, relaying the graphical screen updates back in the other
>> direction, over a network."
>> "The VNC protocol (RFB) is very simple, based on one graphic primitive
>> from server to client ('Put a rectangle of pixel data at the specified
>> X,Y position') and event messages from client to server."
>>
>> Compare to above.
>>
>> Now, the part where it defines that clipboard is also a standard part of
>> VNC... oh, huch, it's not there! (Just a random note that Unicode is
>> impossible, but not that clipboard is defined as part of the protocol at
>> all.) Ah, I know... Surely, it must be on
>> ... No, same thing there.
>> Strange.
>>
> It should be strictly understood that something not being mentioned in the
> Wikipedia article doesn't mean that doesn't exist at all, since Wikipedia is
> _not_ authoritative information source. The authoritative information source
> would be the formal specification of the protocol explicitly defining the set
> of
> event types and explicitly prohibiting non-defined event types, otherwise
> implementations are free to define and use their own event types being in fact
> extensions of the protocol. It's defined nowhere that VNC is _exactly_
> open-source IP KVM and nothing more.
>
>> P.S. I was just reporting bug. I hope at least some software finds a
>> better solution. Have fun.
>>
> I'd suggest you find alternative product allowing you to explicitly configure
> that clipboard is not transmitted to the host under control instead of
> struggling with the product limitations and design flaws.
> --
>
> Sincerely Yours, Dan.
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
you are seriously more retarded than even the n3td3v+me+you together...damn army..! On 25 January 2012 19:29, Peter Osterberg wrote: > Wasn't the original thread originally about VNC? > > On 01/25/2012 09:27 AM, GloW - XD wrote: >> derp, do you know what KVM IP is ? >> readup on how that relays ;) >> thats that. >> XD >> >> >> On 25 January 2012 18:44, Peter Osterberg wrote: >>> On 01/24/2012 07:18 PM, Mario Vilas wrote: > Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. > And you wouldn't be allowed to use copy&paste while you edit sensitive > documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. >>> I don't think that is what Ben is saying. The clipboard get sent to the >>> the server even before it is pasted, this happens without the user >>> knowing of it. >>> >>> Notepad would have the paste button grayed otherwise, if the clipboard >>> is empty, right? So it is already on the server before paste is pressed. >>> >>> So what ever was in the clipboard buffer is transmitted to the server on >>> connection. >>> >>> This is at least the assumption I make from reading Ben's mails. Or... >>> Is there a cliboard flag saying there is something on the clipboard, but >>> it isn't transmitted until the user actually pastes? I haven't really >>> got any experience with how the clipboard feature is implemented. My >>> assumption is however that it has to be on server for notepad to be >>> aware that Paste shouldn't be grayed out... >>> >>> I think Ben's report make complete sense actually, it would be better to >>> have the clipboard feature as a default. Security before features... =) >>> >>> ___ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On 25.01.2012 5:45, Ben Bucksch wrote:
> On 25.01.2012 00:52, Henri Salo wrote:
>> On Wed, Jan 25, 2012 at 12:47:28AM +0100, Ben Bucksch wrote:
>>> On 25.01.2012 00:09, Dan Kaminsky wrote:
IP KVM, in which the foreign server basically gets only inbound
Keyboard and Mouse and outbound uncompressed pixels.
>>> That is *precisely* what VNC is: an open-source IP KVM.
>> What the hell? Seriously..
>>
>> http://en.wikipedia.org/wiki/VNC
>
> hihi. Thanks.
>
> "It transmits the keyboard and mouse events from one computer to
> another, relaying the graphical screen updates back in the other
> direction, over a network."
> "The VNC protocol (RFB) is very simple, based on one graphic primitive
> from server to client ('Put a rectangle of pixel data at the specified
> X,Y position') and event messages from client to server."
>
> Compare to above.
>
> Now, the part where it defines that clipboard is also a standard part of
> VNC... oh, huch, it's not there! (Just a random note that Unicode is
> impossible, but not that clipboard is defined as part of the protocol at
> all.) Ah, I know... Surely, it must be on
> ... No, same thing there.
> Strange.
>
It should be strictly understood that something not being mentioned in the
Wikipedia article doesn't mean that doesn't exist at all, since Wikipedia is
_not_ authoritative information source. The authoritative information source
would be the formal specification of the protocol explicitly defining the set
of
event types and explicitly prohibiting non-defined event types, otherwise
implementations are free to define and use their own event types being in fact
extensions of the protocol. It's defined nowhere that VNC is _exactly_
open-source IP KVM and nothing more.
> P.S. I was just reporting bug. I hope at least some software finds a
> better solution. Have fun.
>
I'd suggest you find alternative product allowing you to explicitly configure
that clipboard is not transmitted to the host under control instead of
struggling with the product limitations and design flaws.
--
Sincerely Yours, Dan.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
have the clipboard disabled... On 01/25/2012 08:44 AM, Peter Osterberg wrote: > I think Ben's report make complete sense actually, it would be better to > have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On 01/24/2012 07:18 PM, Mario Vilas wrote: >> Guys, could you please read carefully everything before you reply? > I read carefully. It still didn't make sense, though. > >> And you wouldn't be allowed to use copy&paste while you edit sensitive >> documents either, I guess? > I don't know how you could get to such a conclusion from what I wrote. > > You're reporting that if you copy and paste sensitive information and > connect to a VNC session your clipboard data gets sent to the remote > machine. That's pretty obvious and not a security hole that needs to > be plugged. I don't think that is what Ben is saying. The clipboard get sent to the the server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste is pressed. So what ever was in the clipboard buffer is transmitted to the server on connection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard, but it isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be better to have the clipboard feature as a default. Security before features... =) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On Tue, 24 Jan 2012 21:31:46 PST, coderman said: > IP KVM: keyboard, video, mouse interface to physical ports. dumb dumb dumb. Amen to that, brother. Not even pixel-level access here. It's all VGA analog video signal re-digitized and sent over IP (yes, really). And you *really* don't want to know how modesetting a multisync monitor at the other end of an IP-KVM works. The details have been known to make grown men cry. ;) pgpTARz05Tlbs.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On Tue, Jan 24, 2012 at 6:45 PM, Ben Bucksch wrote:
> ...
> "The VNC protocol (RFB) is very simple, based on one graphic primitive
> from server to client ('Put a rectangle of pixel data at the specified
> X,Y position') and event messages from client to server."
what Dan was trying to point out to you was the vast difference in
attack surface between an IP KVM and the VNC protocol and
architecture.
IP KVM: keyboard, video, mouse interface to physical ports. dumb dumb dumb.
VNC: not so simple full of bugs year after year privileged service
running on host hooking into various OS facilities and exposing all
sorts of vulnerabilities between server and client. sma^H^H^H^H stupid
stupid stupid (from a security perspective)
if you believe these present *precisely* the same risk profile,
well... can i have some of what you're smoking?
On Tue, Jan 24, 2012 at 6:34 PM, Ben Bucksch wrote:
> On 25.01.2012 02:05, coderman wrote:
>> you keep using that word.
>> i do not think it means what you think it means...
>
> Where else did I use that word?
> And what does it mean, in your understanding, that differs from my usage? I
> checked the dict and it seems fine.
let me spell it out: your precise equivalency between a KVM device and
a VNC service is neither accurate nor correct.
http://www.youtube.com/watch?v=OHVjs4aobqs
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On 25.01.2012 00:52, Henri Salo wrote:
> On Wed, Jan 25, 2012 at 12:47:28AM +0100, Ben Bucksch wrote:
>> On 25.01.2012 00:09, Dan Kaminsky wrote:
>>> IP KVM, in which the foreign server basically gets only inbound
>>> Keyboard and Mouse and outbound uncompressed pixels.
>> That is *precisely* what VNC is: an open-source IP KVM.
> What the hell? Seriously..
>
> http://en.wikipedia.org/wiki/VNC
hihi. Thanks.
"It transmits the keyboard and mouse events from one computer to
another, relaying the graphical screen updates back in the other
direction, over a network."
"The VNC protocol (RFB) is very simple, based on one graphic primitive
from server to client ('Put a rectangle of pixel data at the specified
X,Y position') and event messages from client to server."
Compare to above.
Now, the part where it defines that clipboard is also a standard part of
VNC... oh, huch, it's not there! (Just a random note that Unicode is
impossible, but not that clipboard is defined as part of the protocol at
all.) Ah, I know... Surely, it must be on
... No, same thing there.
Strange.
So much for the lulz...
Ben
P.S. I was just reporting bug. I hope at least some software finds a
better solution. Have fun.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On Tue, Jan 24, 2012 at 3:47 PM, Ben Bucksch wrote: > ... > That is *precisely* what VNC is: an open-source IP KVM. *precisely* ?? you keep using that word. i do not think it means what you think it means... this thread is full of lulz; you newbs might want to check out http://wiki.qubes-os.org/trac/wiki/CopyPaste ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On Wed, Jan 25, 2012 at 12:47:28AM +0100, Ben Bucksch wrote: > On 25.01.2012 00:09, Dan Kaminsky wrote: > > IP KVM, in which the foreign server basically gets only inbound > > Keyboard and Mouse and outbound uncompressed pixels. > > That is *precisely* what VNC is: an open-source IP KVM. What the hell? Seriously.. http://en.wikipedia.org/wiki/VNC - Henri ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On 25.01.2012 00:09, Dan Kaminsky wrote: > IP KVM, in which the foreign server basically gets only inbound > Keyboard and Mouse and outbound uncompressed pixels. That is *precisely* what VNC is: an open-source IP KVM. And please don't turn this into "you're stupid", because I've seen others with the same setup. As mentioned, I know of a government agency with highly competent IT staff who had a similar setup: normal and sensitive work is on the desktop/notebook and Internet access (which is considered insecure) is on a remote machine, with a viewer on the desktop. To make it clear: I take offense in the copying being *automatic*. I have nothing against the clipboard feature, per se. But if something happens automatically, how am I supposed to know that it happens? The user should make a conscious choice. That thinking would also help him realize the risk. "Secure by default". ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
Those who try to manage potentially malicious servers do so over IP KVM, in which the foreign server basically gets only inbound Keyboard and Mouse and outbound uncompressed pixels. Anything more is untrusted, for a reason. On Tue, Jan 24, 2012 at 5:50 PM, Nick FitzGerald wrote: > Ben Bucksch wrote: > > > Even then, that is not sufficient, as explained in length. > > No -- what you "explained in length" _and_ seem impervious to > understanding, despite a couple of respondents explaining it quite > clearly, is that you have chosen to perform ongoing "sensitive" work in > an environment where doing so is, at best, represents a highly > questionable security stance. > > _Part_ of what contributes to that questionability is your choice to > more-or-less continuously run an application that you should always > have known leaks access to the clipboard of what you oddly choose to > describe as a "trusted desktop" (odd, because you should know that > exposing the host clipboard to the client is common -- in fact, > probably the standard default -- functionality of VNC clients). > > That your chosen/preferred/whatever VNC client does not allow you to > turn off, or otherwise modify or monitor this functionality is not a > security vulnerability or bug, as you seem intent on portraying it. It > may be an undesirable feature (or, more accurately, lack of a feature) > but don't you have other VNC clients to choose from? Must you use this > particular VNC client? If so and this method of working is so critical > to you, should you not choose a different platform for your "trusted > desktop" and run a more suitably configurable VNC client? Or, if your > sensitive work is really that sensitive, should you not invest in a > second machine for remotely monitoring/interacting with the the > untrusted, sandboxed applications you need to run, so that they really > are securely separated (can we all say "air gap"?) from your more > "sensitive" operations? It would not have to be a very heavy-duty > machine -- a very low-end netbook style machine, or possibly even a > cheap tablet-style device may more than suffice... > > ... > > Another part of that questionability is obvious to anyone with nous > reading this list... > > > > Regards, > > Nick FitzGerald > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
Ben Bucksch wrote: > Even then, that is not sufficient, as explained in length. No -- what you "explained in length" _and_ seem impervious to understanding, despite a couple of respondents explaining it quite clearly, is that you have chosen to perform ongoing "sensitive" work in an environment where doing so is, at best, represents a highly questionable security stance. _Part_ of what contributes to that questionability is your choice to more-or-less continuously run an application that you should always have known leaks access to the clipboard of what you oddly choose to describe as a "trusted desktop" (odd, because you should know that exposing the host clipboard to the client is common -- in fact, probably the standard default -- functionality of VNC clients). That your chosen/preferred/whatever VNC client does not allow you to turn off, or otherwise modify or monitor this functionality is not a security vulnerability or bug, as you seem intent on portraying it. It may be an undesirable feature (or, more accurately, lack of a feature) but don't you have other VNC clients to choose from? Must you use this particular VNC client? If so and this method of working is so critical to you, should you not choose a different platform for your "trusted desktop" and run a more suitably configurable VNC client? Or, if your sensitive work is really that sensitive, should you not invest in a second machine for remotely monitoring/interacting with the the untrusted, sandboxed applications you need to run, so that they really are securely separated (can we all say "air gap"?) from your more "sensitive" operations? It would not have to be a very heavy-duty machine -- a very low-end netbook style machine, or possibly even a cheap tablet-style device may more than suffice... ... Another part of that questionability is obvious to anyone with nous reading this list... Regards, Nick FitzGerald ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On 24/01/2012 19:20, Ben Bucksch wrote: On 24.01.2012 20:08, Giles Coochey wrote: I have seen this is an often requested feature Yes, I understand. It can be highly useful. That's why I proposed to make a "Paste" button in the main toolbar (probably with a keyboard shortcut, too). So, the user would have to press one more button / key (3 actions instead of 2) to for the information to travel to the remote host. Compared to the risk, I think that's an acceptable tradeoff. Please tell me that you have never ever copied a password (or anything else highly sensitive) using the clipboard. I have done this, and I have understood the risks. I guess what makes my case and the government agency case different is that for you and others, VNC is typically the primary focus, but here on my machine it's running all the time, I have several test machines with untrusted software running and connected *always*. In my personal experience there was a case (a CDE - credit card data environment) where clipboard segregation between remote and local systems was a requirement. It was in this case that Citrix was chosen over other compteting 'remote-application' products because of a feature it had to disable the seamless clipboard functionality. I think it is the case on whether this is a security issue depends on whether the VNC viewer in question is a fit tool for what you're using it for. Otherwise others may say it's a feature and not a bug, or at least your bug is my feature. I would see if you could ask them to have it as an optional feature though. I would confirm that patch functions first - I found it in a thread regarding errors connecting to Mac OS X servers, and from the patch information, it may only stop the clipboard from server to client and not vice versa, but having seen it, I would imagine that you can find all the clipboard functions in the source and pretty much comment out their code. smime.p7s Description: S/MIME Cryptographic Signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On 24.01.2012 20:08, Giles Coochey wrote: > I have seen this is an often requested feature Yes, I understand. It can be highly useful. That's why I proposed to make a "Paste" button in the main toolbar (probably with a keyboard shortcut, too). So, the user would have to press one more button / key (3 actions instead of 2) to for the information to travel to the remote host. Compared to the risk, I think that's an acceptable tradeoff. Please tell me that you have never ever copied a password (or anything else highly sensitive) using the clipboard. I guess what makes my case and the government agency case different is that for you and others, VNC is typically the primary focus, but here on my machine it's running all the time, I have several test machines with untrusted software running and connected *always*. > --- a/src/vncconnection.c > +++ b/src/vncconnection.c Thanks for the patch! Giles +1 Ben ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On 24/01/2012 16:06, Ben Bucksch wrote:
On 24.01.2012 16:32, Giles Coochey wrote:
Many viewers, including RealVNC have the option to disable the shared
clipboard. Check your preferences.
Indeed. But Vinagre doesn't.
Even then, that is not sufficient, as explained in length.
I'm afraid as others have pointed out that by putting something in the
Clipboard any local application can access that data, that's the point
of the clipboard, to transfer the data between applications.
Now your argument is that you use an application that passes that
clipboard to a remote server. From the forum posts I have seen this is
an often requested feature and not usually considered a bug. The bug is
what you're using the clipboard for, as you could have phrased your post
that the problem is that the clipboard uses a plain text storage
mechanism which makes the clipboard unsuitable for secure storage.
In any case, while not an option, there is a trivial patch to disable
clipboard sharing in Vinagre:
--- a/src/vncconnection.c
+++ b/src/vncconnection.c
@@ -1579,14 +1579,7 @@
gboolean vnc_connection_client_cut_text(VncConnection *conn,
const void *data, size_t length)
{
- guint8 pad[3] = {0};
-
- vnc_connection_buffered_write_u8(conn, 6);
- vnc_connection_buffered_write(conn, pad, 3);
- vnc_connection_buffered_write_u32(conn, length);
- vnc_connection_buffered_write(conn, data, length);
- vnc_connection_buffered_flush(conn);
- return !vnc_connection_has_error(conn);
+ return TRUE;
}
smime.p7s
Description: S/MIME Cryptographic Signature
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On 24.01.2012 19:18, Mario Vilas wrote: > You're reporting that if you copy and paste sensitive information and > connect to a VNC session your clipboard data gets sent to the remote > machine. That's pretty obvious If I have a VNC window somewhere on my desktop (in my case a virtual desktop or minimized), and continue with my work, 3 hours later when I work on some document or use some webapp, I don't remember that I have VNC session open and no, it's not obvious at all that this other host can read the communication between my local apps. > On top of that, the attack scenario doesn't sound too good either. I > fail to see why would you need to copy&paste a password to access an > untrusted machine and then worry that machine might get to see the > password to itself. You misunderstood. The remote machine can see *any* clipboard entries, even if I do something entirely different in a completely different application. I am browsing or using SSH and paste my password there, because the FF password manager failed, or I'm in a word processor or email app and write some document, which is entirely unrelated to the VNC session. I haven't looked at the VNC host since hours (but I have it constantly open for tasks that I need to do with untrusted software in a jail). ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On 24.01.2012 18:07, Mario Vilas wrote: > Expected result is to have the clipboard text sent to the remote > machine, if you have your client configured to do so But I haven't done so. That's the bug. > security sensitive environment you wouldn't be using the clipboard for > passwords anyway. And you wouldn't be allowed to use copy&paste while you edit sensitive documents either, I guess? Guys, could you please read carefully everything before you reply? Ben ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On 24.01.2012 16:32, Giles Coochey wrote: > Many viewers, including RealVNC have the option to disable the shared > clipboard. Check your preferences. Indeed. But Vinagre doesn't. Even then, that is not sufficient, as explained in length. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
> Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. > And you wouldn't be allowed to use copy&paste while you edit sensitive > documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. On top of that, the attack scenario doesn't sound too good either. I fail to see why would you need to copy&paste a password to access an untrusted machine and then worry that machine might get to see the password to itself. Also,most VNC servers store the password in clear text in the configuration, and the entire protocol is in plain text, for crying out loud. A scenario where this could be a problem is so bizarre I sincerely can't blame the -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
> Guys, could you please read carefully everything before you reply? I read carefully. It still didn't make sense, though. > And you wouldn't be allowed to use copy&paste while you edit sensitive > documents either, I guess? I don't know how you could get to such a conclusion from what I wrote. You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged. On top of that, the attack scenario doesn't sound too good either. I fail to see why would you need to copy&paste a password to access an untrusted machine and then worry that machine might get to see the password to itself. Also,most VNC servers store the password in clear text in the configuration, and the entire protocol is in plain text, for crying out loud. A scenario where this could be a problem is so bizarre I sincerely can't blame the developers for downright ignoring you. Instead of crying wolf, it would have been much more sensible to go for a no-nonsense approach and just ask the Vinagre developers to add the same option every other VNC client has to disable the clipboard sharing, just because it's a good option to have. My bet is they would have listened. -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On Tue, Jan 24, 2012 at 2:34 PM, Ben Bucksch wrote: > Actual result: > notepad.exe shows "My password" > Expected result: > Nothing. No. Expected result is to have the clipboard text sent to the remote machine, if you have your client configured to do so. In a really security sensitive environment you wouldn't be using the clipboard for passwords anyway. Or you would disable clipboard sharing. Or you wouldn't use a cleartext protocol to begin with. You might as well report that if the user copies the password to the clipboard at any other point during the session it also gets sent to the server. I don't see why this should be the concern of the developers of any VNC client. -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
On 2012-01-24 13:34, Ben Bucksch wrote: > Affected Products: GNOME Vinagre and many other VNC viewers > > Reproduction: > 1. On your trusted desktop (e.g. Linux), open a text editor > 2. Type "My password", select the text, and hit Ctrl-C > 3. Open a Vinagre VNC connection to a remote host, e.g. running an > untrusted Windows > 4. On the remote Windows host, open notepad.exe > 5. In notepad's menu bar, using the mouse, click on Edit|Paste > > Actual result: > notepad.exe shows "My password" > Expected result: > Nothing. > > Impact: > Because I use a different password for every service, I have to > copy&paste them > (on my trusted desktop). > > However, the remote machine is not trusted. In some cases, it's owned > by > a different company, in other cases I use VNC and a different machine > specifically because I don't trust the software and want it jailed. > If > the untrusted host can get to my passwords from my trusted desktop, > that's a critical security hole, because my passwords leak, and they > may > well give full access to other machines, my bank account or other > highly > sensitive data. > > Affected users: > Using VNC is common usage pattern also used by government agencies > handling highly sensible documents (on the trusted host desktop > system) > while moving dangerous but necessary uses like Internet access, > Windows > system > and similar needs on physically different machines that are accessed > via > VNC. > The purpose is that the untrusted system has no way to get to the > information > on the trusted desktop, but that assumption is violated here. > > Even normal users will be at risk. Many copy&paste passwords, or they > copy&paste snipplets of sensitive Word processing documents, e.g. > business plans. > > Solution: > Given that most users are unaware of this risk, although the danger > may > nevertheless be very real for them, it is necessary for the default > configuration to be secure. They cannot be expected to actively > change > preferences or the software to protect themselves, because the > problem > isn't obvious in the first place. > >Possible solutions: > 1) a pref, with default off and a clear warning about this problem, > because many users will not be aware of it. A pref with default on or > without a clear warning is *not* sufficient. > 2) Better yet: A button on the toolbar "Copy clipboard" Text is > copied > from host desktop clipboard to remote machine clipboard only when > that > button is pressed. > 3) A combination of 1) and 2) > Many viewers, including RealVNC have the option to disable the shared clipboard. Check your preferences. -- Message sent via my webmail account. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] VNC viewers: Clipboard of host automatically sent to remote machine
Affected Products: GNOME Vinagre and many other VNC viewers Reproduction: 1. On your trusted desktop (e.g. Linux), open a text editor 2. Type "My password", select the text, and hit Ctrl-C 3. Open a Vinagre VNC connection to a remote host, e.g. running an untrusted Windows 4. On the remote Windows host, open notepad.exe 5. In notepad's menu bar, using the mouse, click on Edit|Paste Actual result: notepad.exe shows "My password" Expected result: Nothing. Impact: Because I use a different password for every service, I have to copy&paste them (on my trusted desktop). However, the remote machine is not trusted. In some cases, it's owned by a different company, in other cases I use VNC and a different machine specifically because I don't trust the software and want it jailed. If the untrusted host can get to my passwords from my trusted desktop, that's a critical security hole, because my passwords leak, and they may well give full access to other machines, my bank account or other highly sensitive data. Affected users: Using VNC is common usage pattern also used by government agencies handling highly sensible documents (on the trusted host desktop system) while moving dangerous but necessary uses like Internet access, Windows system and similar needs on physically different machines that are accessed via VNC. The purpose is that the untrusted system has no way to get to the information on the trusted desktop, but that assumption is violated here. Even normal users will be at risk. Many copy&paste passwords, or they copy&paste snipplets of sensitive Word processing documents, e.g. business plans. Solution: Given that most users are unaware of this risk, although the danger may nevertheless be very real for them, it is necessary for the default configuration to be secure. They cannot be expected to actively change preferences or the software to protect themselves, because the problem isn't obvious in the first place. Possible solutions: 1) a pref, with default off and a clear warning about this problem, because many users will not be aware of it. A pref with default on or without a clear warning is *not* sufficient. 2) Better yet: A button on the toolbar "Copy clipboard" Text is copied from host desktop clipboard to remote machine clipboard only when that button is pressed. 3) A combination of 1) and 2) Vendor response: The maintainer of the application has been informed via bugzilla, but has refused to acknowledge it as security problem. https://bugzilla.gnome.org/show_bug.cgi?id=668544 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
