> Am I wrong? > Wouldn't they have to sniff packets and decrypt to get the password? > suppose it can be done, but I don't know that anyone is doing it.
I don't know about packet sniffing, but the password can be comprised. You can read the WinVNC password from the registry and there is a "vncdec.c" program that will decrypt the password for you. There's no registry security on 95/98 - so how hard would it be for a hacker to access it? <shrug>. NT/2000 are better, but we all know that those systems can and are hacked. What's the deal with programs like zVNC. They use a different connection mechanism, so am I write in saying that the connection is secure, but the registry loophole remains. The question is: can packets be sniffed and this encrypted password be broken with the same registry key code cracker? Any volunteers? IMO, one solution would be some sort of SSH (or local VPN?) connection to the VNC host and then connect via loopback. Easy enough on unix, but not so easy on Windows. I guess this would a pefect use for a modular VNC distro. :-) But then if you want to hack someones system, I'd say you'd go for the weakest systems first. Try your hand at comprimising the local box first. Trawl the registry for saved passwords, or even old PWL files....... Failing that, just ring up and ask a user..... it's surprising how many people will just tell you their password over the phone. Later, Richard "Service, price , quality: pick any two." _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
