The purpose that I had in mind was to aid in standardizing deployments and
monitoring to be sure that the latest version is deployed across the entire network.
I can easily do this on Windowz platforms by querying the registry or getting
the metadata from the file, but things get a bit more complicated when crossing
platforms. There are many other uses for this information.
VNC is not the type of service that can gain much security benefit from hiding
the version number. As one other poster pointed out, it can actually increase the
security by letting the administrator know that a vulnerable version is installed on a
workstation.
One way to secure this information would be to require authentication before being
able to query the version number. That would at least keep out the hackers that
haven't already hacked ya. ;)
- Steve Bostedor
http://www.vncscan.com
-----Original Message-----
From: Mike Miller [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 18, 2003 3:56 PM
To: VNC List
Subject: RE: Wish: Version Query :VSMail mx2
On Tue, 18 Mar 2003, William Hooper wrote:
> I agree, security through obscurity is not security. On the other hand,
> reporting the version gives an attacker just another piece of
> information that is not needed by an authorized client.
If the information is not needed, why is someone asking for VNC to provide
it? Another respondent pointed out that it would be nice for
administrators to be able to determine which machines on their networks
were running which VNCs. Sounds useful.
Mike
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
http://www.realvnc.com/mailman/listinfo/vnc-list
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
http://www.realvnc.com/mailman/listinfo/vnc-list
