The purpose that I had in mind was to aid in standardizing deployments and monitoring to be sure that the latest version is deployed across the entire network. I can easily do this on Windowz platforms by querying the registry or getting the metadata from the file, but things get a bit more complicated when crossing platforms. There are many other uses for this information. VNC is not the type of service that can gain much security benefit from hiding the version number. As one other poster pointed out, it can actually increase the security by letting the administrator know that a vulnerable version is installed on a workstation.
One way to secure this information would be to require authentication before being able to query the version number. That would at least keep out the hackers that haven't already hacked ya. ;) - Steve Bostedor http://www.vncscan.com -----Original Message----- From: Mike Miller [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 18, 2003 3:56 PM To: VNC List Subject: RE: Wish: Version Query :VSMail mx2 On Tue, 18 Mar 2003, William Hooper wrote: > I agree, security through obscurity is not security. On the other hand, > reporting the version gives an attacker just another piece of > information that is not needed by an authorized client. If the information is not needed, why is someone asking for VNC to provide it? Another respondent pointed out that it would be nice for administrators to be able to determine which machines on their networks were running which VNCs. Sounds useful. Mike _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list