A few days ago a vulnerability in RealVNC was discovered allowing anyone to take over a desktop without any authentication at all (the client is allowed to select the authentication mechanism, of which one is "none"). Not too smart, but ohwell :s I wonder how much this effects the other VNC derivatives, since I thought their code was based off the "original" VNC. However, if they’re fixed, why didn’t they alert the RealVNC maintainers?
In the meanwhile I saw a basic scanner and a refined multithreaded scanner appear on Bugtraq . Fun for the kiddies! I don’t really do any firewall logging at the moment, but as noted in Filbert’s blog, scanning has certainly taken a steep curve upwards.
Incoming Links (via Technorati):
- An Interview With Dr. Wallace J Nichols, Blue Marbles Project Founder
Technorati's exclusive interview with Ocean Biologist Dr. Wallace J. Nichols, founder of the Blue Marbles Project. - About Antioxidants
Antioxidants, ORACs and free-radicals, oh my! - Ministers Caught Watching Porn in the Legislative Assembly
Two Karnataka BJP ministers caught watching porn film in Legislative assembly - From Titanic to Concordia
A Century After the Titanic Disaster, A Rush to Compare the Costa Concordia's Fate - South's Tallest Skyscraper Sold At Auction Today
BofA Plaza Not in Distress, but Disgusted