• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

REMOTE logins

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
T T Version
Just Arrived
Just Arrived


Joined: 08 Jul 2002
Posts: 0
Location: DA

Offline

PostPosted: Sun Mar 30, 2003 5:34 am    Post subject: REMOTE logins Reply with quote

do u all believe that those remote login softwares like vnc and pcanywhere have exploits.

they all work on there own ports.maybe there is a way to send data remotely on the same port some other way apart from using there gui what u think?.
is this posible man
Back to top
View user's profile Send private message AIM Address MSN Messenger
myhatisred
Just Arrived
Just Arrived


Joined: 11 Jan 2003
Posts: 0


Offline

PostPosted: Sun Mar 30, 2003 8:08 am    Post subject: Reply with quote

Of course it's possible you just have to format the packets to look like they're being sent from PC Anywhere. Just remember one thing, NOTHING is 100% secure unless it's a standalone computer, in a concrete vault underground.
Back to top
View user's profile Send private message Visit poster's website AIM Address
GSecur
Trusted SF Member
Trusted SF Member


Joined: 30 Sep 2002
Posts: 16777215


Offline

PostPosted: Sun Mar 30, 2003 8:54 am    Post subject: Reply with quote

Quote:
do u all believe that those remote login softwares like vnc and pcanywhere have exploits.


Older versions of VNC have well documented exploits. Many home users of PCAnywhere do not even set a password on the service. (If you call that an exploit Confused )

So the answer to your question is yes.

Quote:
NOTHING is 100% secure unless it's a standalone computer, in a concrete vault underground.


I'm not sure if anyone remembers this. But Microsoft use to claim that NT4.0 was c2config complient. But if you read the report, it was only that secure when disconnected from the network Smile
Back to top
View user's profile Send private message Send e-mail Visit poster's website
T T Version
Just Arrived
Just Arrived


Joined: 08 Jul 2002
Posts: 0
Location: DA

Offline

PostPosted: Sun Mar 30, 2003 9:00 am    Post subject: Reply with quote

hahah aint that a bitch.

what do u mean by c2config complient anyway.?
Back to top
View user's profile Send private message AIM Address MSN Messenger
GSecur
Trusted SF Member
Trusted SF Member


Joined: 30 Sep 2002
Posts: 16777215


Offline

PostPosted: Sun Mar 30, 2003 9:08 am    Post subject: Reply with quote

C2 Security Standard, it's a military (and or government) security standard that was outlined in the Orange Book.

It's a baseline for "Command & Control" systems. Or pretty much any computer system the military feels is mission essential.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
flw
Forum Fanatic
Forum Fanatic


Joined: 27 May 2002
Posts: 16777215
Location: U.S.A.

Offline

PostPosted: Mon Mar 31, 2003 5:32 am    Post subject: Reply with quote

So GSecur do you have any Signal time in? If so does any of these sound familar: 31S, 31P, 31U, 31W, 74B or 74C?

Or just contractor?
Back to top
View user's profile Send private message Visit poster's website
AudioPro
Just Arrived
Just Arrived


Joined: 13 Jan 2003
Posts: 0


Offline

PostPosted: Mon Mar 31, 2003 6:24 am    Post subject: Reply with quote

Older versions of VNC didn't watch for many failed login attempts in a row, so they were easy to brute force a login. That's been since updated, and I believe VNC now locks out logins after a small number of failed attempts in a row.
Back to top
View user's profile Send private message
TheKingster
Link Spammer
Link Spammer


Joined: 03 May 2002
Posts: 0
Location: UK

Offline

PostPosted: Mon Mar 31, 2003 10:14 am    Post subject: Reply with quote

AudioPro wrote:
Older versions of VNC didn't watch for many failed login attempts in a row, so they were easy to brute force a login. That's been since updated, and I believe VNC now locks out logins after a small number of failed attempts in a row.


Yeh 3.

But if its left for a few minutes it resets itself and you get three attempts again.
Back to top
View user's profile Send private message
GSecur
Trusted SF Member
Trusted SF Member


Joined: 30 Sep 2002
Posts: 16777215


Offline

PostPosted: Mon Mar 31, 2003 1:28 pm    Post subject: Reply with quote

Quote:
So GSecur do you have any Signal time in? If so does any of these sound familar: 31S, 31P, 31U, 31W, 74B or 74C?

Or just contractor?


Not a contractor Confused Unfortunatly They were payed better.

Active duty Air Force (4 years) 3CO51 , a Computer Operator.

Sorry I never did an Signal Time Smile
Back to top
View user's profile Send private message Send e-mail Visit poster's website
xion
Just Arrived
Just Arrived


Joined: 09 Apr 2003
Posts: 0


Offline

PostPosted: Wed Apr 09, 2003 8:35 pm    Post subject: Reply with quote

GSecur wrote:
C2 Security Standard, it's a military (and or government) security standard that was outlined in the Orange Book.


ok sorry for the newbie question but what exactly is the Orange Book. I have read some where there are all kinds of these books. is there any way i can get them? and from where? =)
Back to top
View user's profile Send private message
GSecur
Trusted SF Member
Trusted SF Member


Joined: 30 Sep 2002
Posts: 16777215


Offline

PostPosted: Wed Apr 09, 2003 8:41 pm    Post subject: Reply with quote

http://www.governmentsecurity.org/download..._books/aqua.zip

http://www.governmentsecurity.org/download..._books/blue.zip

http://www.governmentsecurity.org/download...books/brown.zip

http://www.governmentsecurity.org/download...ks/burgendy.zip

http://www.governmentsecurity.org/download...oks/darklav.zip

http://www.governmentsecurity.org/download...books/green.zip

http://www.governmentsecurity.org/download..._books/grey.zip

http://www.governmentsecurity.org/download...s/lightblue.zip

http://www.governmentsecurity.org/download...oks/orange1.zip

http://www.governmentsecurity.org/download...ooks/orange.zip

http://www.governmentsecurity.org/download...books/peach.zip

http://www.governmentsecurity.org/download..._books/pink.zip

http://www.governmentsecurity.org/download...ooks/purple.zip

http://www.governmentsecurity.org/download..._books/red1.zip

http://www.governmentsecurity.org/download...w_books/red.zip

http://www.governmentsecurity.org/download.../veniceblue.zip

http://www.governmentsecurity.org/download...ooks/yellow.zip
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register