A few days ago a vulnerability in RealVNC was discovered allowing anyone to take over a desktop without any authentication at all (the client is allowed to select the authentication mechanism, of which one is "none"). Not too smart, but ohwell :s I wonder how much this effects the other VNC derivatives, since I thought their code was based off the "original" VNC. However, if they’re fixed, why didn’t they alert the RealVNC maintainers?

In the meanwhile I saw a basic scanner and a refined multithreaded scanner appear on Bugtraq . Fun for the kiddies! I don’t really do any firewall logging at the moment, but as noted in Filbert’s blog, scanning has certainly taken a steep curve upwards.

Incoming Links (via Technorati):
Nothing Reported