[THIN] Re: Any thoughts about this?

• From: "Andrew Wood" <andrew.wood@xxxxxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Wed, 26 Mar 2008 15:10:35 -0000

v6 of the RDP protocol supports server authentication (although I'd expect
only to a W2k3 server) - which would mitigate against the attack that was
described against v5.2 as you have to verify the identity of the server
(http://www.microsoft.com/downloads/details.aspx?FamilyID=26f11f0c-0d18-4306
-abcf-d4f18c8f5df9
<http://www.microsoft.com/downloads/details.aspx?FamilyID=26f11f0c-0d18-4306
-abcf-d4f18c8f5df9&DisplayLang=en> &DisplayLang=en)

 

Although, to me, that'd mean you'd put your RDP connection raw out onto the
internet/external network and that doesn't sound pretty from a security
point of view - that said people've been doing that for years, and are still
doing it now (http://www.citrixthings.com/index.php?option=com_content
<http://www.citrixthings.com/index.php?option=com_content&task=view&id=25&It
emid=1> &task=view&id=25&Itemid=1)

 

:?

 

 

 

 

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Nick Smith
Sent: 26 March 2008 14:47
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: Any thoughts about this?

 

Mmm.it'd be nice if someone whipped back at me and said "yeah, this was
fixed in 5.x, you fool". I've got a client asking the question, and I don't
think he'll live with 'It's probably been fixed'J.

 

 

From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Jim Kenzig ThinHelp.com
Sent: 26 March 2008 14:43
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Any thoughts about this?

 

Other than the fact the article is over 3 years old and there have been
about 5 more versions of RDP released since I'd suspect that the issues have
been addressed.

JK

On Wed, Mar 26, 2008 at 10:40 AM, Nick Smith <nick@xxxxxxxxxxxxxxxxxx>
wrote:

Guys, have just read the article:

 

http://www.securiteam.com/windowsntfocus/5EP010KG0G.html

 

This suggests that pure RDP is significantly open to hacking. Any
comments/thought/has this been addressed?

 

Nick




-- 
Jim Kenzig 
Microsoft MVP - Terminal Services
http://www.thinhelp.com
Citrix Technology Professional
CEO The Kenzig Group
http://www.kenzig.com
Blog: http://www.techblink.com 

• References:
  • [THIN] Any thoughts about this?
    • From: Nick Smith
  • [THIN] Re: Any thoughts about this?
    • From: Jim Kenzig ThinHelp.com
  • [THIN] Re: Any thoughts about this?
    • From: Nick Smith

Other related posts:

• » [THIN] Any thoughts about this?
• » [THIN] Re: Any thoughts about this?
• » [THIN] Re: Any thoughts about this?
• » [THIN] Re: Any thoughts about this?
• » [THIN] Re: Any thoughts about this?
• » [THIN] Re: Any thoughts about this?
• » [THIN] Re: Any thoughts about this?
• » [THIN] Re: Any thoughts about this?
• » [THIN] Re: Any thoughts about this?

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription