Re: Remote Desktop/Term. Serv information leakage

From: Eric Smith (defcon47@yahoo.com)
Date: Fri Jul 01 2005 - 12:15:47 EDT

• Next message: Maximiliano Bertacchini: "Re: Keystroke logging"
• Previous message: Anthony: "Víagra To Jump Start Your Love Lífe"
• In reply to: kuffya@gmail.com: "Remote Desktop/Term. Serv information leakage"
• Next in thread: Kyle Maxwell: "Re: Remote Desktop/Term. Serv information leakage"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I tried this method with several exe files and it
doesnt work on the remote side. This doesnt suprise me
since you are talking about taking a binary file (exe)
and fooling the OS into believing the contents are
Ascii (txt). When you copy what is supposed to be
ASCII and try to convert it back to a binary form on
the remote side by renaming, the exe is corrupt.

At most, the only information leakage that you are
referring to would be documents that could be copied
and pasted over a RDP session. However, there are many
ways of transferring ascii, so this is a low risk at
most.

--- kuffya@gmail.com wrote:

> Hi list,
> One of our recent clients has a seperate 'isolated'
> network where they keep sensitive material. This
> network is not connected to the internet, is not
> physically accessible and you can only connect to it
> using remote desktop. They asked us to test if the
> isolated network was adequately protected.
> Here's what I discovered: When you start a Rem
> Desktop session from the main network to the
> isolated one you can actually copy and paste stuff
> across...this is only true for text not for complete
> files, and seems to be by design. What is more
> worrisome is that you can even copy across
> executables doing simple tricks such as
> 1)download an executable
> 2)change extension to .txt
> 3) copy (the text version) across to a notepad.
> 4)change it back to .exe
> So literally we have a significant leakage over
> here, introducing threats to the isolated network.
> I am posting this to ask your opinion on how this
> could be mitigated......I think that Remote Desktop
> is not possible to configure securely since it's not
> designed as such...and hence it transfers across
> anything it receives , be it mouse movements or
> copied & pasted text...
> So I was trying to think what would be the best
> solution, without spending a fortune on a 'secure'
> commercial solution, that is. Maybe something like
> SSH tunneling then Rem. Desktop or VNC or what?
> And do you think this 'bug' is something
> investigating any further? Is it something you
> people knew of?
>
> Thanks a lot.
>

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

• Next message: Maximiliano Bertacchini: "Re: Keystroke logging"
• Previous message: Anthony: "Víagra To Jump Start Your Love Lífe"
• In reply to: kuffya@gmail.com: "Remote Desktop/Term. Serv information leakage"
• Next in thread: Kyle Maxwell: "Re: Remote Desktop/Term. Serv information leakage"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:30 EDT