World of VNC
worldofvnc.netWe had a major thread about something similar a few weeks ago: https://news.ycombinator.com/item?id=11367666. Is this story significantly different?
This site is actually up (unlike the roulette one) and seems to also show IPs (I don't think the previous one showed IPs).
On this screen one can see the scanners ip: http://imgur.com/INXXlbI
Ha! I wonder if whomever was using that VNC session had an "oh shit" moment there.
After disabling an adblock have several new tabs with mackeeper site opened =(
Turned adblock on again
Yeah I saw the "please disabled adblocker message" with a cute cat. I then thought about what the site was doing and I decided to keep it on and close out the site instead.
Not every ad network accepts my website. If you think my project is cool, please donate by using bitcoin or PayPal. Link is on the homepage.
Your support (with or without donation) is greatly appreciated!
https://worldofvnc.net/browse.php?id=177 I just hope it's not what it looks like
>> I found 3567 servers that were unprotected.
That's pretty low for scanning the whole internet. Either VNC isn't used that much or I was simply expecting 10 times as many servers.
I run an unprotected VNC server at home, but its not open to the world because I'm using a router that doesn't expose local ports, like most people.
Unprotected VNC servers != all VNC servers, or even weak VNC servers. You could probably brute force into a lot more, but that's definitely illegal.
It is low, Shodan has found more than 10,000 VNC that have disabled authentication:
https://www.shodan.io/search?query=rfb+authentication+disabl...
And there are roughly 550,000 VNC servers on the Internet:
Geezus he included the hostnames and IPs? This is so insanely irresponsible.
I'd argue it's responsible. Security through obscurity is no security at all.
Avoiding security through obscurity is a topic for people in the crypto industry. Random people with misconfigured VNC servers most likely aren't computer experts, and revealing their addresses is pointless and irresponsible. Yes, maybe making this information public will cause them to fix their configuration. More likely, they will just be attacked.
Sooooo many of these look so disturbingly like industrial process control... and this is on the HN front page... I think some people are gonna have a bad day.
I like this one:
https://worldofvnc.net/browse.php?id=2677
It looks like the LCD display of some embedded system, something I would have never expected to see over VNC.
An industrial controller: https://worldofvnc.net/browse.php?id=981
https://worldofvnc.net/browse.php?id=2113 judging by the tab names, some Russian botnet HQ.
Browsing those are fun. I wonder what that is http://i.imgur.com/c796ANj.jpg
It's a grain elevator.
First guess is a grain dryer
Those are not cheap pieces of equipment to run and I hope like hell it is not remote controllable. You can make or break an elevator operation by how you deal with moisture.
That makes sense, thanks.
I was surprised I did not see porn.
Here's a really funny one:
https://worldofvnc.net/browse.php?id=440
I wonder whether anyone connected and upgraded him to Windows 10...
That one is really weird: https://worldofvnc.net/browse.php?id=1107
I got no clue so far.. but so many questions!
This is terrifying.
So many live systems, from CNC lathes through den feeders and boiler controllers to entire city water treatment facilities..
I'm interested to see that they only found 3567 open servers, whereas a scan I have from a couple years ago shows 7573 entries.
Now is it just a difference in scanned ports or a genuine improvement in security, I can't tell, but I can only hope.
Their numbers are too low. Shodan has found closer to 12,000 servers that have disabled authentication.
wind-farm: https://worldofvnc.net/browse.php?id=2116
Now, that's an ode to the Internet of (Shitty) Things (https://twitter.com/internetofshit?lang=en).
i think it is obligatory to mention that Intel CPUs (which have vPro enabled, ie. Xeons and some others) have VNC server built-in on the chip.