> method allows anyone to sniff your passwords and traffic since it is > unencrypted. This is not totally correct. The VNC authentication is (last time I checked) 56-bit DES challenge/response. It has been pretty trivially brute-forceable for more than 5-years, but the password itself is not sniffable. alex