Bugtraq mailing list archives
Weakness In "The Matrix" Screensaver For Windows
From: nick.boyce () EDS COM (Boyce, Nick)
Date: Mon, 4 Oct 1999 16:26:04 +0100
Summary: "The Matrix" Windows 9.x/NT screensaver password protection doesn't work. This is *not* a major problem, especially for those folks who stick to guidelines and never install any screensavers that weren't supplied by Microsoft with Windows ;-). In fact it hardly seems worth bothering Bugtraq with it, except that so many admins seem to be quite taken with "Matrix theory" ... [ I tried informing the owners of this "product" by emailing webmaster () whatisthematrix com, but my email was bounced (connection refused), so they've had their chance - other folks need to know. ] Copy of what I emailed to the authors of the "Matrix" screensaver available at http://www.whatisthematrix.com : ======================< cut >======================= Dear Whoever-runs-your-website, I just downloaded your Matrix screensaver for Windows 95/NT (for which : thanks) and having now tried it I feel I must bring to your attention a *serious* security bug in the screensaver :- Running on Windows 95 OSR2, if I set the "Password protected" screensaver option, then when the screen saver is running, if I move the mouse or press a key to wake the screensaver up, a password prompt appears as it should, but I can then simply press the "Escape" keyboard key and the screensaver terminates with no password required - aaaaggghh ! Given the popularity of the Matrix film among computer industry people, I imagine many people are running the screensaver, and therefore are subjecting themselves to a significant risk of unauthorised access to their PCs. I decided I should inform you of the bug, to give you a chance to fix it, before I start publicising the risk in the regular security forums on the Internet. ======================< cut >=======================
Nick Boyce Systems Team, EDS Healthcare, Bristol, UK
Current thread:
- Re: Sample DOS against the Sambar HTTP-Server, (continued)
- Re: Sample DOS against the Sambar HTTP-Server Dennis Conrad (Oct 08)
- Re: Sample DOS against the Sambar HTTP-Server syz (Oct 09)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Sep 30)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Casper Dik (Oct 01)
- RFP9904: TeamTrack webserver vulnerability .rain.forest.puppy. (Oct 02)
- Fix for ssh-1.2.27 symlink/bind problem Scott Gifford (Oct 02)
- Re: Fix for ssh-1.2.27 symlink/bind problem Eivind Eklund (Oct 04)
- Re: Fix for ssh-1.2.27 symlink/bind problem Toomas Kiisk (Oct 05)
- Re: Fix for ssh-1.2.27 symlink/bind problem Olaf Seibert (Oct 04)
- Re: Fix for ssh-1.2.27 symlink/bind problem Dan Astoorian (Oct 05)
- Weakness In "The Matrix" Screensaver For Windows Boyce, Nick (Oct 04)
- Re: Weakness In "The Matrix" Screensaver For Windows Glenn Walker (Oct 05)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Chris Keane (Oct 01)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Sylvain Robitaille (Oct 04)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Oct 04)
- FireWall-1 weakness? Rosner, D (Oct 04)
- WIn98 port security query Jay R. Ashworth (Oct 01)