Mac OS 9 Idle Lock Bug

[ssh () SHN NU (Sean Sosik-Hamor)]

I know the chatter on Bugtraq is usually reserved for UNIX and NT
issues, however I found a bug in the Mac OS 9 idle locking function
that's built-in to the operating system.  It's possible to set up the
Finder so that, if the current user goes idle, the screen will be
locked.  A simple dialog box is displayed stating that the system has
been idle for too long and a password must be entered.

You have two options.  Click OK and enter the password to return to
your session or click OK and click Log Out.  It's possible to seize
control of Mac OS under certain conditions by clicking Log Out.

Some applications have the "feature" of asking you if you're sure that
you want to quit.  For example, if connected to a UNIX host using
NiftyTelnetSSH, it will ask you if you're sure you want to disconnect
when the application quits.  Other applications with unsaved data will
ask if you want to save changes.  Most of these dialog boxes have OK
and Cancel or Yes, No and Cancel for options.  Hitting Cancel at any
of these "are you use" dialog boxes will stop the logout process and
return you to the current session.

Now, being primarily a UNIX user that also uses Mac OS for graphics
and Web page design, I realize that relying on Mac OS for physical
security is about as silly as relying on the Windows 95 password
"protected" screensaver for security.  I just figured that I'd point
out this small issue because the Mac OS 9 ads seem to be pushing the
added security benefits of upgrading to Mac OS 9 and its voiceprint
password protection.

/Sean/