Bugtraq mailing list archives
Re: Weakness In "The Matrix" Screensaver For Windows
From: ggwalker () MINDSPRING COM (Glenn Walker)
Date: Tue, 5 Oct 1999 17:15:30 -0400
Please note that the version that does not work is the one created with MacroMedia software. There is another version available that is not affected by this. Glenn -----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of Boyce, Nick Sent: Monday, October 04, 1999 11:26 To: BUGTRAQ () SECURITYFOCUS COM Subject: Weakness In "The Matrix" Screensaver For Windows Summary: "The Matrix" Windows 9.x/NT screensaver password protection doesn't work. This is *not* a major problem, especially for those folks who stick to guidelines and never install any screensavers that weren't supplied by Microsoft with Windows ;-). In fact it hardly seems worth bothering Bugtraq with it, except that so many admins seem to be quite taken with "Matrix theory" ... [ I tried informing the owners of this "product" by emailing webmaster () whatisthematrix com, but my email was bounced (connection refused), so they've had their chance - other folks need to know. ] Copy of what I emailed to the authors of the "Matrix" screensaver available at http://www.whatisthematrix.com : ======================< cut >======================= Dear Whoever-runs-your-website, I just downloaded your Matrix screensaver for Windows 95/NT (for which : thanks) and having now tried it I feel I must bring to your attention a *serious* security bug in the screensaver :- Running on Windows 95 OSR2, if I set the "Password protected" screensaver option, then when the screen saver is running, if I move the mouse or press a key to wake the screensaver up, a password prompt appears as it should, but I can then simply press the "Escape" keyboard key and the screensaver terminates with no password required - aaaaggghh ! Given the popularity of the Matrix film among computer industry people, I imagine many people are running the screensaver, and therefore are subjecting themselves to a significant risk of unauthorised access to their PCs. I decided I should inform you of the bug, to give you a chance to fix it, before I start publicising the risk in the regular security forums on the Internet. ======================< cut >=======================
Nick Boyce Systems Team, EDS Healthcare, Bristol, UK
Current thread:
- Re: Sample DOS against the Sambar HTTP-Server, (continued)
- Re: Sample DOS against the Sambar HTTP-Server syz (Oct 09)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Sep 30)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Casper Dik (Oct 01)
- RFP9904: TeamTrack webserver vulnerability .rain.forest.puppy. (Oct 02)
- Fix for ssh-1.2.27 symlink/bind problem Scott Gifford (Oct 02)
- Re: Fix for ssh-1.2.27 symlink/bind problem Eivind Eklund (Oct 04)
- Re: Fix for ssh-1.2.27 symlink/bind problem Toomas Kiisk (Oct 05)
- Re: Fix for ssh-1.2.27 symlink/bind problem Olaf Seibert (Oct 04)
- Re: Fix for ssh-1.2.27 symlink/bind problem Dan Astoorian (Oct 05)
- Weakness In "The Matrix" Screensaver For Windows Boyce, Nick (Oct 04)
- Re: Weakness In "The Matrix" Screensaver For Windows Glenn Walker (Oct 05)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Chris Keane (Oct 01)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Sylvain Robitaille (Oct 04)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Oct 04)
- FireWall-1 weakness? Rosner, D (Oct 04)
- WIn98 port security query Jay R. Ashworth (Oct 01)