Bugtraq mailing list archives
Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14)
From: Brian Eckman <eckman () umn edu>
Date: Thu, 31 Jul 2003 15:07:49 -0500
Gavin Hanover wrote:
I don't quite agree. Windows uses control-alt-delete as a security device. It binds those keys as a hotkey in such a way that no other aplication can replace it. This is why it is used at logon; it prevents a user from creating a program that looked like a logon prompt, and could bind the control-alt-delete keys to display a password prompt. (pressing control-alt-delete in any application other than the logon screen would display the "shutdown/logoff/task manager" window, at which point you would know not to enter your password in any prompt) If someone were to find a way to bind to those hotkeys, would you then consider this a security issue with Windows? If so, how is Apple's failure to block kill calls to the screen saver not a security issue? Gavin
Windows does allow others to bind to those hotkeys. The Novell client is a good example. The Novell NDS password can be used to unlock the screen saver, without requiring the Windows password to be entered. Obviously other programs could bypass the Windows authentication as well.
Brian -- Brian Eckman Security Analyst OIT Security and Assurance University of Minnesota 612-626-7737 "There are 10 types of people in this world. Those who understand binary and those who don't."
Current thread:
- Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Patrick Haruksteiner (Jul 30)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Doug White (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Patrick Haruksteiner (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) mns (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Gavin Hanover (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Brian Eckman (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Fred Noltie (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Patrick Haruksteiner (Jul 31)
- Re: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) Doug White (Jul 31)
- <Possible follow-ups>
- RE: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) CHRIS GRABENSTEIN (Jul 31)