lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: petard at sdf.lonestar.org (petard)
Subject: MacOSX - crash screensaver locked with password and get the desktop back

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> how? - you ask.
> i don't know the exact amount of characters, only that if you leave a
> key pressed for 5 minutes or more and then hit the enter key, you crash
> the screensaver and gain access to the desktop.
> you can mess the desktop and all around it (network, mail, docs,
> anything you can imagine).

it's much easier than that to reproduce; with the right combination of
cut and paste (think emacs key bindings) you can overfill  the field and
get through in just a few seconds :-). on one of the machines here
(version 10.2.6 for those who care) it took 10 - 15 seconds in most
cases.

hopefully no one considered the screensaver to be much protection...

regards,
petard

- --
"Increasingly, people seem to misinterpret complexity as sophistication,
which is baffling - the incomprehensible should cause suspicion rather
than admiration."
    -- Niklaus Wirth
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (NetBSD)

iD8DBQE/BfS8gkiZ59A0kiQRAnDWAKCBZ488UiCiuBHCPw3rppKfyWe0JACfTjM/
ZfkH/3Pe+Eb8XCiydw5j+Qk=
=sJay
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists