| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 31 Jul 2003 16:28:46 -0400 From: "CHRIS GRABENSTEIN" <LFGRABC@...VCCS.EDU> To: <bugtraq@...urityfocus.com> Subject: RE: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14) That's not really allowing another program to bind the keys. In the case of the Netware client, Microsoft's GINA is completely replaced by the NWGINA which handles the authentication at that point. It doesn't simply bypass MS's GINA unless I'm incredibly misinformed. A malicious user can certainly write their own GINA, but I don't think that's on the same level as simply remapping some keys. I also don't believe you can have multiple GINAs in use at once. |-----Original Message----- |From: Brian Eckman [mailto:eckman@....edu] |Sent: Thursday, July 31, 2003 4:08 PM |To: Gavin Hanover; bugtraq@...urityfocus.com |Subject: Re: Another Mac OS X ScreenSaver Security Issue |(after Security Update 2003-07-14) | | |Gavin Hanover wrote: |> I don't quite agree. Windows uses control-alt-delete as a security |> device. It binds those keys as a hotkey in such a way that no other |> aplication can replace it. <snip> |> Gavin | | |Windows does allow others to bind to those hotkeys. The Novell |client is |a good example. The Novell NDS password can be used to unlock |the screen |saver, without requiring the Windows password to be entered. Obviously |other programs could bypass the Windows authentication as well. | |Brian |-- |Brian Eckman |Security Analyst |OIT Security and Assurance |University of Minnesota |612-626-7737 | |"There are 10 types of people in this world. Those who |understand binary and those who don't." | |
Powered by blists - more mailing lists