lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20030730130247.T62092@carver.gumbysoft.com>
Date: Wed, 30 Jul 2003 13:07:05 -0700 (PDT)
From: Doug White <dwhite@...bysoft.com>
To: Patrick Haruksteiner <haruk@....at>
Subject: Re: Another Mac OS X ScreenSaver Security Issue (after Security   
 Update 2003-07-14)


On Tue, 29 Jul 2003, Patrick Haruksteiner wrote:

> I discoverd another security issue with the Mac OS X screensaver.
> If you have installed escapepod from Ambrosia Software and hit
> crtl-alt-delete(==backspace) when the screensaver with password
> protection is running, it kills the screensaver and the desktop is
> open to anybody - so it has the same effect as the recently
> emerged password-exploit.

This is not a bug in Apple software. This is a third party extension.

Ambrosia's Escape Pod is a utility that kills the frontmost app when the
shortcut keystroke is typed. Naturally it does not ship with MacOS X.

Since the screen saver is just another application (called
ScreenSaverEngine), if you hit the kill key when its running, it gets
killed.  Fancy that!

You should really report this to Ambrosia, and ask for a feature that
inhibits the kill functionality for specific applications.

-- 
Doug White                    |  FreeBSD: The Power to Serve
dwhite@...bysoft.com          |  www.FreeBSD.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ