| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <622BB5DE-DBDF-11D8-BAF7-0003939D6C78@westnet.com.au> Date: Thu, 22 Jul 2004 21:02:27 +0800 From: Adam Q <aqsalter@...tnet.com.au> To: full-disclosure@...ts.netsys.com Cc: bugtraq@...urityfocus.com Subject: Physical access exploit: Apple iTunes Visualiser disables screen lock The full-screen Apple iTunes Visualiser currently disables the screen lock timer on both Mac & PC. Synopsis: This a physical access security concern at present since anybody who uses the iTunes Visualiser in full-screen mode is essentially leaving their PC unlocked for that duration. Since many people leave the Visualiser on in office or POS situations this leads to a computer that can easily be accessed as the local user. Suggested workaround: Never leave a computer running iTunes Visualiser in full-screen mode unattended. Never deploy a computer with iTunes installed in a POS situation, and carefully consider the ramifications on the IT Security Policy in an office environment. Recommended action: Have the default be to lock the screen after the required time elapsed (exactly as if the screensaver became enabled) and have a preference to disable screen locking if the user wishes. Most users (and IT departments) would assume if they had screen locking enabled for their screensaver that they would be safe. iTunes is a registered trademark of Apple Computer Corp. --- Adam Q Salter aqsalter@...tnet.com.au _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists