[ISN] Narrator Reads Password Aloud in Terminal Services Client

From: InfoSec News (isnat_private)
Date: Wed Jul 17 2002 - 06:57:11 PDT

Next message: InfoSec News: "[ISN] Security industry's hacker-pimping slammed"

Previous message: InfoSec News: "Re: [ISN] Sharp's Zaurus PDA suffers security holes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: Christian Wright <cwat_private>

I was researching something else when I came across this great little 
Microsoft Q article:

Two things:

1.  I like their definition of "resolution".  That's not a resolution 
- that's a workaround buddy...

2.  Status - "A-yup, that there is a problem alright.  Sure is. 
Whoo-boy.  Let's get some lunch..."

-=-

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q243243

Narrator Reads Password Aloud in Terminal Services Client (Q243243)
------------------------------------------------------------------------
The information in this article applies to:
*	Microsoft Windows 2000 , Advanced Server 
*	Microsoft Windows 2000 , Professional 
*	Microsoft Windows 2000 , Server 
------------------------------------------------------------------------

SYMPTOMS

Microsoft Narrator is a synthesized text-to-speech utility for users who 
have low vision. When you are using Narrator, keystrokes that you type are 
read aloud. When you log on to a Terminal Services server in a Terminal 
Services client session, Narrator reads your user name, domain name, and 
password aloud. 

CAUSE

Terminal Services simply sends bitmap images to the client computer. It 
does not send any code describing which fields for which it wants data, so 
Narrator does not know to mask the password keystrokes. 

RESOLUTION

Many people who use Narrator use headphones so as not to disturb others. 
In this case, the password may not be heard by others. To work around the 
problem, you can turn down the volume on your speakers while you type the 
password. 

STATUS

Microsoft has confirmed this to be a problem in the Microsoft products 
that are listed at the beginning of this article. 

MORE INFORMATION

When you log on to a local computer, or in Microsoft Internet Explorer, 
Narrator masks password fields by calling out the word "password" instead 
of the keystrokes. 




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Security industry's hacker-pimping slammed"
Previous message: InfoSec News: "Re: [ISN] Sharp's Zaurus PDA suffers security holes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 17 2002 - 09:56:51 PDT