[ISN] Narrator Reads Password Aloud in Terminal Services Client

From: InfoSec News (isnat_private)
Date: Wed Jul 17 2002 - 06:57:11 PDT

  • Next message: InfoSec News: "[ISN] Security industry's hacker-pimping slammed"

    Forwarded from: Christian Wright <cwat_private>
    
    I was researching something else when I came across this great little 
    Microsoft Q article:
    
    Two things:
    
    1.  I like their definition of "resolution".  That's not a resolution 
    - that's a workaround buddy...
    
    2.  Status - "A-yup, that there is a problem alright.  Sure is. 
    Whoo-boy.  Let's get some lunch..."
    
    -=-
    
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;q243243
    
    Narrator Reads Password Aloud in Terminal Services Client (Q243243)
    ------------------------------------------------------------------------
    The information in this article applies to:
    *	Microsoft Windows 2000 , Advanced Server 
    *	Microsoft Windows 2000 , Professional 
    *	Microsoft Windows 2000 , Server 
    ------------------------------------------------------------------------
    
    SYMPTOMS
    
    Microsoft Narrator is a synthesized text-to-speech utility for users who 
    have low vision. When you are using Narrator, keystrokes that you type are 
    read aloud. When you log on to a Terminal Services server in a Terminal 
    Services client session, Narrator reads your user name, domain name, and 
    password aloud. 
    
    CAUSE
    
    Terminal Services simply sends bitmap images to the client computer. It 
    does not send any code describing which fields for which it wants data, so 
    Narrator does not know to mask the password keystrokes. 
    
    RESOLUTION
    
    Many people who use Narrator use headphones so as not to disturb others. 
    In this case, the password may not be heard by others. To work around the 
    problem, you can turn down the volume on your speakers while you type the 
    password. 
    
    STATUS
    
    Microsoft has confirmed this to be a problem in the Microsoft products 
    that are listed at the beginning of this article. 
    
    MORE INFORMATION
    
    When you log on to a local computer, or in Microsoft Internet Explorer, 
    Narrator masks password fields by calling out the word "password" instead 
    of the keystrokes. 
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Jul 17 2002 - 09:56:51 PDT