Re: Weakness In "The Matrix" Screensaver For Windows

From: Glenn Walker (ggwalkerat_private)
Date: Tue Oct 05 1999 - 14:15:30 PDT

Next message: Todd Sabin: "Re: RFP9903: AeDebug vulnerability"

Previous message: Brock Tellier: "SCO UnixWare 7.1 local root exploit"
Maybe in reply to: Boyce, Nick: "Weakness In "The Matrix" Screensaver For Windows"
Next in thread: Charles quik Skoglund: "Re: Weakness In "The Matrix" Screensaver For Windows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Please note that the version that does not work is the one created with
MacroMedia software.  There is another version available that is not
affected by this.

Glenn

-----Original Message-----
From: Bugtraq List [mailto:BUGTRAQat_private]On Behalf Of Boyce,
Nick
Sent: Monday, October 04, 1999 11:26
To: BUGTRAQat_private
Subject: Weakness In "The Matrix" Screensaver For Windows


Summary: "The Matrix" Windows 9.x/NT screensaver password protection
doesn't work.

This is *not* a major problem, especially for those folks who stick
to guidelines and never install any screensavers that weren't supplied
by Microsoft with Windows ;-).   In fact it hardly seems worth bothering
Bugtraq with it, except that so many admins seem to be quite taken
with "Matrix theory" ...

[ I tried informing the owners of this "product" by emailing
webmasterat_private, but my email was bounced (connection
refused), so they've had their chance - other folks need to know. ]

Copy of what I emailed to the authors of the "Matrix" screensaver available
at http://www.whatisthematrix.com :

======================< cut >=======================

Dear Whoever-runs-your-website,

I just downloaded your Matrix screensaver for Windows 95/NT (for which :
thanks) and having now tried it I feel I must bring to your attention a
*serious* security bug in the screensaver :-

Running on Windows 95 OSR2, if I set the "Password protected" screensaver
option, then when the screen saver is running, if I move the mouse or press
a key to wake the screensaver up, a password prompt appears as it should,
but I can then simply press the "Escape" keyboard key and the screensaver
terminates with no password required - aaaaggghh !

Given the popularity of the Matrix film among computer industry people, I
imagine many people are running the screensaver, and therefore are
subjecting themselves to a significant risk of unauthorised access to
their PCs. I decided I should inform you of the bug, to give you a chance
to fix it, before I start publicising the risk in the regular security
forums on
the Internet.

======================< cut >=======================

> Nick Boyce
> Systems Team, EDS Healthcare, Bristol, UK
>

Next message: Todd Sabin: "Re: RFP9903: AeDebug vulnerability"
Previous message: Brock Tellier: "SCO UnixWare 7.1 local root exploit"
Maybe in reply to: Boyce, Nick: "Weakness In "The Matrix" Screensaver For Windows"
Next in thread: Charles quik Skoglund: "Re: Weakness In "The Matrix" Screensaver For Windows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:06:44 PDT