Re: One more weakness In "The Matrix" Screensaver For Windows

From: asouzaat_private
Date: Tue Oct 05 1999 - 11:52:25 PDT

Next message: KSR[T] Contact Account: "KSR[T] Advisories #012: Hybrid Network's Cable Modems"

Previous message: Scott, Richard: "Re: ActiveX Buffer Overruns and BSTR's"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello folks,

Since the subject is the matrix screensaver, let´s talk about it!

Under NT and Windows 9x, if you ´CTRL-ALT-DEL´ and kill the process, even
when it is password protected!

Best wishes,

Aylton





"Boyce, Nick" <nick.boyceat_private> on 10/04/99 07:26:04 PM

Please respond to "Boyce, Nick" <nick.boyceat_private>
                                                              
                                                              
                                                              
 To:      BUGTRAQat_private                           
                                                              
 cc:      (bcc: Aylton Souza/HTC)                             
                                                              
                                                              
                                                              
 Subject: Weakness In "The Matrix" Screensaver For Windows    
                                                              





Content-type: text/plain; charsetÿ-ascii


Summary: "The Matrix" Windows 9.x/NT screensaver password protection
doesn't work.
This is *not* a major problem, especially for those folks who stick
to guidelines and never install any screensavers that weren't supplied
by Microsoft with Windows ;-).   In fact it hardly seems worth bothering
Bugtraq with it, except that so many admins seem to be quite taken
with "Matrix theory" ...
[ I tried informing the owners of this "product" by emailing
webmasterat_private, but my email was bounced (connection
refused), so they've had their chance - other folks need to know. ]
Copy of what I emailed to the authors of the "Matrix" screensaver available
at http://www.whatisthematrix.com :
ÿÿÿÿÿÿÿÿcut >ÿÿÿÿÿÿÿÿ
Dear Whoever-runs-your-website,
I just downloaded your Matrix screensaver for Windows 95/NT (for which :
thanks) and having now tried it I feel I must bring to your attention a
*serious* security bug in the screensaver :-
Running on Windows 95 OSR2, if I set the "Password protected" screensaver
option, then when the screen saver is running, if I move the mouse or press
a key to wake the screensaver up, a password prompt appears as it should,
but I can then simply press the "Escape" keyboard key and the screensaver
terminates with no password required - aaaaggghh !
Given the popularity of the Matrix film among computer industry people, I
imagine many people are running the screensaver, and therefore are
subjecting themselves to a significant risk of unauthorised access to
their PCs. I decided I should inform you of the bug, to give you a chance
to fix it, before I start publicising the risk in the regular security
forums on
the Internet.
ÿÿÿÿÿÿÿÿcut >ÿÿÿÿÿÿÿÿ
> Nick Boyce
> Systems Team, EDS Healthcare, Bristol, UK
>

Next message: KSR[T] Contact Account: "KSR[T] Advisories #012: Hybrid Network's Cable Modems"
Previous message: Scott, Richard: "Re: ActiveX Buffer Overruns and BSTR's"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:06:50 PDT