Hello folks, Since the subject is the matrix screensaver, let´s talk about it! Under NT and Windows 9x, if you ´CTRL-ALT-DEL´ and kill the process, even when it is password protected! Best wishes, Aylton "Boyce, Nick" <nick.boyceat_private> on 10/04/99 07:26:04 PM Please respond to "Boyce, Nick" <nick.boyceat_private> To: BUGTRAQat_private cc: (bcc: Aylton Souza/HTC) Subject: Weakness In "The Matrix" Screensaver For Windows Content-type: text/plain; charset˙-ascii Summary: "The Matrix" Windows 9.x/NT screensaver password protection doesn't work. This is *not* a major problem, especially for those folks who stick to guidelines and never install any screensavers that weren't supplied by Microsoft with Windows ;-). In fact it hardly seems worth bothering Bugtraq with it, except that so many admins seem to be quite taken with "Matrix theory" ... [ I tried informing the owners of this "product" by emailing webmasterat_private, but my email was bounced (connection refused), so they've had their chance - other folks need to know. ] Copy of what I emailed to the authors of the "Matrix" screensaver available at http://www.whatisthematrix.com : ˙˙˙˙˙˙˙˙cut >˙˙˙˙˙˙˙˙ Dear Whoever-runs-your-website, I just downloaded your Matrix screensaver for Windows 95/NT (for which : thanks) and having now tried it I feel I must bring to your attention a *serious* security bug in the screensaver :- Running on Windows 95 OSR2, if I set the "Password protected" screensaver option, then when the screen saver is running, if I move the mouse or press a key to wake the screensaver up, a password prompt appears as it should, but I can then simply press the "Escape" keyboard key and the screensaver terminates with no password required - aaaaggghh ! Given the popularity of the Matrix film among computer industry people, I imagine many people are running the screensaver, and therefore are subjecting themselves to a significant risk of unauthorised access to their PCs. I decided I should inform you of the bug, to give you a chance to fix it, before I start publicising the risk in the regular security forums on the Internet. ˙˙˙˙˙˙˙˙cut >˙˙˙˙˙˙˙˙ > Nick Boyce > Systems Team, EDS Healthcare, Bristol, UK >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:06:50 PDT