Re: Mac OS 9 Idle Lock Bug

From: devbugsat_private
Date: Wed Oct 27 1999 - 07:40:44 PDT

Next message: Inc, MSG.Net: "Re: Remote DoS in Axent's Raptor 6.0"

Previous message: Dan Schrader: "Re: Hotmail security vulnerability (viruses)"
Maybe in reply to: Sean Sosik-Hamor: "Mac OS 9 Idle Lock Bug"
Next in thread: gabriel rosenkoetter: "Re: Mac OS 9 Idle Lock Bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Please include the line below in follow-up emails for this request.

Follow-up: 1094807

Hi Sean,

Thank you for bringing this issue to our attention. It has been filed into our bug database as ID #2404562. It will be assigned to the appropriate engineers.

In the future if you would like to check on any possible status on your issue, please send an email to devbugsat_private referring to the Bug ID #.

To ensure that the appropriate data is collected, please use the Bug Reporter when sending us your bug reports. The Bug Reporter can be found at:

<http://developer.apple.com/bugreporter>

Regards,

Sean MacMillan
Worldwide Developer Relations
Apple Computer, Inc

Send follow ups to devbugsat_private
Send any comments on my work to devfeedbackat_private

REQUEST ------------------------------------------------------------------------

I know the chatter on Bugtraq is usually reserved for UNIX and NT
issues, however I found a bug in the Mac OS 9 idle locking function
that's built-in to the operating system. It's possible to set up the
Finder so that, if the current user goes idle, the screen will be
locked. A simple dialog box is displayed stating that the system has
been idle for too long and a password must be entered.

You have two options. Click OK and enter the password to return to
your session or click OK and click Log Out. It's possible to seize
control of Mac OS under certain conditions by clicking Log Out.

Some applications have the "feature" of asking you if you're sure that
you want to quit. For example, if connected to a UNIX host using
NiftyTelnetSSH, it will ask you if you're sure you want to disconnect
when the application quits. Other applications with unsaved data will
ask if you want to save changes. Most of these dialog boxes have OK
and Cancel or Yes, No and Cancel for options. Hitting Cancel at any
of these "are you use" dialog boxes will stop the logout process and
return you to the current session.

Now, being pria UNIX user that also uses Mac OS for graphics
and Web page design, I realize that relying on Mac OS for physical
security is about as silly as relying on the Windows 95 password
"protected" screensaver for security. I just figured that I'd point
out this small issue because the Mac OS 9 ads seem to be pushing the
added security benefits of upgrading to Mac OS 9 and its voiceprint
password protection.

/Sean/

DB REFERENCE -------------------------------------------------------------------

TIME IN: 26-Oct-1999 07:43 PDT
TIME OUT: 27-Oct-1999 07:21 PDT

SECURITY: NON-DISCLOSURE USE ON

Next message: Inc, MSG.Net: "Re: Remote DoS in Axent's Raptor 6.0"
Previous message: Dan Schrader: "Re: Hotmail security vulnerability (viruses)"
Maybe in reply to: Sean Sosik-Hamor: "Mac OS 9 Idle Lock Bug"
Next in thread: gabriel rosenkoetter: "Re: Mac OS 9 Idle Lock Bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:08:56 PDT