From SekrtyXprt@aol.com  Sun Aug 25 14:09:28 1996
Received: from emout07.mail.aol.com (emout07.mx.aol.com [198.81.11.22]) by suburbia.net (8.7.4/Proff-950810) with SMTP id OAA00563 for <best-of-security@suburbia.net>; Sun, 25 Aug 1996 14:09:20 +1000
From: SekrtyXprt@aol.com
Received: by emout07.mail.aol.com (8.6.12/8.6.12) id AAA19243 for best-of-security@suburbia.net; Sun, 25 Aug 1996 00:08:44 -0400
Date: Sun, 25 Aug 1996 00:08:44 -0400
Message-ID: <960825000843_393312675@emout07.mail.aol.com>
To: best-of-security@suburbia.net
Subject: Gaping Security Hole

Problem:

It has come to my attention that there is a security hole in Windows 95 that
allows any user to bust out of a passworded screen saver.

Impact:

Malicious hackers will be able to penetrate the security of computers at
major retailers such as walmart, sears and even best buy and modify/detroy
files. 

Exploit:

1.  Press and hold the control-alt-delete keys and then release.
2.  Drag the mouse over to the name of the screen saver and click ONCE.
3.  Click on the "End Task" button. (Or you can simple use Alt-E, again,
     press and hold "Alt" and "E" and then release.)

Workaround:

There is no workaround at this time that I am aware of other than finding a
more secure screen saver or figuring out a way to disable control-alt-delete.
 
I plan to send a copy of this to Microsoft on Monday morning so they can fix 
it in future versions.  

Salem Chaudez        | "640k ought to be enough for anybody."
SekrtyXprt@aol.com |                                     -- Bill Gates