From SekrtyXprt@aol.com Sun Aug 25 22:07:36 1996 Received: from emout10.mail.aol.com (emout10.mx.aol.com [198.81.11.25]) by suburbia.net (8.7.4/Proff-950810) with SMTP id WAA20388 for ; Sun, 25 Aug 1996 22:07:12 +1000 From: SekrtyXprt@aol.com Received: by emout10.mail.aol.com (8.6.12/8.6.12) id IAA07216 for best-of-security@suburbia.net; Sun, 25 Aug 1996 08:05:42 -0400 Date: Sun, 25 Aug 1996 08:05:42 -0400 Message-ID: <960825080540_509384897@emout10.mail.aol.com> To: best-of-security@suburbia.net Subject: Re: Gaping Security Hole In a message dated 96-08-25 03:03:00 EDT, croyston@netcom.com (Chris Royston) writes: >This was a "feature" of the early beta copies of Windows 95. It allowed >a way of killing the screensaver incase of a system lockup. This was >fixed in the original "final" version of Windows 95. I guess the >workaround is to get a non-beta copy of Windows 95. > >Chris > >----------------------------------------------------------------------------- >Chris Royston >croyston@netcom.com > >Go Cowboys!!!!!!!! >----------------------------------------------------------------------------- I'm running final straight out of the box from best buy. (unless they're selling beta software now?) Maybe you should try things before you waste people's times with these types of posts? In newer betas it may have been fixed but the one at all the retail stores hasn't. Salem Chaudez | "640k ought to be enough for anybody." SekrtyXprt@aol.com | -- Bill Gates --------------------- Forwarded message: From: croyston@netcom.com (Chris Royston) To: SekrtyXprt@aol.com CC: best-of-security@suburbia.net Date: 96-08-25 03:03:00 EDT This was a "feature" of the early beta copies of Windows 95. It allowed a way of killing the screensaver incase of a system lockup. This was fixed in the original "final" version of Windows 95. I guess the workaround is to get a non-beta copy of Windows 95. Chris ----------------------------------------------------------------------------- Chris Royston croyston@netcom.com Go Cowboys!!!!!!!! ----------------------------------------------------------------------------- On Sun, 25 Aug 1996 SekrtyXprt@aol.com wrote: > Problem: > > It has come to my attention that there is a security hole in Windows 95 that > allows any user to bust out of a passworded screen saver. > > Impact: > > Malicious hackers will be able to penetrate the security of computers at > major retailers such as walmart, sears and even best buy and modify/detroy > files. > > Exploit: > > 1. Press and hold the control-alt-delete keys and then release. > 2. Drag the mouse over to the name of the screen saver and click ONCE. > 3. Click on the "End Task" button. (Or you can simple use Alt-E, again, > press and hold "Alt" and "E" and then release.) > > Workaround: > > There is no workaround at this time that I am aware of other than finding a > more secure screen saver or figuring out a way to disable control-alt-delete. > > I plan to send a copy of this to Microsoft on Monday morning so they can fix > it in future versions. > > Salem Chaudez | "640k ought to be enough for anybody." > SekrtyXprt@aol.com | -- Bill Gates > > >