From mac@mcinnis.demon.co.uk Mon Aug 26 20:53:53 1996 Received: from mail-1.mail.demon.net (mail-1.mail.demon.net [158.152.1.211]) by suburbia.net (8.7.4/Proff-950810) with SMTP id UAA22001 for ; Mon, 26 Aug 1996 20:53:23 +1000 Received: from post.demon.co.uk ([158.152.1.72]) by mail-1.mail.demon.net id ac05278; 26 Aug 96 11:37 BST Received: from mcinnis.demon.co.uk ([194.222.54.158]) by relay-3.mail.demon.net id aa23345; 25 Aug 96 20:46 +0100 Message-ID: Date: Sun, 25 Aug 1996 20:35:46 +0100 To: fulltilt@nildram.co.uk Cc: Alan Miller , best-of-security@suburbia.net, SekrtyXprt@aol.com From: Harry McInnis Subject: Re: [Fwd: BoS: Gaping Security Hole] In-Reply-To: <32206F32.2F3B@nildram.co.uk> MIME-Version: 1.0 X-Mailer: Turnpike Version 1.12 Guys, this sure does help the problem now, doesn't it? Lets tell all the computer weenies about it! WalMart will cringe whenever a Noxzima faced surfer walks into the computer section!! Mac In message <32206F32.2F3B@nildram.co.uk>, fulltilt@nildram.co.uk writes >Problem: > >It has come to my attention that there is a security hole in Windows 95 that >allows any user to bust out of a passworded screen saver. > >Impact: > >Malicious hackers will be able to penetrate the security of computers at >major retailers such as walmart, sears and even best buy and modify/detroy >files. > >Exploit: > >1. Press and hold the control-alt-delete keys and then release. >2. Drag the mouse over to the name of the screen saver and click ONCE. >3. Click on the "End Task" button. (Or you can simple use Alt-E, again, > press and hold "Alt" and "E" and then release.) > >Workaround: > >There is no workaround at this time that I am aware of other than finding a >more secure screen saver or figuring out a way to disable control-alt-delete. > >I plan to send a copy of this to Microsoft on Monday morning so they can fix >it in future versions. > >Salem Chaudez | "640k ought to be enough for anybody." >SekrtyXprt@aol.com | -- Bill Gates > > > > > -- Harry McInnis