[1294] in WWW Security List Archive
RE: Re[2]: SECURITY ALERT: Password protection bug in Netscape 2
daemon@ATHENA.MIT.EDU (Sudduth, Larry)
Thu Dec 21 00:47:51 1995
From: "Sudduth, Larry" <SudduthLM@SecureC2.com>
To: "'Michael Brennen'" <mbrennen@fni.com>, Paul Leach <paulle@microsoft.com>
Cc: "www-security@ns2.rutgers.edu" <www-security@ns2.rutgers.edu>
Date: Wed, 20 Dec 1995 22:11:51 -0500
Errors-To: owner-www-security@ns2.rutgers.edu
The only MS product with any appreciable level of security is Windows NT,
and, to some extent, their vertical applications hosted thereon. Win 95
"security" would be laughable, except that many users believe that security
services are being provided. These users, many of whom have legitimate
security concerns which they believe are being addressed by their
utilization of Win 95 configuration options, do not know the straw house
that they live within.
MS has done an admirable architectural job on NT. Securing it, and most
importantly securing the NT-hosted productivity apps upon which business
operations are based, is still a challenge.
----------
From: Michael Brennen[SMTP:mbrennen@fni.com]
Sent: Wednesday, December 20, 1995 10:10 AM
To: Paul Leach
Cc: www-security@ns2.rutgers.edu
Subject: RE: Re[2]: SECURITY ALERT: Password protection bug in Netscape 2
On Tue, 19 Dec 1995, Paul Leach wrote:
> to other users. In addition, Windows can be configured to require a
> password to unlock the machine if it is ever left idle for more than a
> few minutes, thus protecting the user even while logged in.
Which Windows? 3.1[1]* had a password protected screensaver -- and all it
took to get around it was Ctrl/Alt/Del, Reset or Off/On.
Does Win95 have a startup level password (and I don't know because I don't
run Win95) to prevent access at all unless a valid password is entered?
Michael
---------------------------------------------------------------------
Michael Brennen, President / / mbrennen@fni.com
FishNet, Inc. / Internet / http://www.fni.com/
P.O. Box 940451 / Services / (214) 783-2553 (vox/fax)
Plano, TX 75094-0451 / / finger me for PGP public key
begin 600 WINMAIL.DAT
M>)\^(@P#`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$%@ ,`
M#@```,L'# `4`!8`"P`S``,`20$!"8 !`"$````W,3-",#$V1C(T,T%#1C$Q
M.#E&0C P-C X0S8X13<W10`?!P$@@ ,`#@```,L'# `4`!8`# `+``,`(@$!
M"( '`!@```!)4$TN36EC<F]S;V9T($UA:6PN3F]T90`Q" $$@ $`00```%)%
M.B!295LR73H@4T5#55))5%D@04Q%4E0Z(%!A<W-W;W)D('!R;W1E8W1I;VX@
M8G5G(&EN($YE='-C87!E(#(`"A4!#8 $``(````"``(``0.0!@"X!P``$@``
M``L`(P``````"P`I```````#`"8```````,`-@``````'@!P``$````]````
M4F5;,ETZ(%-%0U522519($%,15)4.B!087-S=V]R9"!P<F]T96-T:6]N(&)U
M9R!I;B!.971S8V%P92 R``````(!<0`!````&P````&ZSU$('V\!.VLZ)!'/
MB?L`8(QHYWX``$$=X0`#``80/(@N^0,`!Q!E!0``'@`($ $```!E````5$A%
M3TY,64U34%)/1%5#5%=)5$A!3EE!4%!214-)04),14Q%5D5,3T9314-54DE4
M64E35TE.1$]74TY4+$%.1"Q43U-/345%6%1%3E0L5$A%25)615)424-!3$%0
M4$Q)0T%420`````#`! 0``````,`$1 ``````@$)$ $```#L!0``Z 4``$,*
M``!,6D9UGU5,*_\`"@$/`A4"J 7K`H,`4 +R"0(`8V@*P'-E=#(W!@`&PP*#
M,@/%`@!P<D)Q$>)S=&5M`H,SMQ+,!Q,"@S0#QA5(-1$%V1-1,2 (50*#-@+D
M%44N?0J ",\)V3L:7S(U'C4"@ J!#;$+8&YG,5PP,Q10"PH44C(2L&-!`$ @
M5&AE( (@;,YY!=(34 1P=6,%0 /PF'1H( !P'[!A<!-0GP60!S "8!]@(:!V
M90,@J&]F(!&P8PAQ=!^PB00`(%<+@&1O=P>AE%0L(,%D(\!T;R)0\P-P'V!E
M>!/0`C D$1]0SFD%P"'P`"!I8P= (0*>;"71)< "( 0@:&\3P4YD)2(:8 (@
M+B C$B#0.34@(B)F(B!P"&"*;"= 8B&Q875G$8#G(9$CP"2P8V4%,2"@)H#V
M( .!'[!U$; 1H"EQ)E#O(>$JQ")G*X%V)= 'D0K =Q]@*8 +@&<?\BU@#;!D
M?R?1'T$1L"MD(\ K(R(Q=[4F\&TFX&$L(2&@9R"0WP=P)H ?8")G!:!N*H $
MH/\$(#!@)= @L"4Q'[ KUBW(N&%D9!I@!! G,6(?L.TE-'4EP"90>B:#(B(H
M!?$R069I9PAP-C4%,":BHR/ (U @;F\%0&LXT/<'X"4Q(E!T-Z 'X";P*W&_
M*L0S,R90+"$@@@N +@J%WPJ%!>$1@ 0@(U!N,^$#H/TTH&TE8"&#"L 1<""0
M!9#&=#>1`R!J;V(?<2.1_R?1!F B@BXQ() CPRL0)P'9(N!M<!H!`'!T'Z$B
M9/<N,3EB(Z M)O4@!3L0(K*[(1$$('5!4 .@,M1B*W#_"X TX3@!!) FA2W#
M/. )@/\CP"+Q$\ #$"8!,C 1@$> .0GP9V4[O0KT)E Q.((P`M%I+3$T- WP
M=PS02E,+63$8H" !/H(@OBU,=PJ'2RL,,$OV1@-AOCI-?DOV#((%T#+Q82(!
M"D(:8&X],&Y;4TU85% Z!M!1Q$ "\2[Y!:!M74T?3BT&8 (P3U^-4&M7"8!%
M<61A>2/ ?D0%D!/@*8 %P '0(\ QMCDH01V .AV %3!-4Y_93BU4;U7?4&M0
M*< #(#1,90#0:%H/3BU#8ZM<+U!K=V*@+2)F0 " N#(N<C702$ 1H"X)@,9U
M7J]4KG5B:CZ18,\)4&M216;04F5;,@)=9M!314-54DF$5%D5,$Q%4E1FT/]>
M``00*2 +(!_R/H(V4D4POT!!/V$1P 3P(1 ?8#)(?WE)@S,V2O<5X@P!2_9/
M_0.@5 I061)84EDC(\!>".L@<$P".CO,/B0B.. G<>LK9"?023UR9#$Q`B C
MP/\C)B7@:X$?8#<V)S(D0!I@_'%U)6 SX7*'"K!JA20QXG4?D&]C:SE3`,$[
M@?\?8 :00%$BXB'A!< AH & _2+@9"&A`A %P 1@+=$JT=L]<7*'9@?1/;!N
M-= 'D/\E$BMP:N="52MR>D)$LR&BW&]G2$ G0#N?5S+C(R4"/R?@,RXQ6S%=
M_BHPH2= 1[!WUTOU)S$$\?T)X7,PP07 3'! DT?Q0%'["H4D,&]XX21 2$ %
M0 K 5PA@0+%Y\7<\X4,YL&R@+T%L="]88&PCP*]H\!&Q'W %P$\-T"]OL/D[
MO41O!Y$C(2A!,+-'L+<3P K /K!P(<5WURA HOI)/0(G./4I@"7@.B*-I>\*
MA6.P`Z"+$RDD(B$Q?S']AP%C+8$MH8<!1X%XD9%C?R6 !T NH'?(>B(",">!
M9/^"(#O-440*A4QXEJ^7OYC/?TR=43UPX331+J&1`2?@+U^<<9RVG*I2C@J%
M1@0`:/=L$2/ =!!C)]&@:YR@=! OD^$],)QAG*AH`D!P.G0O+V*A+E,5G* *
MA5#$+D\GT$)O>"@P2G!\-#47P)R\!F$M9)RD*(8R2E"08#<X,RT<D0HSC4!V
MI, O9F%XMBFC]AU!;R/ 'S!8)^#H-S4PI/ MI1:<K3=@QT@Q>V%[)%!'4!_P
M9G#_)E$Y`#-0;+]MSAZ52_8*A049@0"Q($ `.0! /*(24L^Z`0(!1P`!````
M,@```&,]55,[83T@.W ]4V5C=7)E0S([;#U0<FEV871E($U$0BTY-3$R,C$P
M,S$Q-3):+38```! ``<P</'.F5'/N@% ``@P0+J^'E+/N@$>`#T``0````4`
H``!213H@``````(!%#0!````$ ```%24H< I?Q ;I8<(`"LJ)1=I?@``
`
end
