[12141] in bugtraq

home help back first fref pref prev next nref lref last post

Re: One more weakness In "The Matrix" Screensaver For Windows

daemon@ATHENA.MIT.EDU (asouza@HITECH.COM.BR)
Wed Oct 6 14:41:49 1999

Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Message-Id:  <03256801.00677017.00@it01notessrv.hitech.com.br>
Date:         Tue, 5 Oct 1999 15:52:25 -0300
Reply-To: asouza@HITECH.COM.BR
From: asouza@HITECH.COM.BR
X-To:         "Boyce, Nick" <nick.boyce@EDS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit

Hello folks,

Since the subject is the matrix screensaver, letīs talk about it!

Under NT and Windows 9x, if you īCTRL-ALT-DELī and kill the process, even
when it is password protected!

Best wishes,

Aylton





"Boyce, Nick" <nick.boyce@EDS.COM> on 10/04/99 07:26:04 PM

Please respond to "Boyce, Nick" <nick.boyce@EDS.COM>
                                                              
                                                              
                                                              
 To:      BUGTRAQ@SECURITYFOCUS.COM                           
                                                              
 cc:      (bcc: Aylton Souza/HTC)                             
                                                              
                                                              
                                                              
 Subject: Weakness In "The Matrix" Screensaver For Windows    
                                                              





Content-type: text/plain; charset

Summary: "The Matrix" Windows 9.x/NT screensaver password protection
doesn't work.
This is *not* a major problem, especially for those folks who stick
to guidelines and never install any screensavers that weren't supplied
by Microsoft with Windows ;-).   In fact it hardly seems worth bothering
Bugtraq with it, except that so many admins seem to be quite taken
with "Matrix theory" ...
[ I tried informing the owners of this "product" by emailing
webmaster@whatisthematrix.com, but my email was bounced (connection
refused), so they've had their chance - other folks need to know. ]
Copy of what I emailed to the authors of the "Matrix" screensaver available
at http://www.whatisthematrix.com :
Dear Whoever-runs-your-website,
I just downloaded your Matrix screensaver for Windows 95/NT (for which :
thanks) and having now tried it I feel I must bring to your attention a
*serious* security bug in the screensaver :-
Running on Windows 95 OSR2, if I set the "Password protected" screensaver
option, then when the screen saver is running, if I move the mouse or press
a key to wake the screensaver up, a password prompt appears as it should,
but I can then simply press the "Escape" keyboard key and the screensaver
terminates with no password required - aaaaggghh !
Given the popularity of the Matrix film among computer industry people, I
imagine many people are running the screensaver, and therefore are
subjecting themselves to a significant risk of unauthorised access to
their PCs. I decided I should inform you of the bug, to give you a chance
to fix it, before I start publicising the risk in the regular security
forums on
the Internet.
> Nick Boyce
> Systems Team, EDS Healthcare, Bristol, UK
>
home help back first fref pref prev next nref lref last post