[20286] in bugtraq
Re: ActiveSync can access a locked workstation w/o unlo cking
daemon@ATHENA.MIT.EDU (Snow, Corey)
Wed Apr 18 03:44:54 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-ID: <42A757141422D411B6A000104B8D6F4002B53457@skunk.ddpwa.com>
Date: Tue, 17 Apr 2001 08:53:55 -0700
Reply-To: "Snow, Corey" <CSNOW@DDPWA.COM>
From: "Snow, Corey" <CSNOW@DDPWA.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
This seems to me (personally) to be less of a vulnerability than a use
issue. For example, folders shared on the system are available to the
network regardless of whether the system console is locked or not. Other
activity that the system may be performing will continue as well.
Locking the workstation is not the same as logging it off. Since the hotsync
manager is a desktop application and the desktop is still "active" while the
workstation is locked, I don't think this is a security flaw. Locking the
workstation is what you should do when you go to use the restroom, not when
you leave for the day.
Corey M. Snow- csnow@ddpwa.com
Senior Web Developer, Washington Dental Service
(206) 528-7361, Mobile (360) 481-2563
FAX: (206) 985-4939
Web: http://www.deltadentalwa.com
Opinions expressed are mine, not my employer's.
