Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: Weakness In "The Matrix" Screensaver For Windows
From: ggwalker () MINDSPRING COM (Glenn Walker)
Date: Tue, 5 Oct 1999 17:15:30 -0400

Please note that the version that does not work is the one created with
MacroMedia software.  There is another version available that is not
affected by this.

Glenn

-----Original Message-----
From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of Boyce,
Nick
Sent: Monday, October 04, 1999 11:26
To: BUGTRAQ () SECURITYFOCUS COM
Subject: Weakness In "The Matrix" Screensaver For Windows

Summary: "The Matrix" Windows 9.x/NT screensaver password protection
doesn't work.

This is *not* a major problem, especially for those folks who stick
to guidelines and never install any screensavers that weren't supplied
by Microsoft with Windows ;-).   In fact it hardly seems worth bothering
Bugtraq with it, except that so many admins seem to be quite taken
with "Matrix theory" ...

[ I tried informing the owners of this "product" by emailing
webmaster () whatisthematrix com, but my email was bounced (connection
refused), so they've had their chance - other folks need to know. ]

Copy of what I emailed to the authors of the "Matrix" screensaver available
at http://www.whatisthematrix.com :

======================< cut >=======================

Dear Whoever-runs-your-website,

I just downloaded your Matrix screensaver for Windows 95/NT (for which :
thanks) and having now tried it I feel I must bring to your attention a
*serious* security bug in the screensaver :-

Running on Windows 95 OSR2, if I set the "Password protected" screensaver
option, then when the screen saver is running, if I move the mouse or press
a key to wake the screensaver up, a password prompt appears as it should,
but I can then simply press the "Escape" keyboard key and the screensaver
terminates with no password required - aaaaggghh !

Given the popularity of the Matrix film among computer industry people, I
imagine many people are running the screensaver, and therefore are
subjecting themselves to a significant risk of unauthorised access to
their PCs. I decided I should inform you of the bug, to give you a chance
to fix it, before I start publicising the risk in the regular security
forums on
the Internet.

======================< cut >=======================


Nick Boyce
Systems Team, EDS Healthcare, Bristol, UK

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]