RE: Another Mac OS X ScreenSaver Security Issue (after Security Update 2003-07-14)

• Previous message: NetScreen Security Response Team: "NetScreen Security Advisory 57739"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 31 Jul 2003 16:28:46 -0400
To: <bugtraq@securityfocus.com>

That's not really allowing another program to bind the keys. In the case of
the Netware client, Microsoft's GINA is completely replaced by the NWGINA
which handles the authentication at that point. It doesn't simply bypass
MS's GINA unless I'm incredibly misinformed. A malicious user can certainly
write their own GINA, but I don't think that's on the same level as simply
remapping some keys. I also don't believe you can have multiple GINAs in use
at once.

|-----Original Message-----
|From: Brian Eckman [mailto:eckman@umn.edu]
|Sent: Thursday, July 31, 2003 4:08 PM
|To: Gavin Hanover; bugtraq@securityfocus.com
|Subject: Re: Another Mac OS X ScreenSaver Security Issue
|(after Security Update 2003-07-14)
|
|
|Gavin Hanover wrote:
|> I don't quite agree. Windows uses control-alt-delete as a security
|> device. It binds those keys as a hotkey in such a way that no other
|> aplication can replace it.
<snip>
|> Gavin
|
|
|Windows does allow others to bind to those hotkeys. The Novell
|client is
|a good example. The Novell NDS password can be used to unlock
|the screen
|saver, without requiring the Windows password to be entered. Obviously
|other programs could bypass the Windows authentication as well.
|
|Brian
|--
|Brian Eckman
|Security Analyst
|OIT Security and Assurance
|University of Minnesota
|612-626-7737
|
|"There are 10 types of people in this world. Those who
|understand binary and those who don't."
|
|

• Previous message: NetScreen Security Response Team: "NetScreen Security Advisory 57739"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]