RE: screensavers

From: Stewart John H SSSD (StewartJH@SUPSHIP.NAVY.MIL)
Date: 08/21/01

Message-ID: <>
From: Stewart John H SSSD <StewartJH@SUPSHIP.NAVY.MIL>
To: "'Andrew Kavanagh'" <>, Focus-Ms <>, Vladimir Shtern <>
Subject: RE: screensavers
Date: Mon, 20 Aug 2001 15:44:59 -0700

There was a report out within the past 6 months that noted a couple of the
shareware screen savers did not implement the display timeout and lock
feature correctly. In other words, if the screen saver was running, it was
a simple keystroke that brought back the original screen. The screensaver
did advertise password locking but it didn't appear to work.

Many of the screensavers do have a "phone home" feature that would provide a
backdoor into your network.

John Stewart
Information Systems Security Manager
NAVSEA San Diego
Phone: (619) 556-2774
Pager: (877) 572-4322
PIN: 3033244

-----Original Message-----
From: Andrew Kavanagh []
Sent: Monday, August 20, 2001 12:13 PM
To: Focus-Ms; Vladimir Shtern
Subject: RE: screensavers

-----Original Message-----
From: Vladimir Shtern []
Sent: Monday, August 20, 2001 3:06 PM
To: Andrew Kavanagh
Subject: RE: screensavers

At 10:21 AM 8/20/01, you wrote:
>I also have a few users who use Webshots as a screensaver. This
>can be used as a trojan? How so? I'm interested in finding out more about
>this issue as well.
>Andrew Kavanagh
>IT Manager
>Spray-Quip Ltd.
the point is not a specific "webshots", but screensavers in large, cause of
their ability
to run/execute a code

Ok... I was thinking you were talking specifically about WebShots and
vunerable code within that particular program. Doesn't hurt to make sure :)