Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'How to lock the screen when using a screensaver desktop' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
How to lock the screen when using a screensaver desktop
Authored by: DC Watts on Jul 09, '03 12:01:04PM

Although now well publicized, I suppose it bears mentioning that there is an easily exploitable hole in ScreenSaver as documented at http://www.securiteam.com/unixfocus/5JP051PAKI.html wherein an attacker crashes the app by entering an extremely long string into the password field. A fix is reputedly in the works. Not that locking ScreenSaver was ever regarded as "tight" security anyway.



[ Reply to This | # ]
Unable to Crash Screensaver
Authored by: jasonxz on Jul 09, '03 11:50:55PM

According to the site, a password between 1280 and 1380 characters will crash the screensaver. I tried it (under 10.2.6) a few times and it didn't crash. Anyone else get this "bug" to work?



[ Reply to This | # ]
Unable to Crash Screensaver
Authored by: sweetsdream on Jul 10, '03 12:44:29AM

Same here. I just tested it on my iBook and it did nothing but ask me for the password again. Running 10.2.6

---
Cheers,

Sweetsdream



[ Reply to This | # ]
Unable to Crash Screensaver
Authored by: DC Watts on Jul 10, '03 08:47:52AM

A number of commenters on MacSlash running 10.2.6 report duplicating this issue with a larger number of characters. Truth or troll? I do not know. Even if true, this does not alter the way I use ScreenSaver's lock feature. If away from the machine for a short period of time in a friendly location I will activate this feature to discourage prying eyes. Greater threats require greater measures.



[ Reply to This | # ]
Unable to Crash Screensaver
Authored by: vajonez on Jul 10, '03 08:09:07PM

It's true. Here is a repeatable case:

1. Activate password protected screen saver.
2. type "1234567890" into the password field (do not press enter/return).
3. while pressing the control key, type "akyyyyy" (do not press enter/return).
4. repeat step 3 three (or more) times.
5. press either the return or enter key. or click the OK button.

ctrl-a is the emacs key binding for "go to the beginning of the line"
ctrl-k is the emacs key binding for "delete everything from the cursor to the end of the line and put it in a buffer"
ctrl-y is the emacs key binding for paste the contents of the buffer



[ Reply to This | # ]
Unable to Crash Screensaver
Authored by: phti on Jun 03, '04 05:40:17AM

done that, but no crash...



[ Reply to This | # ]