Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Not a security issue, but I found a bug' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Not a security issue, but I found a bug
Authored by: babbage on Jun 06, '04 08:19:09PM
There's a far, far easier way to do this.
  1. Pick a neighbor with a currently locked screen saver on a computer on which you have admin access
  2. ssh into that person's computer.
  3. Execute this command:
    sudo kill -9 \
    `ps ax \
    | grep -i 'scree[n]saver' \
    | awk '{print $1}' \
    | fmt`
    (You could also use killall -9, but I forget what the screensaver process is called and this variant should be more flexible.)
  4. Walk over to your neighbor's computer; the screensaver & the screensaver password should be gone now.

Granted, this is more complex in that it requires having a second computer to log into the target machine (though it doesn't have to be a Mac ) and it depends on the target machine having ssh access (though that's probably not an unreasonable assumption). But otherwise, this seems like a more straightforward variant of the same attack.

Note also that this attack probably works on Linux & other *nix systems as well -- anywhere multiuser system where the locked screensaver is likely to show up as an identifiable running process and admin level users can manipulate those currently running processes.

It's debatable whether or not it counts as a vulnerability though so much as an example of one of the innumerable unpleasant things that can be done with full administrative access to someone's computer, and an object lesson in why it's a good idea to give out admin access carefully.

---
--
DO NOT LEAVE IT IS NOT REAL

[ Reply to This | # ]