[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Physical access exploit: Apple iTunes Visualiser disables screen lock

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Physical access exploit: Apple iTunes Visualiser disables screen lock
From: Adam Q <aqsalter@xxxxxxxxxxxxxx>
Date: Thu, 22 Jul 2004 21:02:27 +0800

The full-screen Apple iTunes Visualiser currently disables the screen lock timer on both Mac & PC.

Synopsis: This a physical access security concern at present since anybody who uses the iTunes Visualiser in full-screen mode is essentially leaving their PC unlocked for that duration. Since many people leave the Visualiser on in office or POS situations this leads to a computer that can easily be accessed as the local user.

Suggested workaround: Never leave a computer running iTunes Visualiser in full-screen mode unattended. Never deploy a computer with iTunes installed in a POS situation, and carefully consider the ramifications on the IT Security Policy in an office environment.

Recommended action: Have the default be to lock the screen after the required time elapsed (exactly as if the screensaver became enabled) and have a preference to disable screen locking if the user wishes. Most users (and IT departments) would assume if they had screen locking enabled for their screensaver that they would be safe.

iTunes is a registered trademark of Apple Computer Corp.
---
Adam Q Salter
aqsalter@xxxxxxxxxxxxxx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] dha script
Next by Date: [Full-Disclosure] [OT] assembly
Previous by thread: [Full-Disclosure] dha script
Next by thread: [Full-Disclosure] [OT] assembly
Index(es):
- Date
- Thread