Security hole in X.2 and pasword protection using screen saver

[Richard McKay]

Haven't seen this posted here yet so thought I would warn any other paranoid
types with iBooks...

Screensaver in OS X.2 using password protection is not safe...

There is a situation where anyone using a password of 1,200 characters or
more can bypass your password protection and have full access to your
desktop thereafter...

It seems to only affect some users but I could make it happen on mine by
doing the following...

set up screen saver to use password protection (Duh!)

once it is running and you move the pointer, etc.. the password box comes
up..

type any 10 characters in the bottom box

type Cnrl key and 'a' character and then Cntrl key and 'k' character
immediately after each other...this places the cursor at the front of the
line and copies the ten characters and deletes the string.

Type Cntrl and 'y' to paste in the ten characters and do this 10 times (to
make 100 character string)

type Cnrl key and 'a' character and then Cntrl key and 'k' character
immediately after each other...this places the cursor at the front of the
line and copies the characters and deletes the string.

Type Cntrl and y to paste in the 100 characters and do this at least 15
times (to make 1500 character string)

press return or click okay...

if it doesn't work the first time try it again and it will...at least on
mine (iBook 700 Combo with 10.2.6)

crazy but it works and will allow not only you to get around anyone with
password protected screen saver but others on your machine...

Knowledge is power

Hope they fix this soon!

Richard
--