D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Xorg 1.11 screen locking vulnerability

 

On 23/01/12 11:15, Gordon Henderson wrote:
On Mon, 23 Jan 2012, Brad Rogers wrote:

On Mon, 23 Jan 2012 00:11:08 +0000
bad apple <ifindthatinteresting@xxxxxxxxx> wrote:

Hello bad,

In a nutshell, any locked screen (xscreensaver, etc) can be bypassed
with crtl+alt+*

What's the problem?  If somebody can do that (i.e. they've got physical
access to your machine) you've got much bigger issues to deal with.

The issue isn't really one for most of us here, it's more for the SME/corporate environment who've made the choice to move to using Linux, etc. on the desktop.

So for example:

People then get used to their screen auto-locking via a screen saver after (say) 5 minutes, then needing a password to unlock...

But one day, someone walks by the finance mangers PC, sees it locked, thinks "ah-ha" ... They're not going to reboot it with a recovery CD if all they want is a quick look, but if they then unlock it via the debugging backdoor they then have easy full access to the companies finance details...

Gordon

Doesnt seem to work on any of my setups...
Tom te tom te tom

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq