on 27/2/03 11:45 AM, Laurent Daudelin at [EMAIL PROTECTED] wrote: >>> once again, Sleep is a convenience feature. convenience is just another >>> name for laziness, and thus is another impediment to good security. one >>> could probably write an applescript or simple haxie and add it to >>> whatever kext governs sleep -- but I'm not familiar with OS X system >>> level programming. >> >> As you said further on in your message, security is not absolute, it's about >> making things difficult. >> >> Does *anyone* know how to get the screensaver to activate on sleep, *or* if >> it is possible to get some app or something that will do this?
PS I just found a post to (one) "security" flaw related to the screensaver. 1.31.2003 News Mac OS X Screen Effects' password protection contains a security flaw which allows for a user with physical access to the keyboard to be able to quit or launch programs while being prompted to enter the password. When full Keyboard access is turned on (toggled on/off by pressing shift+f1) the doc can be accessed 'blindly' although you can not see it, the doc is still functioning. <http://www.securemac.com/index.php> At worst you could randomly close and open applications (which I managed to do... switch that is). Although, if this exploit exists, I suspect others could be devised to piggy back off the dock and use that as a real attack. Now that I think about it, I should probably post a request in Apple's feedback area for a "password on wake" (or, activate screensaver on sleep) option in a PowerBook's (or, for that matter, a desktop) energy saving control panel. Sleep may be a laziness feature, but it's one that's vital to every laptop user -- the beauty of a laptop is that it's portable, but that also makes it vulnerable. Anything which makes quick access difficult is a good thing, and the password on wake would really add to the difficulty of cracking a system. PS I've heard of being able to do an admin password reset using the OS X boot disk -- is there any way to disable this? Seems like a very dumb feature for Apple to give easy access to (of course, how do you trade off the requirement for simplicity for the bulk (60%+) of users who are virtually computer illiterate vs. those of us who've grown up with Macs and know every last nook, cranny and trick to bypass security (booting into OS 9 is such a security hole but I guess the only way to easily prevent against that is to remove a CD-ROM from a machine *and/or* password protect firmware (if that's an option)). Hmmm. How long before Apple (or someone) does driver-level password encryption? With the new XServ machines and their heavy-duty CPUs (or perhaps a little add-on card/secure IDE card) *true* security (from a local-access POV) is only just around the corner. Or, do IDE/SCSI cards already exist that require password activation before they decrypt (on the fly) contents of an encrypted HD? This would get around the problem of physically taking an HD from one machine and plopping it in another and scavenging the HD for information (I've never had to do that since the one time I forgot my password (this was when I was first playing around with OS X 10.0.1 (maybe .0.2?)) I could simply boot into OS 9, recover important files from the home directory and wipe/reinstall). Anyway, i *really* should be doing other work (1500 words to write by tomorrow). L8r, Eric. -- G-Books is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- Check our web site for refurbished PowerBooks | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-Books list info: <http://lowendmac.com/lists/g-books.html> --> AOL users, remove "mailto:"; Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-books%40mail.maclaunch.com/> --------------------------------------------------------------- >The Think Different Store http://www.ThinkDifferentStore.com ---------------------------------------------------------------
