[Promotion-technology] Critical security flaw in JAWS
Zuhair Mahd
zuhairmahd at gmail.com
Mon Oct 19 22:20:59 UTC 2009
Hi,
I think that what he means is that, he, as a user, has managed to gain
administrator access to the system without logging on, hence using JAWS's
credentials to gain privileged access. The implication being that anyone
can circumvent the security of Windows Vista by connecting through the JFW
running process. I haven't followed his steps, so I don't know if you have
to enter a password when you enter the command prompt as he described, but
if you don't, then he's right, it is a cause for concern.
Thanks.
-----Original Message-----
From: promotion-technology-bounces at nfbnet.org
[mailto:promotion-technology-bounces at nfbnet.org] On Behalf Of Steve Jacobson
Sent: Monday, October 19, 2009 9:14 AM
To: Committee on the Promotion, Evaluation and Advancement of Technology
Subject: Re: [Promotion-technology] Critical security flaw in JAWS
Dave and others,
In his note he says "I have tested this on 32-bit Windows Vista
with JAWS 10.0.1154 and 32-bit Windows 7 with JAWS 11.0.611 Beta." I would
raise a caution, though, that I do not think it is clear from his
instructions how
someone else would get control of his machine. I think we need more before
we know what the implications are.
On Mon, 19 Oct 2009 11:27:27 -0400, David Dunphy wrote:
>Just for clarification, does this flaw exist in jaws 11 too or just 10?
>>From David
>__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4522 (20091019) __________
>The message was checked by ESET NOD32 Antivirus.
>http://www.eset.com
>_______________________________________________
>Promotion-technology mailing list
>Promotion-technology at nfbnet.org
>http://www.nfbnet.org/mailman/listinfo/promotion-technology_nfbnet.org
>To unsubscribe, change your list options or get your account info for
Promotion-technology:
>http://www.nfbnet.org/mailman/options/promotion-technology_nfbnet.org/steve
.jacobson%40visi.com
_______________________________________________
Promotion-technology mailing list
Promotion-technology at nfbnet.org
http://www.nfbnet.org/mailman/listinfo/promotion-technology_nfbnet.org
To unsubscribe, change your list options or get your account info for
Promotion-technology:
http://www.nfbnet.org/mailman/options/promotion-technology_nfbnet.org/zuhair
mahd%40gmail.com
More information about the Promotion-Technology
mailing list