jerry_mac@bmc.uu.se (10/30/89)
Notice to Empower Users. Empower, a $395 Macintosh security program from Magna in San Jose, California is proving to be a placebo* system that really doesnUt provide any security at all. A fundamental bug in the user interface allows any user without special programs or knowledge to get around all of Empowers complex password and encryption schemes. To bypass Empowers log on password system, simply click on the location of the "GUEST" button before the Mac has drawn the complete Empower dialog box. The easiest way to do this is to simply place your finger over the disabled guest button and restart the Mac. By clicking on the location marked by your finger, you will be registered as a guest even through the "do not allow guests" option is engaged. After the hacker has logged on the system it is possible to use the same technique acces the CDEV settings under the protect button. This feature is normally reserved for Security Administrators only but by using your finger and a quick click you can out smart the Empower software and "release" or unprotect the entire volume! Empower provides no security at all. News of this bug will travel fast so any sensitive data should be removed from Empower systems or protected by more conventional physical methods. Unless you keep your system under lock and key it is vulnerable to data theft. *Placebo is a word used by doctors for medicine that has no real medical use but makes the patient feel SbetterS by giving them a false sense of security.