Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!helios!mcguire
From: mcguire@cs.tamu.edu (Tim McGuire)
Newsgroups: comp.sys.next
Subject: Re: Security Hole?
Message-ID: <10805@helios.TAMU.EDU>
Date: 11 Dec 90 16:55:37 GMT
References: <49464@cornell.UUCP> <25855@uflorida.cis.ufl.EDU>
Sender: usenet@helios.TAMU.EDU
Organization: Computer Science Department, Texas A&M University
Lines: 15

NeXTologist wayner@kama.cs.cornell.edu (Peter Wayner) writes:
> Here is a scenario: A remote user turns on the microphone on the NeXT,
> recording the voice to a file (locally or remotely). Any sound in the
> proximity of the NeXT CRT is recorded. This file containing the
> conversation is then played back on a remote NeXT. Voila, a built-in
> office bug!

This is indeed a security hole under the present system.  NeXT has been
aware of this for some time, and steps are being taken to eliminate the
problem.  Briefly: the use of the speaker and microphone will be limited
to the user logged on to the console.  This will also eliminate my ability
to "haunt" my friends machines by playing sound files :-( (Hello, Eldon!)

Tim McGuire
mcguire@cs.tamu.edu