hi all, below is a link to a user's blog, where-in he describes a critical security flaw he has discovered, for any pc running jaws. unfortunately, he doesn't quite spell out the implications of the issue, so I'd like to do so (assuming he's correct in what happens). His statement is at: http://tspivey.wordpress.com/2009/10/16/critical-security-flaw-in-jaws/ where-in, he essentially says that any pc you've setup with jaws automatically starting at bootup, has essentially no password security at all; anyone can get on such a pc, as an administrator, from the logon screen, without knowing a user id or a password. furthermore, while he's only tested this with version 10, it's my guess that the architecture of this part of jaws has remained unchanged, so that this security hole will exist in all past versions as well. using his steps, you can walk up to anyone's pc or server, reboot it if it's running, and with a few keystrokes be on as the administrator. this is very unfortunate for any IT employee, who is using jaws, and has it installed on servers or pcs which are supposed to be password protected. an employer should really ask the user to change the arrangement so that jaws is only started running after the login. for your average home user, this probably has no practical effect (it's seldom you rely on your password for your home pc to keep others out; you rely usually on your physical security to do that). Chip Check out the TABI resource web page at http://acorange.home.comcast.net/TABI and please make suggestions for new material. if you'd like to unsubscribe you can do so through the freelists.org web interface, or by sending an email to the address tabi-request@xxxxxxxxxxxxx with the word "unsubscribe" in the subject.