Hi, I don't think this is a big problem or at least till now. Most people does not know this or how to do it. Most people was or is not that tetchy. But now that you put it out all over the world how to do it, it now has become a problem. Also if anyone tells their ITS department they will more than likely stop you from using jaws till Freedom Scientific fixes this problem. They are going to say they are not changing their system there is nothing wrong with it. It is your software that has the whole in it. This will also make them start checking Jaws for other wholes. So I would recommend sending this problem to Freedom scientific to be fix. They may be able to do this before the final release of Jaws 11. This in my opinion should have never been blog till it was fixed. While he was at it as well as you for putting it out on the list to give it even more expose just give everyone email address name and what ever else you can find and put it out for the whole world. This is exactly why I don't give more info about my self on email list. Just my thoughts. Oh by the way I am now taking jaws off of auto start up. I have just enough vision in my right eye to tell when the log on screen comes up. But if this had not got out all over the world I would have not had to do this. I for one am not telling my ITS department about it. Because I know what will happen. Just more of my thoughts. Thanks, Blackjack misterblackjack2@xxxxxxxxx -----Original Message----- From: tabi-bounce@xxxxxxxxxxxxx [mailto:tabi-bounce@xxxxxxxxxxxxx] On Behalf Of Allison and Chip Orange Sent: Friday, October 16, 2009 3:35 PM To: tabi@xxxxxxxxxxxxx Subject: [tabi] critical security warning for any pc running jaws hi all, below is a link to a user's blog, where-in he describes a critical security flaw he has discovered, for any pc running jaws. unfortunately, he doesn't quite spell out the implications of the issue, so I'd like to do so (assuming he's correct in what happens). His statement is at: http://tspivey.wordpress.com/2009/10/16/critical-security-flaw-in-jaws/ where-in, he essentially says that any pc you've setup with jaws automatically starting at bootup, has essentially no password security at all; anyone can get on such a pc, as an administrator, from the logon screen, without knowing a user id or a password. furthermore, while he's only tested this with version 10, it's my guess that the architecture of this part of jaws has remained unchanged, so that this security hole will exist in all past versions as well. using his steps, you can walk up to anyone's pc or server, reboot it if it's running, and with a few keystrokes be on as the administrator. this is very unfortunate for any IT employee, who is using jaws, and has it installed on servers or pcs which are supposed to be password protected. an employer should really ask the user to change the arrangement so that jaws is only started running after the login. for your average home user, this probably has no practical effect (it's seldom you rely on your password for your home pc to keep others out; you rely usually on your physical security to do that). Chip Check out the TABI resource web page at http://acorange.home.comcast.net/TABI and please make suggestions for new material. if you'd like to unsubscribe you can do so through the freelists.org web interface, or by sending an email to the address tabi-request@xxxxxxxxxxxxx with the word "unsubscribe" in the subject. Check out the TABI resource web page at http://acorange.home.comcast.net/TABI and please make suggestions for new material. if you'd like to unsubscribe you can do so through the freelists.org web interface, or by sending an email to the address tabi-request@xxxxxxxxxxxxx with the word "unsubscribe" in the subject.