A hotkey is a key and a set of keys used to start a program or use a function of a program, and a key can include f1,f2 these function keys, or some special keys.
Small knowledge: Two concepts
1, Hot Key
A hotkey is a key and a set of keys used to start a program or use a function of a program, and a key can include f1,f2 these function keys, or some special keys, such as "Internet" on the Dell Keyboard, "Mail" and other keys not on the general keyboard, The most common is a number of key combinations, the most familiar use of QQ hotkey is "ctrl+~" key combination, used to open a quick view of the information sent.
There are many hot keys that you can use to open programs, these hotkeys can be set up, can be used to open a variety of programs, you can set the rules for each program, so you can effectively use the hotkey function, such as according to the first letter of the program to name, so after setting, you can easily use "CTRL + Alt+n "Open Notepad and use" ctrl+alt+w "to open Word, the way to open a program is convenient and is widely used for people who are particularly dependent on a tool.
2, WinXP "Self logoff" function
At the time of office, we often need to leave for a while, and put the computer on the desk, which means that the information is seen or lost even more serious consequences, so there is a screen saver, if you set the password, then under normal circumstances, people can not move your computer. This will ensure security.
In WinXP, it provides a feature that we call "self logoff" (that is, automatic logoff). This feature is similar to the screen saver, where your computer automatically logs off after a period of inactivity, but this "logoff" is a fake logoff and all of your background programs are still running, There is almost no difference before the cancellation, which leaves a hidden danger.
Vulnerability description
The hotkey function is a service provided by the system (specifically, to open the program, use the hot Key of the program), in the boot process has been to the login interface, the service has not been implemented, when you log in as a user, this function has just started, after execution, users can use their own settings (including some default hotkey) Hot-keys up.
Suppose a user (who has the identity of an administrator, and to the administrator login) something to leave for a while, originally thought to come back soon, but then the matter was forced not to return immediately, his computer is exposed to no protection, then WinXP (the computer operating system mentioned here refers to WinXP, and the operating system does not have the screen saver and the corresponding password installed, it is very smart to automatically implement the "Self logoff."
If this cancellation is really logged out, so this security is obviously very good, but as mentioned earlier, this logoff is fake, although others have not been able to get into your desktop, do not see what you put in your computer, but they can also use hotkeys, because the hot key service has not stopped.
Then a hostile and experienced person can use these hotkeys to do something, the simplest such as opening n a large program to destroy your machine, you can open and use a program, especially some network-related sensitive programs (and services) ...
In fact, the computer is half his control, as long as he has enough imagination ...
Security countermeasures
In fact, we have to admit that the vulnerability is very small to be exploited to really do destructive things, it needs a lot of "assumptions", but as a loophole, it is real, not afraid of 10,000, just in case, like "Cdautorun", as far as we know, It has not been really used to sabotage, but the possibility of this security breach is real, so in many public places, such as Internet cafes, this feature is turned off.