SecureMac Company Press

Stay up-to-date with SecureMac’s latest company related news and press releases. View all past press releases and news articles. – AtEase Security

Posted on June 2, 2001


At Ease popularity has kind of died down. I remember schools using it but now they don’t seem to. It’s a product I never liked. Found it rather insecure. Millions of ways to hack around it.


The New Version, Well You need to email me with information on it. I couldn’t find any on Apples website, so if you run it, Email me! I guess this product would be good for Jr High or Elementary schools.


At Ease Files + Hacks + Fixes:
Research Papers/Instructions:

Open Other peoples files is a email submitted from someone with malicious intent. Always know what other people are expecting so the administrator can be prepared.

  • Complete AtEase Bypassing Guide – Jibblet
  • Bypassing AtEase version 3.0 -RDK
  • Bypassing AtEase -By the Weasel
  • AtEase 5.0 Security Advisory: At Ease 5.0 will allow a user to access any user’s volume on the server.

The tested configuration is as follows:

  • MacOS 7.6.1 (should work with anything greater than 7)
  • At Ease 5.0.2 AppleShare IP 5.0.3
  • Netscape 4.0.7 (No reason it shouldn’t work from .99 to 4.5)

How to do it

Log in as any user that has access to Netscape Communicator, and type in file://Macintosh%20HD/System%20Folder/ and you are able to access the disk.

Do the same thing, except use file://At%20Ease%20Volume%20Name/At%20Ease%20%Docs/username and it’s quite easy to browse through anyone’s files.

It is possible to download files from any user’s directory. I have been unable to actually open any of the files once they are downloaded, however in an educational setting, just viewing names in a certain directory could constitute some serious problems (such as if a teacher works with Special Education students, and has a list of documents to their parents).
Apple apparently will not fix their own product.

There is a 3rd party extension available for this at:

Share on Facebook0Tweet about this on TwitterShare on Reddit0Share on Google+0Email this to someone