Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Industry Watch » The Technological

Alpine Dottie

Cupertino setting new records.

Landon Fuller must have returned to Apple. He might be getting help from Arno Goudrol.


Get It

Try It
Truly in the history of computer science rarely have things ever happened on this grand scale of stupidity. And it's a direct insult to all the engineers out there - both hardware and software - to have their dazzling device denigrated in such a damaging fashion - just because some system programmers and designers at Apple are so irretrievably DUMB.

First it was the realisation they were using SUID root executables inside Cocoa apps. THAT'S SOMETHING YOU NEVER EVER DO.

Then it was the realisation both killer web apps Safari and 'MobileMail' were going down for the count all the time. A crash is a hair breadth away from an exploit.

Now it's the realisation these pinheads have delivered already over one half million devices WITH THE ROOT ACCOUNT ENABLED.

And if that still doesn't get you: IT TOOK SIXTEEN SECONDS PROCESSING TIME TO CRACK THE PASSWORD.

Loaded 2 passwords with 2 different salts (Standard DES [64/64 BS])
alpine           (mobile)
dottie           (root)
guesses: 2  time: 0:00:00:16 (3)  c/s: 551883  trying: royour - b1o2w8

It's 'dottie'. And your user account ('mobile') uses the password 'alpine'. They're geniuses, aren't they?

This isn't to say other mobile phone companies don't have people making major security design decisions so bad those responsible should be put out to pasture. But having it happen on Apple is just bad bad news.

See Also
Hackint0sh: iPhone Root Password Cracked
Carnegie Mellon: iPhone security settings by Xeno Kovah
Full-disclosure: iPhone Security Settings (Erik Tews)
Full-disclosure: iPhone Security Settings (Kevin Finisterre)

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.