If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(MacRumors)   Apple's multimillion dollar advanced security system foiled by a Scrabble dictionary and a shiatty graphics card. No, that isn't snark, that is the actual truth   (macrumors.com) divider line 90
    More: Fail, Scrabble, security systems, iOS, Scrabble dictionary, wifi hotspots, GPUs, random numbers, gas generator  
•       •       •

7436 clicks; posted to Geek » on 19 Jun 2013 at 10:52 PM (42 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



90 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread

First | « | 1 | 2 | » | Last | Show all
 
2013-06-19 08:10:26 PM
This should make for a totally calm and rational discussion on Apple security.
 
2013-06-19 08:19:35 PM
Um, how does Apple's auto-generating password thingy constitute an advanced security system?

I mean, if you were really interested in secure connections, wouldn't you create your own complicated alphanumeric strings with symbols? If you weren't worried or otherwise didn't care about security at all, this little password generator would probably be your first choice and should meet your expectations.
 
ZAZ [TotalFark]
2013-06-19 08:35:16 PM
a combination of a short English word along with random numbers

If only there were some geek who couldn't draw to make a webcomic instruction on creating easily remembered but hard to crack passwords.
 
2013-06-19 08:47:13 PM

dr_blasto: Um, how does Apple's auto-generating password thingy constitute an advanced security system?

I mean, if you were really interested in secure connections, wouldn't you create your own complicated alphanumeric strings with symbols? If you weren't worried or otherwise didn't care about security at all, this little password generator would probably be your first choice and should meet your expectations.


You actually can create your own - you don't have to keep the one the phone chooses for you.
 
2013-06-19 08:50:56 PM

rwhamann: dr_blasto: Um, how does Apple's auto-generating password thingy constitute an advanced security system?

I mean, if you were really interested in secure connections, wouldn't you create your own complicated alphanumeric strings with symbols? If you weren't worried or otherwise didn't care about security at all, this little password generator would probably be your first choice and should meet your expectations.

You actually can create your own - you don't have to keep the one the phone chooses for you.


I know, that's the point. IF you really cared, you would make your own and not just rely on the simple auto-generated one. The point being, this is a ridiculous complaint. Anyone interested in security wouldn't be affected.
 
2013-06-19 08:56:47 PM
And buried in the second last paragraph, we find this:

As noted by ZDNet though Apple's password generation system is flawed, it is a more robust solution than what is used by other companies like Microsoft. For example, the Windows 8 phone utilizes default passwords that consist of eight digit numbers.
 
2013-06-19 09:04:43 PM

bingethinker: And buried in the second last paragraph, we find this:

As noted by ZDNet though Apple's password generation system is flawed, it is a more robust solution than what is used by other companies like Microsoft. For example, the Windows 8 phone utilizes default passwords that consist of eight digit numbers.


But but sensationalism and CLICKS!
 
2013-06-19 09:17:28 PM
I hate Scrabble dictionaries.

I have an abridged two volume OED and that's what a real man uses for Scrabble.

And ALL the words count, biatches.
 
2013-06-19 09:22:17 PM

Marcus Aurelius: I hate Scrabble dictionaries.

I have an abridged two volume OED and that's what a real man uses for Scrabble.

And ALL the words count, biatches.


Real men use the unabridged OED.
 
2013-06-19 09:26:39 PM
A 6990 isn't exactly a shiatty card, even if it is a generation old, that is all.
 
2013-06-19 09:37:10 PM

Marcus Aurelius: I hate Scrabble dictionaries.

I have an abridged two volume OED and that's what a real man uses for Scrabble.

And ALL the words count, biatches.


Real men use Hungarian Phrasebooks.
 
2013-06-19 09:46:05 PM
img.fark.net
Does not approve.
 
2013-06-19 09:58:01 PM
The ios7 "default" password is way more difficult than the old one.  for example, the suggested password on my phone is in the format aaa1aaaa1a11, and there are no dictionary or even fake dictionary words included.

So, it's a good thing this is going to be an issue for about 3 more months.
 
2013-06-19 10:04:22 PM

Shostie: Marcus Aurelius: I hate Scrabble dictionaries.

I have an abridged two volume OED and that's what a real man uses for Scrabble.

And ALL the words count, biatches.

Real men use the unabridged OED.


In that case, all the words count.

/my hero\
 
2013-06-19 10:15:44 PM
In the battle between guns and armor, guns always win in the end.

That observation notwithstanding, this story is impossible. According to the fanbois, nobody hacks Apple stuff.
 
2013-06-19 10:16:54 PM

Kredal: So, it's a good thing this is going to be an issue for about 3 more months.


Fixing a security issue in three months?  That's got to be a record for Apple.
 
2013-06-19 10:20:04 PM

hardinparamedic: Real men use Hungarian Phrasebooks.


Look, I won't judge you, if you don't judge me.
 
2013-06-19 10:27:50 PM

demaL-demaL-yeH: This should make for a totally calm and rational discussion on Apple security.


I hear that if you seal them into an oak barrel with bees wax and sink them into a deep river in the late summer, they will stay fresh until the following spring.  You just have to make sure no one sees where you anchor them.
 
2013-06-19 10:35:49 PM

Wintermute6: A 6990 isn't exactly a shiatty card, even if it is a generation old, that is all.


No kidding. 5.4 Tflops @ single precision
 
2013-06-19 10:38:56 PM

Marcus Aurelius: demaL-demaL-yeH: This should make for a totally calm and rational discussion on Apple security.

I hear that if you seal them into an oak barrel with bees wax and sink them into a deep river in the late summer, they will stay fresh until the following spring.  You just have to make sure no one sees where you anchor them.


Argon gas.
 
2013-06-19 10:55:35 PM

demaL-demaL-yeH: This should make for a totally calm and rational discussion on Apple security.


Rational discussions don't equate to high click rates.
 
2013-06-19 10:56:05 PM
FTFA: As noted by ZDNet though Apple's password generation system is flawed, it is a more robust solution than what is used by other companies like Microsoft. For example, the Windows 8 phone utilizes default passwords that consist of eight digit numbers.

Meh. They both let you create your own instead of default.

I use my dad's work phone number from when I was a kid, alternating the numerals and the the letter a row below it. So if part were 1234 I'd use 1w3r.
 
2013-06-19 11:01:28 PM

dr_blasto: rwhamann: dr_blasto: Um, how does Apple's auto-generating password thingy constitute an advanced security system?

I mean, if you were really interested in secure connections, wouldn't you create your own complicated alphanumeric strings with symbols? If you weren't worried or otherwise didn't care about security at all, this little password generator would probably be your first choice and should meet your expectations.

You actually can create your own - you don't have to keep the one the phone chooses for you.

I know, that's the point. IF you really cared, you would make your own and not just rely on the simple auto-generated one. The point being, this is a ridiculous complaint. Anyone interested in security wouldn't be affected.


Not only that, but the device shows you how many devices are connected. It does so on the home and lock screens. So, in the unlikely confluence of events where you are using your iOS device as a hotspot and 1) You didn't change the password, 2) Somebody nearby was trying to crack your password, and 3) You are in proximity long enough for it to happen, then you STILL will likely notice "Hey, I show two/three/etc. devices connected and I only connected one. I ought to do something."

If you're THAT obtuse, fark it, you have it coming.
 
2013-06-19 11:05:51 PM
correct horse battery staple
 
2013-06-19 11:08:28 PM
As others have said, sure the generated default password isn't as secure as it could be, but I think the odds of someone bothering to do so is slim, you are constantly shown the number of connected users, and worst case - oh no, they're surfing on your bandwidth - and that's it. No personal data is exposed.
 
2013-06-19 11:11:53 PM
Who the fark uses a default password on anything?
 
2013-06-19 11:16:38 PM

hardinparamedic: Marcus Aurelius: I hate Scrabble dictionaries.

I have an abridged two volume OED and that's what a real man uses for Scrabble.

And ALL the words count, biatches.

Real men use Hungarian Phrasebooks.




My hovercraft is full of eels.
 
2013-06-19 11:21:46 PM

demaL-demaL-yeH: Marcus Aurelius: demaL-demaL-yeH: This should make for a totally calm and rational discussion on Apple security.

I hear that if you seal them into an oak barrel with bees wax and sink them into a deep river in the late summer, they will stay fresh until the following spring.  You just have to make sure no one sees where you anchor them.

Argon gas.


What a waste.

I see your lazy gas and raise you several thousand atmospheres.

/silly englishman
 
2013-06-19 11:46:06 PM
And by a shiatty graphics card you mean the highest end graphics card of the last generation or four of the second fastest single-chip cards of this generation, right?

Cards that probably won't be feasible anywhere near where people feel the need to create a wifi hotspot.

/Still hate Apple
//Love desktop hardware
 
2013-06-19 11:50:17 PM
Wow! Whoever wrote this headline straight up doesn't know what they are talking about. All they are talking about is when you turn on an option to create a hotspot. It's no "advanced security system." It's a short algorithm that generates an 8 character password consisting of letters and numbers that probably took some guy 10 minutes to create. The simplicity is for the sake of users who can't be bothered to input a secure password (I've ran into people who couldn't be assed to put in a password with symbols. They actually complained.) Subby is a total dumbass.
 
2013-06-19 11:53:16 PM
The default password for my Comcast router is like 40 "random" hexadecimal characters. I thought that was a bit overkill.
 
2013-06-19 11:59:05 PM

RealAmericanHero: Wow! Whoever wrote this headline straight up doesn't know what they are talking about. All they are talking about is when you turn on an option to create a hotspot. It's no "advanced security system." It's a short algorithm that generates an 8 character password consisting of letters and numbers that probably took some guy 10 minutes to create. The simplicity is for the sake of users who can't be bothered to input a secure password (I've ran into people who couldn't be assed to put in a password with symbols. They actually complained.) Subby is a total dumbass.


If you don't think it's unreasonable to choose a password consisting of at least 3 of the following that changes every 2 months and can't re-use any 6 character chunk...
number
lower case letter
upper case letter
special character

I think that merits complaining. Even assuming you chose part of the opening sentence of your favorite book... "Now is the winter of our discontent", for example, the time it would take to crack my sentence is somewhere on the order of 200x longer than the 8 character garble I am forced to use at work. In my case, it's actually worse, as a contractor, my company has a 2mo cycle, the client has a 3mo cycle. So I am have numerous of these stupid passwords at a go.

Logically, If I chose say... a 30 character phrase, I should be able to keep my password at least a year. I'm sick of managing passwords.
 
2013-06-20 12:02:55 AM

dyhchong: And by a shiatty graphics card you mean the highest end graphics card of the last generation or four of the second fastest single-chip cards of this generation, right?

Cards that probably won't be feasible anywhere near where people feel the need to create a wifi hotspot.

/Still hate Apple
//Love desktop hardware


Came here to post this. Subby may have thought they were talking about something from the GeForce 6000 series, but the 6990 is about as "shiatty" as a GTX 590.
 
2013-06-20 12:10:36 AM

GreenAdder: Who the fark uses a default password on anything?


Apple users.
 
2013-06-20 12:16:50 AM

bingethinker: And buried in the second last paragraph, we find this:

As noted by ZDNet though Apple's password generation system is flawed, it is a more robust solution than what is used by other companies like Microsoft. For example, the Windows 8 phone utilizes default passwords that consist of eight digit numbers.


Bu-bu-bu-but Microsoft!
 
2013-06-20 12:21:44 AM
Not into IT at all, but wouldn't it be easy to avoid brute force attempts like this by simply limiting the number of attempted connections from one device (or all devices, to prevent spoofing of the device id) per minute?
 
2013-06-20 12:21:52 AM

Shostie: Marcus Aurelius: I hate Scrabble dictionaries.

I have an abridged two volume OED and that's what a real man uses for Scrabble.

And ALL the words count, biatches.

Real men use the unabridged OED.


Beat me to it
 
2013-06-20 12:33:27 AM

bingethinker: And buried in the second last paragraph, we find this:

As noted by ZDNet though Apple's password generation system is flawed, it is a more robust solution than what is used by other companies like Microsoft. For example, the Windows 8 phone utilizes default passwords that consist of eight digit numbers.


But it's not more robust.

Microsoft's is ten digits, which is 108.
Apple's is a word chosen from a list of less than two-thousand words followed by four numeric digits, which works out to be less than 107.3 .

It isn't a gigantic difference, but still...
 
2013-06-20 12:43:51 AM

dr_blasto: The point being, this is a ridiculous complaint. Anyone interested in security wouldn't be affected.


It's a very valid complaint.  The people who aren't "interested in security" need it the most.

They need strong automagically generated passwords, because they wouldn't know that they have weak ones.
 
2013-06-20 12:54:59 AM
A note to all you passphrase people. Add a number or symbol to somewhere in the middle of one of the words or purposely misspell one of them. (If I assume it's an English phrase of not more than 10 words, it's a lot easier to brute force than having to check each character in the phrase)

//to infinity and b3yond
 
2013-06-20 01:04:07 AM
Have you ever tried to set up a password in Fedora Linux?

It is like shoving glass into your penile hole and then breaking said glass. Its very painful.
 
2013-06-20 01:07:27 AM

Shostie: Marcus Aurelius: I hate Scrabble dictionaries.

I have an abridged two volume OED and that's what a real man uses for Scrabble.

And ALL the words count, biatches.

Real men use the unabridged OED.


Real men use SOWPODS when it comes to scrabble.
 
2013-06-20 01:08:42 AM
I think most of the posters here are missing the point. I'm not going to get into 'Apple vs. MS' or 'default PW vs. making up your own', or even 'No one would ever set up a cracking rig like this anywhere near where someone is setting up a mobile hotspot'.

For me, the real takeaway from the article was the description of Apple's PW generation algorithm. Really? That's the best you can come up with?

I would fire the guy who designed/coded a password generator that pathetic.
 
2013-06-20 01:17:47 AM
Quantumbunny: lower case letter
upper case letter
special character


And that substitution crap is dead as well.

You know, where you use an ! or 1 in place of I, or a 0 instead of O, or 3 instead of E.

// These days, common word passwords get run through mutators that generate all of the variants. It's basically no better than using the bare word itself.
 
2013-06-20 01:34:04 AM
Oblig: img.fark.net
 
2013-06-20 01:40:25 AM

lewismarktwo: Oblig: [img.fark.net image 740x601]


That's why all my passwords are correcthorsebatterystaple. It's the most secure password ever.
 
2013-06-20 01:44:01 AM

akula: Not only that, but the device shows you how many devices are connected. It does so on the home and lock screens. So, in the unlikely confluence of events where you are using your iOS device as a hotspot and 1) You didn't change the password, 2) Somebody nearby was trying to crack your password, and 3) You are in proximity long enough for it to happen, then you STILL will likely notice "Hey, I show two/three/etc. devices connected and I only connected one. I ought to do something."


This. The security code is basically just there to stop random people at the airport or the hotel from hopping on your phone's hotspot when you fire it up to avoid using the molasses slow free wi-fi. It's not really there to keep your SSN and taxes secure. It's like someone being really proud of themselves for being able to figure out how to pick the cheap lock you stuck on your garden shed to keep the neighbor kid from rifling through your crap. It's REALLY unlikely that you'd be near anyone with a gaming laptop and the know how to hack your temporary hot spot.
 
2013-06-20 01:56:03 AM

spamdog: bingethinker: And buried in the second last paragraph, we find this:

As noted by ZDNet though Apple's password generation system is flawed, it is a more robust solution than what is used by other companies like Microsoft. For example, the Windows 8 phone utilizes default passwords that consist of eight digit numbers.

Bu-bu-bu-but Microsoft!


img.fark.net
 
2013-06-20 02:09:18 AM

Kredal: The ios7 "default" password is way more difficult than the old one.  for example, the suggested password on my phone is in the format aaa1aaaa1a11, and there are no dictionary or even fake dictionary words included.

So, it's a good thing this is going to be an issue for about 3 more months.


I count eight words and three brand names, along with one word and two proper names with simple "l33t" substitution spellings.  I've probably missed some.
 
2013-06-20 02:56:46 AM
Isn't it easier to set your own password? That's what I've always done.
 
Displayed 50 of 90 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report