Home > Privacy, Security > Xerox Alto zero-day

Xerox Alto zero-day

Privacy, Security 12 Comments

We’ve been archiving a bunch of old Xerox Alto disk packs from the 1970s. A few of them turned out to be password-protected, so I needed to figure out how to get around the password protection. I’ve developed a way to disable password protection, as well as a program to find the password instantly.

Xerox has failed to respond to this severe security hole in their computer, and every day they refuse to patch this vulnerability is a day their customers run a massive risk. Irresponsible.

About The Author

Thom Holwerda

Follow me on Mastodon @[email protected]

12 Comments

  1. 2018-01-04 11:08 pm
    JLF65

    So you’re lucky I’m not Arnold. With all the security panics going on with modern systems, a little levity is appreciated. ;)

    • 2018-01-05 1:20 pm
      darknexus

      With all the security panics going on with modern systems, a little levity is appreciated. ;)

      Agreed. I needed that today!

  2. 2018-01-04 11:43 pm
    Licaon_Kter

    Link to the CVE?

    🙂

  3. 2018-01-05 9:13 am
    MichalKJP

    “Xerox has failed to respond to this severe security hole in their computer, and every day they refuse to patch this vulnerability is a day their customers run a massive risk. Irresponsible.”

    Yes, indeed. I’m sure they will lose a market share because of it.

  4. 2018-01-05 12:34 pm
    Phloptical

    Is xerox still in business?

    • 2018-01-06 11:27 am
      The123king

      Yes, they carry business supplies and printer paper mostly nowadays

      • 2018-01-07 10:58 pm
        zima

        printer paper

        Slightly ironic, considering that Xerox Alto was supposed to usher us in the era of paperless office.

  5. 2018-01-05 3:08 pm
    Bill Shooter of Bul Platinum Prime Supporter

    Crazy crazy stuff. The engineers from PARC are commenting.

    http://www.righto.com/2018/01/xerox-alto-zero-day-cracking-disk.htm

    So sad the PARC isn’t what it was.

    • 2018-01-05 5:22 pm
      whartung

      Crazy crazy stuff. The engineers from PARC are commenting. [/q]

      This is a particular gem.

      [q]Given the AATFDAFD hint, I’d guess the real password is ADDATADFAD. This derives from a project I did with Jef Raskin at UCSD in 1974. (He mentioned it in this interview.) The Data General Nova we were working with produced some garbled message with ADDATADFAD where it should have said ADDITIONAL, and it was a running joke ever after. Strange, the things that occupy some brain cells for over 40 years.

      Just help shows the human side of all this.

  6. 2018-01-07 12:56 pm
    uridium

    Very nice. Needed the laugh ;)

  7. 2018-01-08 5:02 am
    hackus

    WTH?

    CVE?

    NNTO.

  8. 2018-01-09 7:06 am
    kavyasharma1

    It is a good news. Because I have a bad experience with Xerox Printer. Thanks for sharing.

    http://proactdigital.com“>Digital