Stuart Gibson October 22, 2010 6:36 AM

Apple have already disabled this from their end. Attempts to view this information result in the app returning to the previous pane.

But yes, it is a very beta beta.

S October 22, 2010 7:11 AM

And you can bet it’s still just as easy to change someone’s Apple ID (or other) password from their PC without knowing it anyway. How many people save their password in their email client? Send a password reset from the web site, open up the email client…

Or just install a key logger.

Yes, it’s a flaw; it should never have been released like this even in a beta. Giant it isn’t though.

Leave your workstation unattended, unlocked in an insecure environment and bad things can happen.

bob October 22, 2010 7:54 AM


If you have physical access to the machine you always have access to everything on the machine unless there’s disk encryption. Admin passwords are to stop end users doing silly things, they’re not particularly solid security.

Jesus Quintana October 22, 2010 11:36 AM

I remember the ads touting OS X as having legendary security. Laughable man, HAH!

I was gonna hack you on Saturday, now I’m gonna hack you on Wednesday. Nobody’s secure from the Jesus, man!

Lan Colshaw October 22, 2010 12:38 PM

“legendary security” … yes, this was the OS that originally got its software updates across a plain TCP connection. Now that was legendary.

RH October 22, 2010 1:16 PM

Watching Apple’s OS grow from its start as a perfectly secure OS layered with some of the least secure GUI code ever written has been very entertaining. I think they genuinely thought “we’re BSD now, so someone’s taken care of all of the security for us.”

So while Windows internals are insecure, Mac has secure internals, but every bit of code Apple writes makes it less secure.

wilhelmtell October 22, 2010 7:03 PM

If you try to sign in to facetime with a bad password then facetime will remember that bad password the next time you start it. so you can change the password, sign out, then try to sign in with a bad password and you will keep the user out.

Davi Ottenheimer October 22, 2010 7:47 PM

A fine example of Apple releasing code without a security review; or their security review process is so broken it does not catch basic authentication flaws.

All anyone had to ask was “Can the password can be changed without supplying the existing password?” and FaceTime would have been sent back for remediation. This is a pre-beta question.

It begs the question of other poor practices by the same development team.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.