≡ Menu

The CherryPal Arrives – With a gaping security hole

Just in time for christmas, the product I ordered over a long time ago finally arrive. I’m glad that I too can now confirm like so many others that this isn’t vaporware anymore… Just a tad on the not-quite-so-good ware. And so far, I’m still a tad bit curious about if this should have even been allowed to be sent to me… Here’s what I can say for certain, and more as I play with it:

1) It’s boot loader is fairly locked down at the moment. I haven’t looked through the support documentation (if there is any) on how to get past their normal boot loader and have it say… boot from network or from USB, but I figure that will pass with time.

2) They did send a t-shirt with. Not sure I will wear it, but a nice gesture non the less.

3) They sent along a post card inside (printed on what appears to be a photo printer no less) with a few notes (this is all the documentation that came with it). some of the notes sound a little funny… like this one for example: “your initial userid and password are limeos/limeos. Please don’t change password and userid until further notice.“… I’m not sure what further notice is… but that sounds like a security flaw, if SSH is enabled on these suckers (which it is). Thankfully it’s behind a security firewall in my case.

4) The box is running on a powerPC based processor, and a heavily modified version of Ubuntu 8. Apt is still around and appears to be working, however it doesn’t seem to be treating me as well as I would like.

5) The machine seems to be slightly underpowered for what is installed. Certain programs take forever to start. That’s ok though… I don’t intend on running their software for long.

I really don’t understand how a company tells their users to keep the default username and password set, when they leave SSH running by default… I mean seriously… anyone can get into the box, and do ANYTHING they want to it. Come on Cherrypal…

My recommendation remains at this point: don’t buy one, at least not yet…

Comments on this entry are closed.

  • David Plappert December 27, 2008, 9:14 pm

    hey, did u ever get pass that boot loader? and u said u would post a blog entry about how u could turn the logo of the cherrypal around.

    ur awesome

    plaps

Next post:

Previous post: