Find Your Valentine
Slog
News & ArtsMonday, November 23, 2009
Tech Caveat H4X0r
Posted by Anthony Hecht on Mon, Nov 23, 2009 at 11:07 AM
In The Morning News today, Jen linked to a story about a new iPhone worm making the rounds in the Netherlands.
As with most stories like this, the BBC headline and subhead make no mention of the fact that this exploit only affects iPhones that have already been massively compromised by their owners.
The BBC article is good, though, explaining in paragraphs 3-6 that the problem only affects morons:
The worm attacks "jail-broken" phones - a modification which enables the user to run non-Apple approved software on their handset.The handsets at risk also have SSH (secure shell) installed.
Many people use SSH so other programs can remotely connect to an iPhone and, among other things, transfer files. It comes with a default password, "alpine" which should be changed.
Users who have installed SSH and not changed the password are especially at risk.
So, if you've jailbroken your iPhone, installed SSH, and left the root password set to the widely known default, you're vulnerable. And stupid.
1
To be fair, it says that not changing the password (as far as I can tell the only truly bone-headed part of this scenario, but I'm not a tech dude) makes you "especially vulnerable," implying that jail-breaking + ssh still leaves you at least somewhat vulnerable.
2
there is another virus going around in Norway, at least according to my friends - it involves watching the movie 2012 and thinking it's "brilliant!"
Friends don't let friends geek out to 2012.
Friends don't let friends geek out to 2012.
3
@1 - Not really. Having SSH installed with a good password doesn't make you particularly vulnerable. SSH is a nearly ubiquitous secure protocol that most servers on the Internet have installed. Of course, it's only as safe as your password, so it needs to be strong and changed from time to time.
8
Will @7, I can tell how well your medicines are working by how much or little sense your posts make. You need a refill.
10
@6 - No, I'm not at all. I did it on my first iPhone, but since 3rd party apps came along, I don't see any need for it. At the same time, I have zero sympathy for jailbreakers who have problems or get hacked, and no patience for news articles that act like it's some kind of flaw in the system.
13
easy enough to fix. cydia>mobileterminal. open mobileterminal. type su root hit return. at password prompt type alpine hit return. type passwd hit return. enter your new password and hit return. re-enter new password, voila. or you can tap on return instead of hitting it, I suppose.
14
@10, I think it's very reasonable to have some sympathy for jailbreakers who have problems.
Apple markets their phones as technological marvels that can do everything other phones can do and more, but I think that's misleading if they disable or charge more for obvious features. For example, last time I checked, I can't use a custom text message tone without jailbreaking, and every time the least annoying preloaded tone sounds, half the people in the room I'm in check their phones.
I hate being at the mercy of any company's marketing dept. They just want to control the ring and text message tones so as to strengthen their brand recognition. It's not a flaw in the technology, or even in their business strategy, but it sure looks like a flaw to us as consumers.
Maybe it's not such a huge deal with iPhones, but the same logic applies to iTunes. Anyone who rips the CD's they buy has to continually fight with software specifically crafted to break the paradigm of an "album" and encourage people to just buy all their music through the iTunes store. I certainly feel sorry for anyone who installs an add-on for iTunes in hopes of gaining more control over their music library and finds that it erases hours and hours of work they've done entering album artwork and making playlists.
Just two examples of how we are ceding more and more control over the devices and software we buy, and I don't like that one bit.
Apple markets their phones as technological marvels that can do everything other phones can do and more, but I think that's misleading if they disable or charge more for obvious features. For example, last time I checked, I can't use a custom text message tone without jailbreaking, and every time the least annoying preloaded tone sounds, half the people in the room I'm in check their phones.
I hate being at the mercy of any company's marketing dept. They just want to control the ring and text message tones so as to strengthen their brand recognition. It's not a flaw in the technology, or even in their business strategy, but it sure looks like a flaw to us as consumers.
Maybe it's not such a huge deal with iPhones, but the same logic applies to iTunes. Anyone who rips the CD's they buy has to continually fight with software specifically crafted to break the paradigm of an "album" and encourage people to just buy all their music through the iTunes store. I certainly feel sorry for anyone who installs an add-on for iTunes in hopes of gaining more control over their music library and finds that it erases hours and hours of work they've done entering album artwork and making playlists.
Just two examples of how we are ceding more and more control over the devices and software we buy, and I don't like that one bit.
15
Now, if people want to remod their iPhones so they can use em with a different carrier, that's their own choice.
But root is always fun, no matter how you get it.
Most people still haven't secured their wireless modems - you can wargang insecure ones still using the root passwords, even if they say they're encrypted ... which, if you've got a Win machine behind, means it's open season in Seattle, at least.
Don't see why we should blame people who don't want to pay a wireless provider tax they don't want to pay.
Just remember, information just wants to be free. As almost 40 percent of ex-employees continually remind employers who outsource their jobs to India.
But root is always fun, no matter how you get it.
Most people still haven't secured their wireless modems - you can wargang insecure ones still using the root passwords, even if they say they're encrypted ... which, if you've got a Win machine behind, means it's open season in Seattle, at least.
Don't see why we should blame people who don't want to pay a wireless provider tax they don't want to pay.
Just remember, information just wants to be free. As almost 40 percent of ex-employees continually remind employers who outsource their jobs to India.
17
@14 - Uh huh, and if I decide that I want my car to go faster, I can make any number of modifications to the manufacturer's settings, emission controls, and so on, but that doesn't mean I should expect their support or any understanding if something breaks. Same goes for anything else. Apple has no responsibility to make the iPhone do everything you think it should do. If you want something different, you can modify it and take your chances, or buy something else.
18
i don't expect sympathy when my jailbrokenunlocked iphone has problems, and I don't have sympathy for people who buy pc's and are then horrified when windows quits working, gets glitchy, or just dumps everything on the hard drive. We all make choices.
19
Except for certain things.
If you buy a Ducati, you can mod it in any number of ways and still enjoy the company's enthusiastic support and understanding, and generally stay in warranty. They have made some 'dark' versions (like a blank canvas) of their bikes as an invitation to customizers. Because if they were ever to deny that these bikes are intended to be tuned and customized, and ridden to the very limit on the racetrack, it would blow a hole below the waterline in the entire image they've built of themselves.
So it's Ducati who is at the mercy of their marketing department, not their customers. YMMV.
If you buy a Ducati, you can mod it in any number of ways and still enjoy the company's enthusiastic support and understanding, and generally stay in warranty. They have made some 'dark' versions (like a blank canvas) of their bikes as an invitation to customizers. Because if they were ever to deny that these bikes are intended to be tuned and customized, and ridden to the very limit on the racetrack, it would blow a hole below the waterline in the entire image they've built of themselves.
So it's Ducati who is at the mercy of their marketing department, not their customers. YMMV.
20
#14: A car metaphor? Are you serious? This really is Slashdot, circa 1999, and Apple is the new Microsoft.
Enough of this bullshit: the very fact that a "jailbreak" exists means that Apple's code is seriously flawed, so it is their responsibility to fix it. And blaming people for rooting their locked-down machines is kind of like blaming potheads for violent grow ops. Maybe if Apple didn't treat their customers like moronic cash cows, people woulnd't feel the need to take such chances. Any other corporation with such an obscene profit margin would be a target for unending mockery and derision.
Anothony Hecht: Stupid Fucking Credulous Apple Fanboy of the Day?
Enough of this bullshit: the very fact that a "jailbreak" exists means that Apple's code is seriously flawed, so it is their responsibility to fix it. And blaming people for rooting their locked-down machines is kind of like blaming potheads for violent grow ops. Maybe if Apple didn't treat their customers like moronic cash cows, people woulnd't feel the need to take such chances. Any other corporation with such an obscene profit margin would be a target for unending mockery and derision.
Anothony Hecht: Stupid Fucking Credulous Apple Fanboy of the Day?
21
Of course you could buy a Kawasaki that offers comparable base performance to the Ducati, at a lower price, but you're more likely to have warranty problems if you mod it. So you are free to make whichever choice you like before you buy.
22
@20 - Please. I have plenty of criticism of Apple, and lots of it around the iPhone, particularly their App Store policies. The car isn't the point of the metaphor, obviously, the point is that if you buy a product and then change it in unsupported ways, it's UNSUPPORTED. Your personal feelings on what the product should do are entirely irrelevant.
I have no problem with jailbreakers, hackers, whatever. It's your phone, do whatever you want. But claiming that Apple somehow forced you into this position, or that they are in any way responsible for exploits that take advantage of security holes you created is absurd.
I have no problem with jailbreakers, hackers, whatever. It's your phone, do whatever you want. But claiming that Apple somehow forced you into this position, or that they are in any way responsible for exploits that take advantage of security holes you created is absurd.
23
Totally typical of Apple's media coverage for years. The pundits hate Apple because it keeps succeeding, while their "conventional wisdom" insists that its going to fail at every step.
There's no chance that the iPhone is going to get any significant market share. No chance. Steve Ballmer, USA Today, 04/30/2007
"...Windows Mobile dropped from 5% to 3%."
Apple iPhone eats up 50% share of all mo…
Microsoft Annual Meeting Unleashes Wave …
Motorola Chairman and CEO Ed Zander says his company is ready for competition from Apple's iPhone, due out next month. "How do you deal with that?" Zander was asked at the Software 2007 conference Wednesday in Santa Clara, Calif. Zander quickly retorted, "How do they deal with us?" - IDG News Service, May 10, 2007
Goodbye, Moto?
I give them two years before they're turning out the lights on a very painful and expensive mistake. - David Goldstein, Channel Marketing Corp. President, remarking on Apple's launch of retail stores, Business Week, May 21, 2001
"The glass-fronted 28,000 sq ft store opened on 20 November 2004 by Apple's chief executive Steve Jobs, now generates sales of £2,000 sq ft, almost three times more than Harrods, making it London's most profitable store."
Apple changes Regent Street to its core
More...
There's no chance that the iPhone is going to get any significant market share. No chance. Steve Ballmer, USA Today, 04/30/2007
"...Windows Mobile dropped from 5% to 3%."
Apple iPhone eats up 50% share of all mo…
Microsoft Annual Meeting Unleashes Wave …
Motorola Chairman and CEO Ed Zander says his company is ready for competition from Apple's iPhone, due out next month. "How do you deal with that?" Zander was asked at the Software 2007 conference Wednesday in Santa Clara, Calif. Zander quickly retorted, "How do they deal with us?" - IDG News Service, May 10, 2007
Goodbye, Moto?
I give them two years before they're turning out the lights on a very painful and expensive mistake. - David Goldstein, Channel Marketing Corp. President, remarking on Apple's launch of retail stores, Business Week, May 21, 2001
"The glass-fronted 28,000 sq ft store opened on 20 November 2004 by Apple's chief executive Steve Jobs, now generates sales of £2,000 sq ft, almost three times more than Harrods, making it London's most profitable store."
Apple changes Regent Street to its core
Advertisement
Most Commented on Slog
-
SL Letter of the Day: Pill The Homos! by Dan Savage
-
Slog Bible Study: Deuteronomy 21:10-14 by Goldy
-
The AP Is Reporting That Whitney Houston Is Dead by Paul Constant
-
Dear Huffington Post... by Dan Savage
-
Because Guns Make Us Safer by Goldy
-
SL Letter of the Day: Daddy Loves Who? by Dan Savage
-
The Rick Santorum Rally in Tacoma Probably Could Have Gone Better by Paul Constant
-
Gay Kids Are Still Killing Themselves by Dan Savage
-
Gregoire: "This is signed!" by Eli Sanders
-
Whitney Is Dead, And So Is Hollywood by Kelly O
RSS
Facebook
Twitter
Comments (23) RSS