http://news.bbc.co.uk/1/hi/technology/8373739.stm

This one looks a looks a bit nasty!

http://news.bbc.co.uk/1/hi/technology/8373739.stm

This one looks a looks a bit nasty!

ok so you jailbreak your phone do the ssh thing automaticly get installed or is it something that the jailbreaker can install on is device?

ok so you jailbreak your phone do the ssh thing automaticly get installed or is it something that the jailbreaker can install on is device?

you choose whether to install it or not...

even if you have it installed, u can remove it via Cydia..

if you do install, and use SSH, then obviously change the default password :)

classic fear mongering. I understand that this is a problem, but why sensationalise it instead of reporting the facts. my favourite part is;
"Users who have installed SSH and not changed the password are especially at risk"
Surely they are the only ones at risk??

Actually that didn't sound like sensationalization to me, and in the case of people who haven't done the obvious and changed the password perhaps it should be embiggened to some degree.

Actually that didn't sound like sensationalization to me, and in the case of people who haven't done the obvious and changed the password perhaps it should be embiggened to some degree.

well yes, or simply a report written for those who are effected, namely jail broken iphone users, as i would imagine the majority of people just don't care.
(embiggened, lol, are you referencing The Simpsons or string theory.)

http://www.macrumors.com/images/macrumorsthreadlogo.gif (http://www.macrumors.com/2009/11/23/new-malicious-worm-affects-jailbroken-iphones-in-netherlands/)

BBC reports (http://news.bbc.co.uk/2/hi/technology/8373739.stm) that a second worm has been discovered that attacks certain jailbroken iPhones. The malicious software was discovered by security company F-Secure but appears to be isolated and specific to the Netherlands.It is specifically targeting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING. It redirects the bank's customers to a lookalike site with a log-in screen.
F-Secure estimates the number of affected phones to be only in the "hundreds" at this point, though it could theoretically spread. The worm appears to exploit the same users as the harmless Australian worm (http://www.macrumors.com/2009/11/09/first-iphone-worm-affects-jailbroken-iphones-in-australia/) which displayed a photograph of popsinger Rick Astley. Only individuals who had specifically jailbroken their iPhones, installed SSH and not changed the default password.

This particular worm, however, is potentially far more serious as according to F-Secure it also "enables the phone to be accessed or controlled remotely without the permission of its owner."

Article Link: New Malicious Worm Affects Jailbroken iPhones in Netherlands (http://www.macrumors.com/2009/11/23/new-malicious-worm-affects-jailbroken-iphones-in-netherlands/)

Is Apple behind these worms? They have been going after everyone and everything they think infringes on them.

I would not put it past Steve Jobs to have a small team that writes these worms.

This is slightly putting me off of getting the iPhone, but if its only jailbroken iPhones. Clearly apples security is good its just when people illegally jailbreak them that the security fails.

This is slightly putting me off of getting the iPhone, but if its only jailbroken iPhones. Clearly apples security is good its just when people illegally jailbreak them that the security fails.

If they can get to a phone outside the AT&T network they can get to the same phones inside the AT&T network, me thinks this worm has originated from inside of Apple.

This one is only due to owners not changing the default pass word. That tells me it could also effect the other iPhones on the AT&T network, and lends credibility that Apple may very well be behind this.

Who else would spend the time to go after such a small user base as jailbreak iPhones.

Makes you wonder!

It's quite obvious that if you have the password for somebody's SSH you can do pretty much anything you want with it. There is nothing unsafe about jailbreaking your iPhone in itself. It's like posting your bank password online and then being surprised that the money is gone.

If they can get to a phone outside the AT&T network they can get to the same phones inside the AT&T network, me thinks this worm has originated from inside of Apple.


Is Apple behind these worms? They have been going after everyone and everything they think infringes on them.



http://www.brokencredit.com/wp-content/uploads/2009/08/loan-modification-conspiracy-tin-foil-hat.jpg

sad...

it's sadder to find out that people don't change their password, but that's probably due to the lack of full (including the pass change) instructions of the jailbrake?

If I had an iPhone I would definitely jailbreake it, but I would do it only after getting all the details of the process.

I doubt this one came from apple, it's just another bastard taking advantage of the hole (BTW, I'm sure the iPhone is solid, it's just when jailbroken that it becomes more prone to entry). The other bastard that made the first worm thaught he was doing a favour to the community to "warn" about this exploit?
Nicelly done, backfire on us all :(

If they can get to a phone outside the AT&T network they can get to the same phones inside the AT&T network, me thinks this worm has originated from inside of Apple.

This one is only due to owners not changing the default pass word. That tells me it could also effect the other iPhones on the AT&T network, and lends credibility that Apple may very well be behind this.

Who else would spend the time to go after such a small user base as jailbreak iPhones.

Makes you wonder!

I must admit I thought your first post was a joke, but it occurs to me that you might be serious.

There is no way Apple could be behind this - essentially phishing by getting people to go to a 'lookalike site' as well as potentially creating a botnet - it's all highly illegal and would not be in Apple's interests. These people look like they're trying to get people's ING passwords.

Like lamadude says - if you don't change the SSH password after jailbreaking your phone you may as well post all your bank details and passwords online

EDIT: Skyblue said it better than I could ever have done

I'm 100% sure this isn't from Apple. A big company isn't going to risk its reputation and risk legal action taken against them since this worm is equal to identity theft to go after users that jailbreak its phone. It will probably try to make it harder to jailbreak them but to truly believe that a company would go after its consumers like that is absurd.

Coming from apple itself. Sounds very interesting. It would make people more worried about jailbreaking the iPhone but like me could also put me off.

This affects only people that installed SSH AND didn't change its default password. SSH isn't installed by default when you jailbreak.

This is good advertising for why jailbreaking is bad. Probably why Apple will say they are trying to stop people jailbreaking and how the people that make the software to allow this are ruining the iphone/ipod.

Shame that people in the jailbreaking community cannot prevent this in the first instance. Like require you to change your password upon installing SSH or something. I know it's not really the responsibility of these people to do this but I feel they should be obligated to do it as they are the ones opening the device up to this kind of attack regardless of 'guidelines' and things you should do.

Does no one agree that if jailbreaking didnt exist, this kind of attack would be near impossible on Apples closed platform?

Does this really count?

If it relies on people installing SSH and not changing the default password?

I'll be more nervous when malware with some real penetrating power shows up...

But why does Apple continue to prevent non-jailbroken iPhones from uploading custom SMS/Email tones, having wallpaper behind the home screen, changing icons etc.? That would go a long way to stopping people considering Jailbreaking.

Does this really count?

If it relies on people installing SSH and not changing the default password?

I'll be more nervous when malware with some real penetrating power shows up...

Like another article said, malware coming directly from the appstore itself.

Kinda sad that people would write worms for iPhones, or anything for that matter. Also sad that people smart enough to know what jailbreaking is & know how to do it don't think about changing the password.

I have an iPhone, but don't have it jailbroken. Don't really have a need to jailbreak it. It serves my needs. But I can see why some people do it. To each his own I guess.

If they can get to a phone outside the AT&T network they can get to the same phones inside the AT&T network, me thinks this worm has originated from inside of Apple.

This one is only due to owners not changing the default pass word. That tells me it could also effect the other iPhones on the AT&T network, and lends credibility that Apple may very well be behind this.

Who else would spend the time to go after such a small user base as jailbreak iPhones.

Makes you wonder!

I think this may be one of the silliest posts I have ever read on this site. I simply cannot follow the logic here. I cannot think of a hypothetical situation where it would be in Apple's corporate best interest to develop and release a worm for the iPhone, jailbroken or not.

http://support.apple.com/kb/HT3743

Unauthorized modification of iPhone OS has been a major source of instability, disruption of services, and other issues

Last Modified: July 30, 2009
Article: HT3743

As designed by Apple, the iPhone OS ensures that the iPhone and iPod touch operate reliably. Some customers have not understood the risks of installing software that makes unauthorized modifications to the iPhone OS ("jailbreaking") on their iPhone or iPod touch. Customers who have installed software that makes these modifications have encountered numerous problems in the operation of their hacked iPhone or iPod touch. Examples of issues caused by these unauthorized modifications to the iPhone OS have included the following:


Device and application instability: Frequent and unexpected crashes of the device, crashes and freezes of built-in apps and third-party apps, and loss of data.

Unreliable voice and data: Dropped calls, slow or unreliable data connections, and delayed or inaccurate location data.

Disruption of services: Services such as Visual Voicemail, YouTube, Weather, and Stocks have been disrupted or no longer work on the device. Additionally, third-party apps that use the Apple Push Notification Service have had difficulty receiving notifications or received notifications that were intended for a different hacked device. Other push-based services such as MobileMe and Exchange have experienced problems synchronizing data with their respective servers.

Compromised security: Security compromises have been introduced by these modifications that could allow hackers to steal personal information, damage the device, attack the wireless network, or introduce malware or viruses.

Shortened battery life: The hacked software has caused an accelerated battery drain that shortens the operation of an iPhone or iPod touch on a single battery charge.

Inability to apply future software updates: Some unauthorized modifications have caused damage to the iPhone OS that is not repairable. This can result in the hacked iPhone or iPod touch becoming permanently inoperable when a future Apple-supplied iPhone OS update is installed.

Apple strongly cautions against installing any software that hacks the iPhone OS. It is also important to note that unauthorized modification of the iPhone OS is a violation of the iPhone end-user license agreement and because of this, Apple may deny service for an iPhone or iPod touch that has installed any unauthorized software.

The most telling part for me is that this malware can potentially effect "hundreds." And this is BBC newsworthy why? Seriously, this has the potential to effect such a small group of people that the only reason that it is making headlines is because it is on an Apple product, never mind the fact that it's on a hacked Mac product.

As for Apple doing this...:p Making a virus, however pointless, is a crime. If Apple really cared about the jailbreaking community then they would take other steps to make it more difficult to jailbreak phones that are LEGAL and don't involve viruses.

Is Apple behind these worms? They have been going after everyone and everything they think infringes on them.

I would not put it past Steve Jobs to have a small team that writes these worms.

No Apple is not behind the worms, for at least three reasons:

1. If it would surface that Apple is writing malicious software, that would be really bad for them, and illegal, too.

2. The media and a lot of people won't be saying that it only affects jailbroken phones, so what many people will think is that "iPhones can have viruses", which would obviously hurt iPhone sales.

3. People who jailbroke their phones STILL bought the iPhone and payed for the hardware at least, and I cannot imagine a company trying to hack into their own customers' bank accounts.

I very much doubt Apple are writing worms.

However, You take that risk when you decide to jailbreak an iPhone.. So I dont feel sorry for anyone affected!! Or (infected)

:cool:

so the worm is pretty serious. here's description of what it does from Intego

(again, only affects jailbroken/ssh/default password)


This worm starts by searching its local network, as well as a number of IP address ranges, for available devices to infect. The address ranges it scans include those of ISPs in the Netherlands, Portugal, Hungary, Australia, and if an appropriately unprotected iPhone is found, the worm can copy itself to these devices.

When active on an iPhone, the iBotnet worm changes the root password for the device (from “alpine” to “ohshit”), in order to prevent users from later changing that password themselves. It then connects to a server in Lithuania, from which it downloads new files and data, and to which it sends data recovered from the infected iPhone. The worm sends both network information about the iPhone and SMSs to the remote server. It is capable of downloading data, including executables that it uses to run and carry out its actions, as well as new files, providing botnet capabilities to infected devices. (A botnet is a network of infected computers or devices that can be controlled by hackers to attack other computers, serve malware, send spam, serve pages or images, and much more.)

The worm also gives each infected iPhone a unique identifier; this to be able to reconnect easily to any iPhones on which valuable information is found, but also to ensure that only infected iPhones can connect to the server. Finally, it changes an entry in the iPhones /etc/hosts file for a Dutch bank web site, to lead Dutch users who connect to this bank site to a bogus site, presumable to harvest user names and passwords.

Is Apple behind these worms? They have been going after everyone and everything they think infringes on them.

I would not put it past Steve Jobs to have a small team that writes these worms.

That would be corporate suicide. Anyone at Apple who just suggested it would be fired on the spot. You may not put it past Steve Jobs, but that kind of thing would be at about 12 on a scale of stupidity going from 0 to 10. As a company with 30 billion dollars in the bank that ING could sue you for you don't even think about that kind of thing.

But why does Apple continue to prevent non-jailbroken iPhones from uploading custom SMS/Email tones, having wallpaper behind the home screen, changing icons etc.? That would go a long way to stopping people considering Jailbreaking.

For this very reason?
Having access to the file system opens up a device to all sorts of problems from a security point of view.
It shouldn't be a problem in my eyes though, a major company like Apple should have the man power to combat this kind of thing. Why can't they just treat it like another OSX release, terminal comes as standard on that!

Useless corporate talk...


I have been running a jailbroken iPhone since september 2007 and never had any issues. There, I just invalidated everything written in that copy/pasta you posted.

so the worm is pretty serious. here's description of what it does from Intego

(again, only affects jailbroken/ssh/default password)

This worm starts by searching its local network, as well as a number of IP address ranges, for available devices to infect. The address ranges it scans include those of ISPs in the Netherlands, Portugal, Hungary, Australia, and if an appropriately unprotected iPhone is found, the worm can copy itself to these devices.

When active on an iPhone, the iBotnet worm changes the root password for the device (from “alpine” to “ohshit”), in order to prevent users from later changing that password themselves. It then connects to a server in Lithuania, from which it downloads new files and data, and to which it sends data recovered from the infected iPhone. The worm sends both network information about the iPhone and SMSs to the remote server. It is capable of downloading data, including executables that it uses to run and carry out its actions, as well as new files, providing botnet capabilities to infected devices. (A botnet is a network of infected computers or devices that can be controlled by hackers to attack other computers, serve malware, send spam, serve pages or images, and much more.)

The worm also gives each infected iPhone a unique identifier; this to be able to reconnect easily to any iPhones on which valuable information is found, but also to ensure that only infected iPhones can connect to the server. Finally, it changes an entry in the iPhones /etc/hosts file for a Dutch bank web site, to lead Dutch users who connect to this bank site to a bogus site, presumable to harvest user names and passwords.


That's kinda scary. But if Apple & the police can identify the server the information goes to & who owns it, should be fairly easy to shut this thing down. However, how already infected iPhones can be repaired, I don't know.

For those of us with jailbroken iPhones, I think hte most important point is:


how do you establish whether or not you have SSH installed?
how do you change the default password?


Many applications install other services whilst installing themselves - I'm not 100% sure I've not had SSH downloaded by another application.

Apple's advice regarding Jailbreaking seems very prohibition-era... I see no way that Jailbreaking a phone could possibly kill the device, as they suggest... ("irreparable damage"...)

Why is this even big news..? You Jailbreak, you remove your protection, you be stupid and not change the root password when you install SSH, you get infected.

Should I expect to see big headlines, "new STD's affect men who don't wear condoms" to start popping up everywhere?

Come on.. this nothing..

I have been running a jailbroken iPhone since september 2007 and never had any issues. There, I just invalidated everything written in that copy/pasta you posted.

YOU didn't.

Apple can't take that kind of risk. That "useless corporate talk" is necesssary.

Especially in light of this, quoted above by Arn:

This worm starts by searching its local network, as well as a number of IP address ranges, for available devices to infect. The address ranges it scans include those of ISPs in the Netherlands, Portugal, Hungary, Australia, and if an appropriately unprotected iPhone is found, the worm can copy itself to these devices.

When active on an iPhone, the iBotnet worm changes the root password for the device (from “alpine” to “ohshit”), in order to prevent users from later changing that password themselves. It then connects to a server in Lithuania, from which it downloads new files and data, and to which it sends data recovered from the infected iPhone. The worm sends both network information about the iPhone and SMSs to the remote server. It is capable of downloading data, including executables that it uses to run and carry out its actions, as well as new files, providing botnet capabilities to infected devices. (A botnet is a network of infected computers or devices that can be controlled by hackers to attack other computers, serve malware, send spam, serve pages or images, and much more.)

The worm also gives each infected iPhone a unique identifier; this to be able to reconnect easily to any iPhones on which valuable information is found, but also to ensure that only infected iPhones can connect to the server. Finally, it changes an entry in the iPhones /etc/hosts file for a Dutch bank web site, to lead Dutch users who connect to this bank site to a bogus site, presumable to harvest user names and passwords.

I can't believe you dismissed Apple's security warning (which is nothing but a beneficial public service and certainly expected) as "useless." :confused:

When it comes to your data and (potentially) compromised security re banks, Apple's support page about jailbreaking should resonate with everyone.

I have been running a jailbroken iPhone since september 2007 and never had any issues. There, I just invalidated everything written in that copy/pasta you posted.

As much as i hate the FUD thrown up by the anti-Jailbreakers, it is possible to have all that stuff happen on a jailbroken phone because you can install buggy, stupid software if you want. It isn't installed by default though.

It's the same reason why windows is said to be so unstable. All this unnecessary buggy third party software that people install. Windows on it's own is pretty damn stable, has been for years, unless you install stupid buggy software.

Yeah, but the jailbroken iPhones are open as opposed to the default locked down Apple iPhone. Take the bad with the good.

Funny how this article (http://www.russellbeattie.com/blog/android-is-splintering-just-not-how-you-think-it-is) argues for a more open iPhone like Android, and also wishes for a more controlled Android platform, like the iPhone.

Security, Features, Openness. Pick any two.

That's what you get for jailbreaking!

wow i always knew there are lots of hackers in holland. I wonder how many people in holland have iphone - jailbroken and bank at ING. The hackers are very selective.

And clearly another reason to stick with the crappy AT&T service with a my iPhone. I wish Sprint or Verizon would get the iPhone, but don't see that happening. Glad I have no need to Jailbreak.

I'll be more nervous when malware with some real penetrating power shows up...

Real penetrating power always makes me nervous too. :cool: Just set up a password if you've installed SSH people.

Does this really count?

If it relies on people installing SSH and not changing the default password?

I'll be more nervous when malware with some real penetrating power shows up...

NO it doesn't count. Same exploit as before.

The word has been put out to change the passwords, not just here but on every iphone/ipod site I frequent.

The jailbreak community has stood up on their podiums for all to hear, for those that don't listen or want to take the time to understand the risks of jailbreaking will fall victim to these simple exploits.

*****LTD your post was, well, inspiring:rolleyes:

I have been running a jailbroken iPhone since september 2007 and never had any issues. There, I just invalidated everything written in that copy/pasta you posted.

This sounds like an insulted little kid...

Let me write the relevant paragraph for you again:

"Compromised security: Security compromises have been introduced by these modifications that could allow hackers to steal personal information, damage the device, attack the wireless network, or introduce malware or viruses."

Doesn't that EXACTLY describe what is happening with these SSH worms? People who don't know what they are doing are doing it regardless and end up with a compromised phone.
If you EXACTLY know what you're doing, you're perfectly fine. Apple just warns people, nothing else.

once again the 'impartial' BBC leans towards sensational headlines...

SECONDonly jailbroken IPHONE WORM IS MORE SERIOUS!

Well, it's entirely the user's fault for not changing the root password for SSH.

It's like setting up a machine with no firewall and setting up SSH to be usable directly by root, with the root password as 'root.' Who would do that? Only a fool. :)

On iPhone open Cydia; Icy or Rock, and download MobileTerminal. Open MobileTerminal and enter the following commands (without the quotes and followed by a return).
'login root'
'alpine'
'passwd'
'my_new_root_password' (new password, 2x)
'login mobile'
'dottie'
'passwd'
'dottie' (old password)
'my_new_password' (new password, 2x)
Done (dont forget the new passwords ;-).

It's obvious jailbreak software should incorporate obligatory password change, but users must still be aware that more freedom comes with greater responsibilities.

I bank with ING. The reason hackers are targeting this bank specifically is because they send TAN (Transaction authentication number (http://en.wikipedia.org/wiki/Transaction_authentication_number)) codes (necessary to approve a transaction when on-line banking) to your phone by SMS.

Other banks usually do this with a TAN-code calculator you receive when you open an account. Or sometimes with a paper list, if they are really old fashioned.

So hackers can read your TAN-code, if you're hacked. But they still have to know your username and password to enter. I guess that's where the fake app is for. Wow.

Can anyone tell me how to install SSh and change the password.

Someone should make a benevolent worm that takes over your device long enough to warn you to change your SSH password.

Edit:
Can anyone tell me how to install SSh and change the password.

Sorry, I only know how to do the first... ;)

so the worm is pretty serious. here's description of what it does from Intego

(again, only affects jailbroken/ssh/default password)

Quote:
This worm starts by searching its local network, as well as a number of IP address ranges, for available devices to infect. The address ranges it scans include those of ISPs in the Netherlands, Portugal, Hungary, Australia, and if an appropriately unprotected iPhone is found, the worm can copy itself to these devices.

When active on an iPhone, the iBotnet worm changes the root password for the device (from “alpine” to “ohshit”), in order to prevent users from later changing that password themselves. It then connects to a server in Lithuania, from which it downloads new files and data, and to which it sends data recovered from the infected iPhone. The worm sends both network information about the iPhone and SMSs to the remote server. It is capable of downloading data, including executables that it uses to run and carry out its actions, as well as new files, providing botnet capabilities to infected devices. (A botnet is a network of infected computers or devices that can be controlled by hackers to attack other computers, serve malware, send spam, serve pages or images, and much more.)

The worm also gives each infected iPhone a unique identifier; this to be able to reconnect easily to any iPhones on which valuable information is found, but also to ensure that only infected iPhones can connect to the server. Finally, it changes an entry in the iPhones /etc/hosts file for a Dutch bank web site, to lead Dutch users who connect to this bank site to a bogus site, presumable to harvest user names and passwords.

I had to chuckle at the password change. Very appropriate.

Can anyone tell me how to install SSh and change the password.

LOL, why on earth have you got geek in your username if you're going to post a question like that? :D

That Apple may very well be behind this.

Who else would spend the time to go after such a small user base as jailbreak iPhones.

Makes you wonder!

Well it could be the other Cell Vendors, they want to sell THEIR phones they don't want you buying iPhones and putting them on their network unless they get more of piece of Pie...

Apple haters. There are still people back in the old IBM vs. Apple Wars in the 80's and they are not happy that Apple is on the comeback. They may not be able to hack normal iPhones but they can get jail broken ones so they will. Just to feel special.

Security Nuts (Black hat hackers). They feel like a big man when they show a security flaw.

People with a point. People don't really want to jail break their phones. But they want the following... Being to install any app they want, use any carrier they want... Making the Iphone considered insecure may force apple to allow such features on their more secure platform... Probably not but most people arn't rational.

On iPhone open Cydia; Icy or Rock, and download MobileTerminal. Open MobileTerminal and enter the following commands (without the quotes and followed by a return).
'login root'
'alpine'
'passwd'
'my_new_root_password' (new password, 2x)
'login mobile'
'dottie'
'passwd'
'dottie' (old password)
'my_new_password' (new password, 2x)
Done (dont forget the new passwords ;-).

It's obvious jailbreak software should incorporate obligatory password change, but users must still be aware that more freedom comes with greater responsibilities.

Unfortunately, this will just result in a bunch of iPhones with passwords of "my_new_root_password" and "my_new_password" :p

Is Apple behind these worms? They have been going after everyone and everything they think infringes on them.

I would not put it past Steve Jobs to have a small team that writes these worms.

Nonsense. Not only is the idea a stupid one, but they would open themselves up to legal action.

I cant find a motive someone who uses an iphone for banking etc would never consider jailbreaking all there getting is teenagers who care less about personal info.

http://support.apple.com/kb/HT3743

Unauthorized modification of iPhone OS has been a major source of instability, disruption of services, and other issues

Last Modified: July 30, 2009
Article: HT3743

As designed by Apple, the iPhone OS ensures that the iPhone and iPod touch operate reliably. Some customers have not understood the risks of installing software that makes unauthorized modifications to the iPhone OS ("jailbreaking") on their iPhone or iPod touch. Customers who have installed software that makes these modifications have encountered numerous problems in the operation of their hacked iPhone or iPod touch. Examples of issues caused by these unauthorized modifications to the iPhone OS have included the following:


Device and application instability: Frequent and unexpected crashes of the device, crashes and freezes of built-in apps and third-party apps, and loss of data.

Unreliable voice and data: Dropped calls, slow or unreliable data connections, and delayed or inaccurate location data.

Disruption of services: Services such as Visual Voicemail, YouTube, Weather, and Stocks have been disrupted or no longer work on the device. Additionally, third-party apps that use the Apple Push Notification Service have had difficulty receiving notifications or received notifications that were intended for a different hacked device. Other push-based services such as MobileMe and Exchange have experienced problems synchronizing data with their respective servers.

Compromised security: Security compromises have been introduced by these modifications that could allow hackers to steal personal information, damage the device, attack the wireless network, or introduce malware or viruses.

Shortened battery life: The hacked software has caused an accelerated battery drain that shortens the operation of an iPhone or iPod touch on a single battery charge.

Inability to apply future software updates: Some unauthorized modifications have caused damage to the iPhone OS that is not repairable. This can result in the hacked iPhone or iPod touch becoming permanently inoperable when a future Apple-supplied iPhone OS update is installed.

Apple strongly cautions against installing any software that hacks the iPhone OS. It is also important to note that unauthorized modification of the iPhone OS is a violation of the iPhone end-user license agreement and because of this, Apple may deny service for an iPhone or iPod touch that has installed any unauthorized software.

My iPhone isn't jailbroken and I suffer from 4 out of 6 of those problems.
Device and application instability
Unreliable voice and data
Disruption of services
Shortened battery life

Hmmm...?

So to have a problem you have to:

1. Jailbreak your phone, thereby compromising it's built-in security.
2. Add some softeware that Apple has not checked for security.
3. Further compromise the security of your iPhone by using the default password.
4. Use the above totally unsecure iPhone for banking purposes.
5. Bank at ING that has its own security issue.

Stupid is as stupid does.

This article in German language
Deutschsprachige Version dieses Artikels (http://rossau.wordpress.com/sicherheitsmassnahmen-nach-einem-iphone-jailbreak/)

Don't install OpenSSH (Cydia link (http://cydia.saurik.com/package/openssh) for your information*) after jailbreak unless you know exactly what you are doing

If you can't avoid SSH by all means follow urgently one of the step-by-step guides


Recommended guides


cydia.saurik.com: Change default password (http://cydia.saurik.com/password.html)
Saurik aka Jay Freeman is the developer of the app Cydia—a downloader, installer and repository after jailbreak. "cd" means "change directory". (Tutorial designed for mobile browsers.)

The same mirrored/cached at IT security company F-Secure (http://www.f-secure.com/weblog/archives/cydia.htm)

Simple fix: IF jailbreak AND ssh THEN change passwords (http://forums.macrumors.com/showpost.php?p=8860806&postcount=43) by MacRumors user Adam Young earlier in this thread with comment by iSee (completed subject).


Other guides (the first two are illustrated)


Blog iClarified: How to Change the Root Password on Your iPhone (http://www.iclarified.com/entry/index.php?enid=5883)
The tutorial hoster iClarified is missing something: You also need to change the password for the 'mobile' account, or you're still vulnerable!

Computer magazine Macworld: Secure your jailbroken iPhone with a password change (http://www.macworld.com/article/143784/2009/11/iphone_password.html)—mind the update in the Macworld article!

Blog Extra Future: How To: Change Your iPhone's Root Password (http://extrafuture.com/2007/09/03/how-to-change-your-iphones-root-password/)
You can change the iPhone SSH passwords also using a Mac or PC in the same WiFi network. Again missing user 'mobile' in this old tutorial by Extra Future, add that. However it's highly recommended to change the passwords directly on the iPhone before activating OpenSSH (see "Five important hints" below)!


Further reading


Wikipedia: Secure Shell (SSH, OpenSSH) (http://en.wikipedia.org/wiki/Secure_Shell), Jailbreak (http://en.wikipedia.org/wiki/Jailbreak_(iPhone_OS)), Cydia (http://en.wikipedia.org/wiki/Cydia_(application))

OpenSSH.org (http://www.openssh.org/)

MacRumors.com: New Malicious Worm Affects Jailbroken iPhones in Netherlands [Updated x2] (http://www.macrumors.com/2009/11/23/new-malicious-worm-affects-jailbroken-iphones-in-netherlands/)
Cites IT security company Intego: "The worm sends both network information about the iPhone and SMSs to the remote server. It is capable of downloading data, including executables that it uses to run and carry out its actions, as well as new files, providing botnet capabilities to infected devices"

View entire thread here at MacRumors Forum (http://forums.macrumors.com/showthread.php?t=825279) from the very beginning

Apple Support: Unauthorized modification of iPhone OS has been a major source of instability, disruption of services, and other issues (http://support.apple.com/kb/HT3743)—MacRumors user and jailbreaker bruinsme (http://forums.macrumors.com/member.php?u=242043) calls it: "HEED to Apple's warnings, you jailbreaking thieving criminals" ;)


Five important hints


Note: If you mess up something or forget your new passwords, you’ll probably have to do a factory reset on your phone.

It is not enough when you disable SSH in SBSettings because it will activate from alone after a restart of the iPhone or on other occasions (p. e. a "respring" with the patched app SpringBoard) and you probably won't recognize that. SBSettings (Cydia link (http://cydia.saurik.com/package/sbsettings)) is a switchboard app available after jailbreak. Information at Wikipedia on SpringBoard (http://en.wikipedia.org/wiki/SpringBoard).

Most important! <paranoid mode ON> After the iPhone has already been on the net with the default passwords the phone could well have already gotten a nasty backdoor (Wiki (http://en.wikipedia.org/wiki/Backdoor_(computing))) and rootkit (Wiki (http://en.wikipedia.org/wiki/Rootkit)) installed, and is now 0wn3d by some botnet (Wiki (http://en.wikipedia.org/wiki/Botnet)). Changing the SSH passwords now does nothing to clean up that mess! Only way to clean up for sure is to reinstall a new OS using DFU mode (Device Firmware Update), and set up the device as new (iClarified: How to Put an iPhone Into DFU Mode (http://www.iclarified.com/entry/index.php?enid=1034)). (Thanks to MacRumors user firewood (http://forums.macrumors.com/showpost.php?p=8865050&postcount=111).) </paranoid mode OFF>

If you don't need it any more—delete OpenSSH immediately via Cydia because most passwords are weak! **)

Note: Any Apple iPhone operating system update or restore will set the passwords for both accounts "root" and "user" back to default "alpine" and "dottie", respectively.


*) How to establish whether or not SSH Daemon is installed


Open Terminal.app (on Mac OS X) or Mobile Terminal (on jailbroken iPhones; Cydia link (http://cydia.saurik.com/package/mobileterminal))
Type nothing but which sshd after the prompt ($), "sshd" means "secure shell daemon"
Hit Return key
Terminal will tell you in the next line something like "/usr/sbin/sshd" when SSH is installed, otherwise you'll get an error message
Quit Terminal by typing exit after the prompt and hit Return (thanks to MacRumors user Infrared (http://forums.macrumors.com/showpost.php?p=8862145&postcount=101))

Note that Mac OS X includes OpenSSH by default.


**) Recommended Password Assistant in Mac OS X (10.4 Tiger or newer)


Choose System Preferences... from the Apple menu
Look for the headline System, click Accounts; then click the Password tab
To access Password Assistant, click the Key icon you see when changing or adding a password to an user account

The assistant can create the following types of passwords:

Memorable (the most useful)
Letters & Numbers
Numbers Only
Random
FIPS-181 Compliant (not recommended but better than nothing)

A slider adjusts the length, and a bar graph shows the quality and security of your generated password. Security experts are saying that it's not recommended to create a Password hint.

For mobile devices there is a password generator available in the highly rated third-party app 1Password Pro (free until December 1st, 2009). App Store Link via App Shopper.com (http://appshopper.com/link/1password-pro).

There are several web-based password generators in the net but be careful with that. Avoid capital letter O and number 0, letters I, l, i, j, number 1 and special characters like | (alt+7), /, \, -, –, — and _, ', ` and ´, those can be easily confused when reading, writing and typing; depends on fonts—use Courier.
Gibson Research Corporation: GRC's Ultra High Security Password Generator (https://www.grc.com/passwords.htm)


Add the link (http://forums.macrumors.com/showpost.php?p=8860843&postcount=48) of this reference to your signature
in all iPhone-related forums, blogs and other social groups
where you participate!

I have been running a jailbroken iPhone since september 2007 and never had any issues. There, I just invalidated everything written in that copy/pasta you posted.

Not really, and the article itself kind of refutes your anecdotal evidence. The problems are out there, whether you've experienced them or not.

My iPhone isn't jailbroken and I suffer from 4 out of 6 of those problems.
Device and application instability
Unreliable voice and data
Disruption of services
Shortened battery life

If you read beyond the bold headlines you'll see that you really don't have those problems, except as they may relate to poor AT&T service.

Crazy stuff.

Leave your keys in the front door and anyone can walk in.

Installing SSH onto an "always on" internet connected device and not changing the default password....

You can't be protected from yourselves, folks.

You're implying that iPhone (or computer) users are not fools. You're supposed to presume they are a fool and help them out.
Windows comes with a built in firewall (lol) and malware scanner (lol again)
If you think that when someone installs something on their pc/phone that could be harmful if not setup correctly then you should take steps to help the user out to avoid problems.

How hard is it to require a password change upon installing SSH realistically?
For a start, there is no anti-virus or firewall for the iPhone so average joe user cannot protect themselves as they would with a computer.

Why is this even big news..? You Jailbreak, you remove your protection, you be stupid and not change the root password when you install SSH, you get infected.

Should I expect to see big headlines, "new STD's affect men who don't wear condoms" to start popping up everywhere?

Come on.. this nothing..

You have this right. The hacker community is like any other den of thieves, the eventually start fighting each other since there is a lack of ethics and honor. I'm sure this virus is retribution from some face off that went down. Worst, over a girl.

You jailbreak your iPhone, you get what you deserve!

YOU didn't.

Apple can't take that kind of risk. That "useless corporate talk" is necesssary.


You got that right. Must keep lawyers well-fed. Those poor, poor lawyers.

That's kinda scary. But if Apple & the police can identify the server the information goes to & who owns it, should be fairly easy to shut this thing down. However, how already infected iPhones can be repaired, I don't know.

police, maybe, but seeing apple get involved in any way to try and "fix" this situation i seriously doubt. the "fix" is already out there...don't jailbreak, and if you do, make sure you don't use default passwords with any software you may install. end of story

For those of us with jailbroken iPhones, I think hte most important point is:


how do you establish whether or not you have SSH installed?
how do you change the default password?


Many applications install other services whilst installing themselves - I'm not 100% sure I've not had SSH downloaded by another application.

Apple's advice regarding Jailbreaking seems very prohibition-era... I see no way that Jailbreaking a phone could possibly kill the device, as they suggest... ("irreparable damage"...)


Depends. Back when I used to do it, installation of SSH was a checkbox or an option you could select to do (or was selected by default, but was at the very least an option on many of the jailbreak methods/apps). I suppose it depends on what they do these days.

You have this right. The hacker community is like any other den of thieves, the eventually start fighting each other since there is a lack of ethics and honor. I'm sure this virus is retribution from some face off that went down. Worst, over a girl.

You jailbreak your iPhone, you get what you deserve!

Wow - such sad, uninformed people...

Nobody I know who has jailbroken their iphones does it to steal anything - they do it to add functionality and ease of use that Apple SHOULD HAVE already built in to the device.

Seriously - Apple - put in functionality like SBSettings so that I can turn on/off bluetooth without going through several settings menus. Put in the functionality of Backgrounder so that I can check my email while playing Pandora - is that so hard?

You jailbreak your iPhone, you get what you deserve!

I love this statement such fanboyism

If they can get to a phone outside the AT&T network they can get to the same phones inside the AT&T network, me thinks this worm has originated from inside of Apple.

This one is only due to owners not changing the default pass word. That tells me it could also effect the other iPhones on the AT&T network, and lends credibility that Apple may very well be behind this.

Who else would spend the time to go after such a small user base as jailbreak iPhones.

Makes you wonder!

Yeah, I'm wondering all right. But it my thoughts have nothing to do with Apple or jailbroken iPhones. :rolleyes:

Mark

I love this statement such fanboyism

It's essentially true. You assume the risks, and if you get burned that's your problem. But don't expect Apple to approve of it, and don't be surprised when they advise against it.

How hard is it to require a password change upon installing SSH realistically?
For a start, there is no anti-virus or firewall for the iPhone so average joe user cannot protect themselves as they would with a computer.

Average Joe user does not jailbreak, and there is no security software for them because without JBing they don't need any; however, there is security software for JBen phones. Hopefully the next version of OpenSSH will automate changing the password.

Well this mess is showing me one thing. The basic security in the iPhone is pretty much crap and apple knows it. Hence the reason they are locking it down so tightly.

Apple could solve a lot of there bad press problem with jail breakers by giving them the basic features many of them are after or at least the common users are after.

1. Customizable themes,
2. Change the SMS sound

Minor things remove a lot of the incentive to jailbreak and leave it only to the more hard core geeks that know what they are doing. Apple current set up limits the iPhone so badly that the common users want to jail break and when they reach that point people do stupid things like not changing a default password.

It's essentially true. You assume the risks, and if you get burned that's your problem. But don't expect Apple to approve of it, and don't be surprised when they advise against it.

What part is true the fanboyism?

The risks are known. Many use this and other forums to stay up to date on what's going on in the world of apple products. Many here are trying to help people from getting burned and not wishing ill will on those that choose to extend the capabilities of their phone, like some posting in this thread are.

Apple approve of it. Who's asking apple to approve of it?
Advise against it, cmon I have a warning/link is in my signature....:eek:

Are we going to see "zombiPhones" -- iPhones taken over by malware without their owner's knowlege, then later used remotely by hackers whenever they want?

cheers, changed my root password to one I know. However user 'mobile' doesn't work.



#passwd mobile
Changing password for mobile.
Old password: dottie
Sorry


Doesn't like password dottie.

On iPhone open Cydia; Icy or Rock, and download MobileTerminal. Open MobileTerminal and enter the following commands (without the quotes and followed by a return).
'login root'
'alpine'
'passwd'
'my_new_root_password' (new password, 2x)
'login mobile'
'dottie'
'passwd'
'dottie' (old password)
'my_new_password' (new password, 2x)
Done (dont forget the new passwords ;-).

It's obvious jailbreak software should incorporate obligatory password change, but users must still be aware that more freedom comes with greater responsibilities.

http://support.apple.com/kb/HT3743

Unauthorized modification of iPhone OS has been a major source of instability, disruption of services, and other issues

Last Modified: July 30, 2009
Article: HT3743

As designed by Apple, the iPhone OS ensures that the iPhone and iPod touch operate reliably. Some customers have not understood the risks of installing software that makes unauthorized modifications to the iPhone OS ("jailbreaking") on their iPhone or iPod touch. Customers who have installed software that makes these modifications have encountered numerous problems in the operation of their hacked iPhone or iPod touch. Examples of issues caused by these unauthorized modifications to the iPhone OS have included the following:


Device and application instability: Frequent and unexpected crashes of the device, crashes and freezes of built-in apps and third-party apps, and loss of data.

Unreliable voice and data: Dropped calls, slow or unreliable data connections, and delayed or inaccurate location data.

Disruption of services: Services such as Visual Voicemail, YouTube, Weather, and Stocks have been disrupted or no longer work on the device. Additionally, third-party apps that use the Apple Push Notification Service have had difficulty receiving notifications or received notifications that were intended for a different hacked device. Other push-based services such as MobileMe and Exchange have experienced problems synchronizing data with their respective servers.

Compromised security: Security compromises have been introduced by these modifications that could allow hackers to steal personal information, damage the device, attack the wireless network, or introduce malware or viruses.

Shortened battery life: The hacked software has caused an accelerated battery drain that shortens the operation of an iPhone or iPod touch on a single battery charge.

Inability to apply future software updates: Some unauthorized modifications have caused damage to the iPhone OS that is not repairable. This can result in the hacked iPhone or iPod touch becoming permanently inoperable when a future Apple-supplied iPhone OS update is installed.

Apple strongly cautions against installing any software that hacks the iPhone OS. It is also important to note that unauthorized modification of the iPhone OS is a violation of the iPhone end-user license agreement and because of this, Apple may deny service for an iPhone or iPod touch that has installed any unauthorized software.

Thank you for trying to enlighten the benighted ones that jailbreak their phones and STILL complain about Apple's tight control of the app store...these malware couldn't come soon enough for those who ask for them.

And of course, congratulations to Apple for standing to its policy, which is MORE than wise in this context.

Well this mess is showing me one thing. The basic security in the iPhone is pretty much crap and apple knows it. Hence the reason they are locking it down so tightly.


It's funny how you ALWAYS find a way to blame ANYTHING that happens around Macs or iPhones on Apple, most of the time via absurd deductions. Why are you here at Macrumors, when it's so obvious that you must thoroughly dislike anything Apple? I really wonder.

About your statement: All systems that are not locked down are inherently unsafe. Some more, some less. But no open system is even remotely safe. No Windows, no Mac OS, no Linux. I know that you will claim now that Mobile Operating System X is so much safer than iPhone OS and Apple screwed it all up, which is complete nonsense, since you have nothing to back that up. The worm doesn't even exploit any security holes, but walks in thru doors, which were deliberately opened by the users themselves. Apple had good reasons to choose a locked down system. So far, this approach was beneficial for the common customer. The l33t guys can still jailbreak. It's not that Apple is sueing anyone of them, is it?

Well this mess is showing me one thing. The basic security in the iPhone is pretty much crap and apple knows it. Hence the reason they are locking it down so tightly.

Apple could solve a lot of there bad press problem with jail breakers by giving them the basic features many of them are after or at least the common users are after.

1. Customizable themes,
2. Change the SMS sound

Minor things remove a lot of the incentive to jailbreak and leave it only to the more hard core geeks that know what they are doing. Apple current set up limits the iPhone so badly that the common users want to jail break and when they reach that point people do stupid things like not changing a default password.

Nearly every manufacturer advises against tampering and/or that such tampering voids your warranty and could lock you out of support.

Common users want to jailbreak?? I'll wager that the average iPhone user has no idea what it is and has no interest in doing it.

Unauthorized modification of iPhone OS has been a major source of instability, disruption of services, and other issues


Got to love corporate FUD :rolleyes:

Thank you for trying to enlighten the benighted ones that jailbreak their phones and STILL complain about Apple's tight control of the app store...these malware couldn't come soon enough for those who ask for them.

THANK YOU SO MUCH SIR! I'm so "enlightened" now about my jailbroken phone. I guess I will just give up my multitasking, customized lockscreen, and tethering. Sure, my phone has never had the slightest problem, but because apple says it might crash and a few hundred people in a foreign country who didn't bother to change their password got a virus I suppose I should be terrified.


You jailbreak your iPhone, you get what you deserve!

I actually agree with this. I do deserve full control over a device I paid good money for. With jailbreaking, I got it :D

Got to love corporate FUD :rolleyes:



THANK YOU SO MUCH SIR! I'm so "enlightened" now about my jailbroken phone. I guess I will just give up my multitasking, customized lockscreen, and tethering. Sure, my phone has never had the slightest problem, but because apple says it might crash and a few hundred people in a foreign country who didn't bother to change their password got a virus I suppose I should be terrified.

It's a standard security warning. It makes complete sense for Apple to have posted it. Not FUD at all. It's for the protection of the consumer and to address Apple's liability in the matter as well. I should think customers have a right to know.

Is the OS X EULA "FUD" as well?? Because that FUD was just upheld in court.

Apple strongly cautions against installing any software that hacks the iPhone OS. It is also important to note that unauthorized modification of the iPhone OS is a violation of the iPhone end-user license agreement and because of this, Apple may deny service for an iPhone or iPod touch that has installed any unauthorized software.

cheers, changed my root password to one I know. However user 'mobile' doesn't work.



#passwd mobile
Changing password for mobile.
Old password: dottie
Sorry


Doesn't like password dottie.

That's because mobile's password is also "alpine". :)

I should think customers have a right to know.

Know what?
You hack things, you can break them. This is common sense.

But "the sky is falling" warnings they released are just an attempt to scare people away.



Is the OS X EULA "FUD" as well?? Because that FUD was just upheld in court.

What does the upholding of one clause of a contract have anything to do with a completely different contract?

I have a jailbriloken 3gs.
I have ING Direct.
I logged into my account last night.

This is what I needed to read for me to un-jailbreak. :eek:

So how do you change the password?

So how do you change the password?

http://www.f-secure.com/weblog/archives/cydia.htm

I have a jailbriloken 3gs.
I have ING Direct.
I logged into my account last night.

This is what I needed to read for me to un-jailbreak.

How about just changing the password? :rolleyes:

Nearly every manufacturer advises against tampering and/or that such tampering voids your warranty and could lock you out of support.

Common users want to jailbreak?? I'll wager that the average iPhone user has no idea what it is and has no interest in doing it.

With huge worms like this running a muck and spreading it tells me that Jail breaking as entered into the common user area and left the geek area.

When you start kissing the common user group worms used basic default crap like this take off. No way around that argument.

You do not have to look much farther than these forums to see people who jail broke for basic things like Customizable themes and custom SMS tones. Even on the themes it was to add BASIC functions to the phone.

Apple should take page out of microsofts book and look at what the jailbreakers/modders are doing and see why people are doing it and give it to them. Kills a lot of the inctivives to jail break.
The modding I am talking about is look at the Xbox compared to the 360. I personally knew a lot of people who modded there Xbox so they could turn it into a media center. Stream movies and music off there desktop or play files locally on the Xbox. Microsoft saw this and choose to open it to allow those things on the 360. Killed a lot of the incentives to mod it since now they gave the users the functions they wanted that did not involved playing pirated games.

Apple should do the same. If for no other reason than to stop this bad press. It does not matter if it is a jail broken phone because people will see iPhone hacked and it is dangous. If apple gave in to the basic functions it would greatly reduce the numbers of people wanting to jail break.

Fanatic fanboy "serves you jailbreakers right" shenannigans in 3....2...oh wait, I'm too late. :o


Anyway, I was hoping we'd see another nemesis with the next iPhone worm appear after Rick Astley. I was hoping for maybe Pedobear or Moot. :D

For those of us with jailbroken iPhones, I think hte most important point is:


how do you establish whether or not you have SSH installed?
how do you change the default password?


Many applications install other services whilst installing themselves - I'm not 100% sure I've not had SSH downloaded by another application.

Yes. Very interesting and important.

Back when I used to do it, installation of SSH was a checkbox or an option you could select to do (or was selected by default, but was at the very least an option on many of the jailbreak methods/apps). I suppose it depends on what they do these days.

Please more on this. Let's work that out. How do you install SSH on jb iPhone? Screenshots please. Thx in advance.

So how do you change the password?

One single page previous:

http://forums.macrumors.com/showpost.php?p=8860843&postcount=48

What happens when you install openSSH, forget to change passwords and un-jailbreak via iTunes restore? Open or close? (The latter I guess.)

How about just changing the password? :rolleyes:

It's just not worth it at this point. Sure streaming Slingbox via 3g is neat but I just can't risk my life savings to do it (no I don't need a lecture about jailbreaking or storing my $ in ING).

Say I change my password. What's next? Hackers never rest.

Simply change the default password or don't install OpenSSH. This is something that is not necessary to jailbreak your iPhone.

Average Joe user does not jailbreak, and there is no security software for them because without JBing they don't need any; however, there is security software for JBen phones. Hopefully the next version of OpenSSH will automate changing the password.

Exactly my point to some degree. Although I have people who jailbreak for themes and know nothing more. They're average joe users for sure.

With huge worms like this running a muck and spreading it tells me that Jail breaking as entered into the common user area and left the geek area.

When you start kissing the common user group worms used basic default crap like this take off. No way around that argument.

You do not have to look much farther than these forums to see people who jail broke for basic things like Customizable themes and custom SMS tones. Even on the themes it was to add BASIC functions to the phone.

Apple should take page out of microsofts book and look at what the jailbreakers/modders are doing and see why people are doing it and give it to them. Kills a lot of the inctivives to jail break.
The modding I am talking about is look at the Xbox compared to the 360. I personally knew a lot of people who modded there Xbox so they could turn it into a media center. Stream movies and music off there desktop or play files locally on the Xbox. Microsoft saw this and choose to open it to allow those things on the 360. Killed a lot of the incentives to mod it since now they gave the users the functions they wanted that did not involved playing pirated games.

Apple should do the same. If for no other reason than to stop this bad press. It does not matter if it is a jail broken phone because people will see iPhone hacked and it is dangous. If apple gave in to the basic functions it would greatly reduce the numbers of people wanting to jail break.

Great example. I can't speak for the rest of the world but within the circle of friends that hacked the original xbox haven't touched our 360s.

Unfortunately, I wouldn't expect apple to ever support the customer base in allowing such modifications as this will take away from their control, product recognition (because apple has stated apple customers can become confused easily) and additional resources to maintain the increased demands on the infrastructure to support the platform.
That is Apple's option and hence the continuing game of cat and mouse.

As we see more and more advances in the operability in the the jailbreak world, widgets, multiflow, advances in theming and etc, more and more people will jailbreak and more and more worms will be introduced.

Very good idea to add the link to the signature in all iPhone forums where you are posting (I will go to Touch Arcade next—it's done in one minute). Thx to Mac Rumors user and Demi-God bruinsme!

Very good idea to add the link to the signature in all iPhone forums where you are posting (I will go to Touch Arcade next—it's done in one minute). Thx to Mac Rumors user and Demi-God bruinsme!

Note that I also posted a link to apples warning.
I hope it helps others understand and also protect themselves if they choose to jailbreak.
Yes I jailbreak.

Note that I also posted a link to apples warning.
I hope it helps others understand and also protect themselves if they choose to jailbreak.

Added Apple Support link to the summary page because I have no more free letters left in my sig and it's a good idea as well. :)

Yes I jailbreak.

It may happen that I jailbreak sooner or later.

Well said.
As long as the user changes the root password there is nothing any worms or hackers can do to your iphone.
So save yourself any headaches and secure your device.
Dont leave the default password to "alpine"

Well, it's entirely the user's fault for not changing the root password for SSH.

It's like setting up a machine with no firewall and setting up SSH to be usable directly by root, with the root password as 'root.' Who would do that? Only a fool. :)

For those of us with jailbroken iPhones, I think hte most important point is:


how do you establish whether or not you have SSH installed?
how do you change the default password?


Many applications install other services whilst installing themselves - I'm not 100% sure I've not had SSH downloaded by another application.

Anybody? If you don't have "SSH" or "MobileTerminal" in your Cydia Packages list, does that confirm it definitely isn't installed?

http://news.bbc.co.uk/1/hi/technology/8373739.stm

This one looks a looks a bit nasty!

Yes, yet it won't affect me as I don't have OpenSSH installed.... honestly, if you put in OpenSSH, be sure to change your root password. If you don't what that password is, it's alpine.

Switch it!

OS X 10.6.2:


sh-3.2$ which sshd
/usr/sbin/sshd
sh-3.2$

OS X 10.6.2:


sh-3.2$ which sshd
/usr/sbin/sshd
sh-3.2$


Is this a reply to my post? If so, can you explain what this means/does? :)

If they can get to a phone outside the AT&T network they can get to the same phones inside the AT&T network, me thinks this worm has originated from inside of Apple.

This one is only due to owners not changing the default pass word. That tells me it could also effect the other iPhones on the AT&T network, and lends credibility that Apple may very well be behind this.

Who else would spend the time to go after such a small user base as jailbreak iPhones.

Makes you wonder!
You are accusing Apple of highly illegal activity aimed at their own customers without a single shred of evidence or even a plausible rationale. Let's break this down. For one thing, we know that the code necessary to write this worm was open-sourced about two weeks ago, plus it's pretty trivial to break into a phone running SSH with a default password. So literally any hacker in the world could have written this thing. The worm is stealing personal financial data, which would be useful to a criminal hacker, but not to Apple. Further, if Apple did this, they would be exposing themselves to a wave of lawsuits and PR that would cripple their entire brand. We are talking about literally billions of dollars down the drain. Yet somehow it makes sense to you that Apple would take this risk just to say "I told you so" (or something, you still haven't laid out what Apple's motivation would be).

You need to turn off the TV and try thinking about things a little bit before spewing out serious criminal accusations with zero credibility.

You are accusing Apple of highly illegal activity aimed at their own customers without a single shred of evidence or even a plausible rationale.

Yes, that's strange. Usually it's Microsoft that is accused of ....

:D

Well this mess is showing me one thing. The basic security in the iPhone is pretty much crap and apple knows it. Hence the reason they are locking it down so tightly.

Apple could solve a lot of there bad press problem with jail breakers by giving them the basic features many of them are after or at least the common users are after.

1. Customizable themes,
2. Change the SMS sound

Minor things remove a lot of the incentive to jailbreak and leave it only to the more hard core geeks that know what they are doing. Apple current set up limits the iPhone so badly that the common users want to jail break and when they reach that point people do stupid things like not changing a default password.
100% false. The security of the iPhone has absolutely nothing to do with this worm. The iPhone is a full-blown computer running a Unix OS. If you decide to run an SSH daemon with the default password on it, it's completely vulnerable to anyone who comes knocking. The only thing a manufacturer can do to prevent that is to make it difficult to install SSH with a default password.

Apple has already done that by providing an extremely secure configuration out of the box. You have to make a conscious decision to forfeit that built-in security and to take security matters into your own hands. If you're familiar with Unix, SSH and infosec in general, you're probably qualified to deal with that situation. Otherwise, you're really not qualified to jailbreak and would be better off buying a different phone if the iPhone is lacking features that you deem essential. So, no, this can in no way, shape or form be blamed on an intrinsic lack of security in the iPhone.

Yes, that's strange. Usually it's Microsoft that is accused of ....

:D
No, usually it's Microsoft that's convicted of... :D

Is this a reply to my post? If so, can you explain what this means/does? :)

I think he means that you open Terminal, type nothing but

which sshd

and hit return key. It will tell you if and where SSH is installed. Should work with Snow Leopard/Terminal.app and iPhone/Mobile Terminal (the latter after jailbreaking and installing Mobile Terminal).

No, usually it's Microsoft that's convicted of... :D

Actually, the difference is that Apple could do what Microsoft was convicted of, and it would be perfectly legal. In fact, many of the things that Apple does would land Microsoft in hot water.

On the other hand, the phone app accusations would be illegal in many/most jurisdictions regardless of who perpetrated the act....

100% false. The security of the iPhone has absolutely nothing to do with this worm...

(Deleted interesting words.)

Thank you, NSMonkey! Very clear and understandable even for not-native English speakers. What is the difference between my Mac OS X 10.6.2 with SSH, Terminal installed and an iPhone—jailbroken or not in terms of security? Thx in advance for clarification.

Should I change SSH password on my MacBook Pro?

If Apple wasn't so strict about what can and cannot run on your iPhone, people wouldn't need to jailbreak. Personally, I would never jailbreak my iPhone because I'm too afraid I might brick it. The only alternative was to not get an iPhone until it becomes a bit more fully-featured. Can't live without tethering, for example. My HTC does this perfectly. :cool:

Actually, the difference is that Apple could do what Microsoft was convicted of, and it would be perfectly legal. In fact, many of the things that Apple does would land Microsoft in hot water.

Wrong and myopic. When has Apple prevented OEMs from offering competing products? When has Apple abused their monopoly position in PC operating systems to kill off competing internet browsers in an attempt to control the format of internet content? Apple cannot do these things because they do not have a monopoly position in the PC market. Microsoft does and so, according to multiple courts of law, is subject to laws that attempt to limit the power of monopolies.

At the same time, it's true that any company can be convicted of anti-competitive behavior. They don't need to be of a certain size or control a certain percentage of a market. Apple could engage in anti-competitive behavior if they, for instance, offered retailers a financial incentive to NOT carry portable music players from other companies. And yet, Apple has never yet (to anyone's knowledge) engaged in these illegal practices. Microsoft has, multiple times.

Of course, you already know and understand this and yet prefer to propagate the tired old myth that poor Microsoft is unfairly held to a higher legal standard than Apple, even when there is zero evidence to back that up. Maybe you should think about why you choose to believe in such a silly idea.

When has Apple abused their monopoly position...

That's the exact point of my argument - since Apple doesn't have a monopoly position, it doesn't matter.
______________

One example. What if Microsoft and Intel got together, and Microsoft changed the boot-time CPUID check in the Windows kernel so that it wouldn't boot on any CPU but an Intel one?

Holy anti-trust hurricane, Batman!

On the other hand, what if Apple changed the boot-time CPUID check in the OSX kernel so that it wouldn't boot on a class of processors?

Wait, Apple did that in 10.6.2 !!

So the weakest link of dutch bank is ING, the one who bought barings bank

I bank with ING. The reason hackers are targeting this bank specifically is because they send TAN (Transaction authentication number (http://en.wikipedia.org/wiki/Transaction_authentication_number)) codes (necessary to approve a transaction when on-line banking) to your phone by SMS.

Other banks usually do this with a TAN-code calculator you receive when you open an account. Or sometimes with a paper list, if they are really old fashioned.

So hackers can read your TAN-code, if you're hacked. But they still have to know your username and password to enter. I guess that's where the fake app is for. Wow.

That's the exact point of my argument - since Apple doesn't have a monopoly position, it doesn't matter.

So you agree that having a monopoly position makes a company subject to a different set of legal circumstances. I guess you're still arguing because you don't understand the definition of anti-competitive behavior, which Apple could be convicted of if they engaged in it.


One example. What if Microsoft and Intel got together, and Microsoft changed the boot-time CPUID check in the Windows kernel so that it wouldn't boot on any CPU but an Intel one?

Holy anti-trust hurricane, Batman!

On the other hand, what if Apple changed the boot-time CPUID check in the OSX kernel so that it wouldn't boot on a class of processors?

Wait, Apple did that in 10.6.2 !!
Yes, if Microsoft and Intel colluded to put AMD out of business and therefore artificially drive up the price of CPU's, that would probably be deemed illegal, anti-competitive behavior. Of course, Intel can do this on their own by offering incentives to OEM's to not use AMD CPU's. In fact, Intel has been convicted (http://news.cnet.com/8301-13924_3-10395549-64.html) of this very practice.

Apple, unlike Microsoft, manufactures and sells PC hardware as well as software. As a hardware manufacturer, they are legally entitled to use and/or support whatever components they like, just like Dell can choose which CPU's and video cards they offer in their computers. As a software developer, Apple is also free to limit the hardware on which that software will run. This is no different than bundled software/hardware offerings from many other companies, including Microsoft.

While MS doesn't make PC's, they do make a gaming console. Afaik, the Xbox OS runs only on specific, MS-approved hardware and that hardware is built using specific, MS-chosen brands of CPUs and other components. And yet, they have neither been accused nor convicted of anti-competitive behavior for locking consumers into this very specific hardware/software combination.

Another big flaw in your example is that Microsoft's PC business strategy is completely software-centric. They don't compete in PC hardware and therefore they want to see hardware commoditized as much as possible. It's unthinkable that they would work directly against their core strategy by colluding with Intel against another CPU manufacturer, therefore reducing hardware competition and driving up prices.

Is any of this getting through or do I need to shoot down a few more of your examples?

I think Apple and their network partners will benefit from this "downside" to jail-braking. Even more so, any completely open system, will be hurt, like Palm WebOS, Android, etc. Apple couldn't have planned it better themselves. I know what you're thinking, but "No, Apple did NOT write the banking system trojan".

--
FW
"Can your phone and your network do that!"

So you agree that having a monopoly position makes a company subject to a different set of legal circumstances.

That was the foundation of my argument - since we both agree, why are you still arguing?

I just updated the often linked "Step-by-step guides summary on how to change SSH default passwords after jailbreak" earlier in this thread:

http://forums.macrumors.com/showpost.php?p=8860843&postcount=48

Maybe some1 could have a look at it for content or spelling errors, thx in advance.

Apple's quote is a mess.

"The worm affects only a very specific set of iPhone users who have jail broken their iPhones and hacked it with unauthorized software," Apple spokesperson, Natalie Harrison, told The Loop. "As we've said before, the vast majority of customers do not jailbreak their iPhones, and for good reason. These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably."


I like how it implies the vast majority of customers do not jailbreak their phones because "it violates the warranty"... I'm pretty sure the majority don't know what it is, and many more might want it if they knew about it.

And, they "will" cause the iPhone to become unstable, like it's a sure thing... :rolleyes: Sure, i could *choose* to install something that makes it unstable...

Also interesting that none of the Apple responses to jailbreaking (in this story/thread) make the claim that lots of people on these forums do, that it's "illegal". Does anyone have a link to something from Apple saying that users are breaking (at least US) law by jailbreaking?

Apple's quote is a mess.

"The worm affects only a very specific set of iPhone users who have jail broken their iPhones and hacked it with unauthorized software," Apple spokesperson, Natalie Harrison, told The Loop. "As we've said before, the vast majority of customers do not jailbreak their iPhones, and for good reason. These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably."

Interesting indeed. It's the first time as far as I can remember that warranty violation after jailbreak is "official". Thanks for pointing that out, blackcrayon!

Also interesting that none of the Apple responses to jailbreaking (in this story/thread) make the claim that lots of people on these forums do, that it's "illegal". Does anyone have a link to something from Apple saying that users are breaking (at least US) law by jailbreaking?

All I could find in my archives is a "Responsive Comment of Apple Inc." before the U.S. Copyright Office. That was in the middle of february 2009 and the first reference of "jailbreak" in an official Apple document:

http://www.copyright.gov/1201/2008/responses/apple-inc-31.pdf

The response came months after "Comments of the Electronic Frontier Foundation" (december 2008):

http://www.eff.org/files/filenode/dmca_2009/EFF2009replycomment_0.pdf

I think this may be one of the silliest posts I have ever read on this site. I simply cannot follow the logic here. I cannot think of a hypothetical situation where it would be in Apple's corporate best interest to develop and release a worm for the iPhone, jailbroken or not.

I agree completely. Some of the nonsense posted here is beyond belief. Get real people! This is not Roswell, NM.

That was the foundation of my argument - since we both agree, why are you still arguing?
You know, I've seen you employ this tactic before. You're clearly losing an argument and you can't respond to the points brought up so you try to end the conversation. Sorry, but I won't fall for it. I'm arguing with the following statements:

Actually, the difference is that Apple could do what Microsoft was convicted of, and it would be perfectly legal. In fact, many of the things that Apple does would land Microsoft in hot water.


In fact, Apple could not do what Microsoft was convicted of without also being guilty of a crime. Microsoft was convicted of anti-competitive behavior. Anyone can engage in anti-competitive behavior even if they don't dominate a market (although admittedly, it helps). Apple, unlike Microsoft, has chosen to focus on competing rather than stifling competition.

Take the issue of Microsoft bundling IE to kill off Netscape and the subsequent conviction in 'United States v. Microsoft'. MS was not convicted of simply bundling a browser with their OS (in the same manner that Apple bundles software with OS X). They were convicted of acting in a monopolistic manner by taking deliberate steps to cripple the installation and operation of Netscape on Windows and to make it artificially difficult to uninstall IE. While their dominant market position did play a part in the ruling, they were found to have committed deliberate acts of monopolization, which is quite a bit different than just happening to have a really successful product and a dominant market share. As is the case in most legal issues, intent matters. Microsoft's intention was not just to compete with but to shut down the competition by any (illegal) means necessary. Apple, on the other hand, does not cripple competitor's software and does not prevent you from uninstalling bundled Apple applications. If they did those things, like Microsoft has, they would open themselves up to the same legal troubles.

As an example of Apple choosing not to engage in anti-competitive behavior when given the chance, look at the iPod. The iPod happens to be a very successful product that dominates its market. But Apple has not committed acts of monopolization to sustain that market share. They have not pressured distributors to stop carrying competitor's products, they aren't preventing competitors from accessing a user's music, pictures or video to sync to their own device (Apple won't allow other companies to profit by using iTunes built-in sync features, but anyone is free to write a sync implementation that directly accesses iTunes content) and they aren't preventing anyone from writing software to compete with iTunes. Notably, they also haven't attempted to tie your content to their own, proprietary formats as Microsoft has tried to do time and again.

I don't mean to dismiss the point on which we agree: yes, there are some areas where Microsoft is held to a different legal standard than Apple due in part to Microsoft's > 90% share of the PC market. But Microsoft's legal circumstances are also due in part to the fact that they've been convicted of abusing that position, multiple times. So, in much the same way that a convicted child molester is subjected to certain restrictions and suspicions to which the rest of us are not, many governments and corporations (parties likely to file suit) are understandably more wary of Microsoft than they might be of companies with less criminally tainted histories.

One further point is that Microsoft already does "many of the things Apple does". Things that, by your logic, should be illegal for Microsoft to do. One of the best examples is the XBox, which I'll bring up again since you ignored it the first time. The XBox is an entirely "closed" system in that the OS runs only on a restricted set of approved hardware. This is exactly the situation on the Mac and yet people like yourself love to point and say "Microsoft could never get away with that!". But they do, and it's fine because it's not anti-competitive. Let me repeat: making and selling a hardware-restricted computing platform is not in any way illegal for either Microsoft or Apple.

This has been fun so far. Do you have any other examples besides the "If Microsoft colluded with Intel it would somehow equal Apple not supporting the Atom" thing? Because that one was really, really weak.

Also interesting that none of the Apple responses to jailbreaking (in this story/thread) make the claim that lots of people on these forums do, that it's "illegal". Does anyone have a link to something from Apple saying that users are breaking (at least US) law by jailbreaking?

Jailbreaking violates Apple's iPhone EULA. A court alreay upheld OS X's EULA, after upholding a long string of EULAs. So draw your own conclusions.

http://www.apple.com/legal/sla/docs/iphone.pdf

Section 2(c) of the Apple iPhone Software License Agreement provides that:

You may not and agree not to, or enable others to, copy (except as expressly permitted by this License), decompile, reverse engineer, disassemble, attempt to derive the source code of, decrypt, modify, or create derivative works of the iPhone Software or any services provided by the iPhone Software, or any part thereof (except as and only to the extent any foregoing restriction is prohibited by applicable law or to the extent as may be permitted by licensing terms governing use of open-source components included with the iPhone Software). Any attempt to do so is a violation of the rights of Apple and its licensors of the iPhone Software.

Further, the DMCA entitles Apple to block interoperability with anything that has not been approved by Apple.

http://support.apple.com/kb/HT3743

Apple strongly cautions against installing any software that hacks the iPhone OS. It is also important to note that unauthorized modification of the iPhone OS is a violation of the iPhone end-user license agreement and because of this, Apple may deny service for an iPhone or iPod touch that has installed any unauthorized software.

The only iPhones that are vulnerable to the Duh Worm are "jail broken" phones, where users disable key Apple security features to get around the terms of usage agreement that they are designed to enforce.

The virus has been detected in the Netherlands and can only attack iPhones whose users have disabled some pre-installed security features, according to analysts monitoring the progress of the virus.

"These hacks not only violate the warranty, they will also cause the iPhone to become unstable and not work reliably.""

Great. So when is Apple going to fix my iPhone? Note that my iPhone isn't jailbroken, and yet my screen blanks (turns black) for no apparent reason. No way to get pass it. And thus the Apple iPhone already has some technical issues and limitations, and this without jail breaking.

Note: There are 18 people in my area with the same problem and all Apple really does is to replace the iPhone. Same problem alter six months. So much for Chinese quality.

Jailbreaking violates Apple's iPhone EULA. A court alreay upheld OS X's EULA, after upholding a long string of EULAs. So draw your own conclusions....
So when was the last time you smoked pot? I mean we're talking about The Netherlands. Liberal thinking. Tons of freedom. No way Apple is lucky there.

As long as the user changes the root password there is nothing any worms or hackers can do to your iphone.

Unfortunately, the jailbreak community is advertising the jailbreak utilities to millions of users who have no clue what an ssh password is, much less how to change it.

And exactly how do you know that ssh is the only app that is dangerous when run outside the iPhone OS sandbox?

How about just changing the password? :rolleyes:

After the phone has already been on the net with the default password? Nuts! The phone could well have already gotten a nasty backdoor and rootkit installed, and is now 0wn3d by some botnet. Changing the ssh password does nothing to clean up that mess. Only way to clean up for sure is to reinstall a new OS using DFU mode, and set up the device as new.

One of the best examples is the XBox, which I'll bring up again...

The XBox is an irrelevant example. The courts declared that Microsoft has a monopoly position in personal computer operating systems.

That doesn't affect Microsoft's hardware and other businesses, which are not monopolies.

After the phone has already been on the net with the default password? Nuts! The phone could well have already gotten a nasty backdoor and rootkit installed, and is now 0wn3d by some botnet. Changing the ssh password does nothing to clean up that mess. Only way to clean up for sure is to reinstall a new OS using DFU mode, and set up the device as new.

Very good security hint. Thank you, firewood! Updated again Step-by-step guides summary (http://forums.macrumors.com/showpost.php?p=8860843&postcount=48).

So please help me to clarify: When exactly should a jailbreaker change the two SSH default passwords after downloading and installing OpenSSH? Before activating OpenSSH in SBSettings? (Is it possible to change passwords without activating?) What's about using Airplane Mode just to be sure that the iPhone is not online? Bots can be pretty quick. Thx in advance for any hints.

Should I add in the summary:

Change the passwords before activating OpenSSH!

So when was the last time you smoked pot? I mean we're talking about The Netherlands. Liberal thinking. Tons of freedom. No way Apple is lucky there.

Never have. Am I missing something?

Answer to your question is below. It's the same, more or less, but with a couple of differences.

http://www.osnews.com/story/19682/The_Legality_of_EULAs_in_The_Netherlands

The dreadful EULA

First, let me explain what an EULA actually is. The End User License Agreement details how you may use the software it applies to. When you go to the store to buy Super Awesome Garden Designer 8.0 Ultimate Edition, you do not actually buy the software in question - you buy the right to use said software. Software falls under copyright law, and as such, the author must grant you the right to use that software - and for that right, you pay money.

In The Netherlands, an EULA constitutes as a contract, and as such, you need to treat an EULA according to Contract Law. According to Engelfriet, this means there are four important steps in the process of establishing the legal power of an EULA: the formation of the contract, the offering of the contract, nullification of terms in the contract, and possible interference of other, possibly higher laws. Let's start at the beginning.

Formation

For a contract to actually be a contract in the first place, there needs to be a party offering something, and a party accepting that offer. In the case of software, the offered something is the right to use that software. If you acquire software via legal means, you technically don't need an EULA at all.

Software distributors solved this issue by forcing you to agree or disagree with the EULA during the installation process, before you can actually use the software - disagreement terminates the installation procedure, meaning you can't use the software. According to Engelfriet, this is a legally sound construction in The Netherlands, as the distributor is not legally obliged to offer you a choice between the terms of the EULA, or the normal user rights regarding software as defined by article 45j and 45k of Dutch copyright Law (you are allowed to run software on one machine, and you are allowed to make a backup).

So, a software distributor may force you to agree or disagree with the EULA, even of if disagreement means you can no longer use that software. This seems awkward, and brings us to step two.

Offering

According to the anonymous source, the terms of an EULA are the same for all customers, and as such, they legally constitute as 'algemene voorwaarden' (conditions/terms of use). Engelfriet agrees with this position. However, for conditions of use to be valid in The Netherlands, they have to meet certain criteria.

The first criterion is that the conditions of use must be presented prior or during the making of the agreement; in case of software bought in retail stores, it would be easy to argue the agreement is made during the actual purchase, which would mean that if an EULA is not presented then, it would be invalid.

However, there is a catch. To make sure that conditions of use (think: "all customers must wear a pink hat while in this store") do not have to be specifically presented to each user, Dutch law states that telling a user that the conditions of use can be found at location xyz, without specifically stating the conditions themselves, is also a valid way of presenting conditions of use, regardless of whether the user actively agrees with the conditions or not. In the case of an electronic sale, there is an extra requirement (besides presenting them electronically): the user must have the ability to save the conditions of use (to a file).

The second criterion states that the conditions of use must be presented in the right way. As Engelfriet explains:

The main rule is that you should get a piece of paper on which the EULA can be found. When an EULA is only presented on-screen, it constitutes as an electronic agreement. Law then states that the EULA must be presented in such a way that it can be saved so that it is accessible at a later time. A .pdf or .doc file included in the zipfile satisfies this demand.

This last demand is crucial. The ability to copy/paste the text into a separate file does not satisfy this demand, as it requires too much effort on the user's end. If there is no straightforward way to reread the EULA at a later date, it is invalid.

Obviously someone who installs OpenSSH to copy and move files to his iphone should change the root password. Or not install SSH at all.
Without SSH installed or with the password changed an attacker has no other way or getting remote acess to ones iphone.
Not everyone who jailbreaks has ssh installed.

Unfortunately, the jailbreak community is advertising the jailbreak utilities to millions of users who have no clue what an ssh password is, much less how to change it.

And exactly how do you know that ssh is the only app that is dangerous when run outside the iPhone OS sandbox?

This is what happens when you get two idiots who think they are going to do the world a favor and point out the SSH password issue.
You get people who notice the impact and make it far worse.

This is what happens when you get two idiots who think they are going to do the world a favor and point out the SSH password issue.
You get people who notice the impact and make it far worse.

Only impacts the idiots who ignore recommendation to change the default password.

Unfortunately, the jailbreak community is advertising the jailbreak utilities to millions of users who have no clue what an ssh password is, much less how to change it.

And exactly how do you know that ssh is the only app that is dangerous when run outside the iPhone OS sandbox?

I don't recall reading anywhere that jailbreaking is risk free.

In fact one of the links in my signature is the one where Apple had warned and continues to warn against jailbreaking.

The jailbreaking community is also ensuring the word is getting out about these security issues; on their pages, forums, and posting step by step how to's. There will always be a victims as not everyone chooses or cares to stay up to date on the latest happenings.

Never have. Am I missing something?

Answer to your question is below. It's the same, more or less, but with a couple of differences.

http://www.osnews.com/story/19682/The_Legality_of_EULAs_in_The_Netherlands

...[
Nice. So much for Dutch freedom. Good for Apple.

Well, it's entirely the user's fault for not changing the root password for SSH.

It's like setting up a machine with no firewall and setting up SSH to be usable directly by root, with the root password as 'root.' Who would do that? Only a fool. :)

There's a great book by Cliff Stoll called the Cuckoo's Egg, that is about this very thing - major universities and government agencies being hacked because the default Unix root account password was left unaltered. Sad to say the book was written about 20 years ago, and the situation is still common.

-B

So when was the last time you smoked pot? I mean we're talking about The Netherlands. Liberal thinking. Tons of freedom. No way Apple is lucky there.

Always nice to see The Netherlands in once simple phrase with pot....
What do you think we're doing up here... Watch some dutch tv, (http://www.nederland24.nl/) and see that not all of us are smoking! haha :D

Meanwhile:
Official statement from ING:
http://www.ing.nl/particulier/internetbankieren/veilig-internetbankieren/veiligheid-update-mijn-ing/update-23-november-2009.aspx (use google translate :P)

And apparently the worm tries to infect other jailbroken iPhones too:
http://macwereld.nl/nieuws/2009/11/nieuwe_jailbreaksshworm_infecteert_ook_andere_iphones (use google translate :P)

Didn't see any message yet on the t-mobile.nl (http://www.t-mobile.nl/persoonlijk/htdocs/page/shopping/product/iphone.aspx)site

The XBox is an irrelevant example. The courts declared that Microsoft has a monopoly position in personal computer operating systems.

That doesn't affect Microsoft's hardware and other businesses, which are not monopolies.

The courts ruled that Microsoft committed acts of monopolization, not that they just happened to have a dominant market share. The difference being that one involves breaking the law (repeatedly, in Microsoft's case) while the other does not.

You said that "many of the things that Apple does would land Microsoft in hot water" yet you're unable to come up with even a single compelling example (your hypothetical collusion example was weak and far-fetched). My point stands: you're peddling a popular but untrue pro-Microsoft myth.

You said that "many of the things that Apple does would land Microsoft in hot water" yet you're unable to come up with even a single compelling example (your hypothetical collusion example was weak and far-fetched). My point stands: you're peddling a popular but untrue pro-Microsoft myth.

Apple includes a default web browser with its OS. Microsoft is not allowed to do that in Europe. http://arstechnica.com/microsoft/news/2009/10/microsoft-investigation-nears-end-as-eu-oks-browser-ballot.ars

How's that for a single compelling example?

Apple includes a default web browser with its OS. Microsoft is not allowed to do that in Europe. http://arstechnica.com/microsoft/news/2009/10/microsoft-investigation-nears-end-as-eu-oks-browser-ballot.ars

How's that for a single compelling example?

Yea, but didn't that all start out because Microsoft was trying to lock in a market with IE? While Safari is completely 100% W3C.

Only impacts the idiots who ignore recommendation to change the default password.

Wrong.

It "impacts" a lot of people, especially the people at Apple. It gives them a bad reputation because many people don't even know what jailbreaking is, and will simply associate this as an iPhone worm.

Yea, but didn't that all start out because Microsoft was trying to lock in a market with IE? While Safari is completely 100% W3C.

Opera is an EU company, and complained to the EC about IE. The EC is protecting an EU company from the evil monopolizer.

Anyway, the example shows something that Apple is doing, and Microsoft is prohibited from doing the same thing. A simple, compelling example of the point of an earlier post of mine.

more attacks on iphones is not good. at least there is an easy way to prevent this one though

Opera is an EU company, and complained to the EC about IE. The EC is protecting an EU company from the evil monopolizer.

Anyway, the example shows something that Apple is doing, and Microsoft is prohibited from doing the same thing. A simple, compelling example of the point of an earlier post of mine.

Well maybe they should make Opera suck less. Actually try make a nice UI.