Posted 11/09/09 at 06:07:26 PM by Ryan Whitwam

Apple told us jailbreaking wasn’t a good idea. Sure, we mocked them at the time, but it is looking a little less safe these days. The first iPhone worm has been discovered affecting iPhones in Australia. The virus takes advantage of a massive security hole in the SSH client for jailbroken phones. The “ikee” worm is fairly benign, simply changing the user’s wallpaper to a picture of Rick Astley of “Rickroll” fame.

As it turns out, the default password for the SSH client is ‘alpine’. The worm accesses the phone via this route, and then attempts to infect other phones on the network. The worm’s creator, a 21 year-old student, said in an interview, “The virus itself is not malicious and is not out to hurt people. It's just poking fun and hoping waking people up a little.”

Un-jailbroken phones, and jailbroken phones that don’t have SSH installed are not vulnerable. Jailbreakers should head to the Cydia store, and use the Mobile Terminal app to change their default password. With a zillion iPhones out there, it was only a matter of time.

Read More

Posted 02/06/09 at 12:00:00 AM by Will Kraft

Today, we live in a world of rapidly diminishing privacy. If you use your employer's email system, it is possible that every message you send or receive is logged and intercepted without your knowledge. This may have unintended or even disastrous consequences if an intercepted email message contains sensitive personal information. Unless your email goes through Secure Socket Layer (SSL) protected connections, your email is vulnerable to what is known in the IT security field as man-in-the-middle attacks, where an attacker can intercept your message as it flies to its intended recipient.

Email is sent in a format that is easily readable if an attacker can grab and reconstruct enough pieces (packets) from the data transmission with packet sniffing software. Technologies like deep packet inspection make it theoretically possible that any given message that goes over the internet can be sniffed and read by third parties who have the right software and know-how. (the feds, your ISP, etc.) While no one may have a real reason to spy on you, relying solely on security through obscurity has always been a poor policy to live by. Because of this, encryption is the only real option you can trust. We teach you how to put your emails in a lockbox before sending them off to their destinations.

Read More