Linked by Thom Holwerda on Mon 9th Nov 2009 23:39 UTC
Apple The web went aflame today with headlines like "First iPhone worm discovered", and many other variants. Most of those headlines, however, left out a very important little fact which diminishes the impact of the news considerably: it only affects jailbroken iPhones with SSH installed, and with default root passwords.
Thread beginning with comment 393841
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Smart and dumb?
by broch on Tue 10th Nov 2009 14:55 UTC in reply to "RE: Smart and dumb?"
broch
Member since:
2006-05-04

bull,
SSH utility for iPhone does not have command prompt to allow password change. One needs to install additional app or log in from computer.. which might be too late already.

First run of ssh in iPhone is useless if it does not allow to change password.

But what one would expect from the device that is not designed with security in the mind?
Maybe Apple should start paying more attention to security instead of worrying if application containing word iPhone (e.g. iPhone reference manual) will be admitted to Apple store or not.

Edited 2009-11-10 14:56 UTC

Reply Parent Score: 0

RE[3]: Smart and dumb?
by ageitgey on Tue 10th Nov 2009 23:55 in reply to "RE[2]: Smart and dumb?"
ageitgey Member since:
2009-11-10

SSH utility for iPhone does not have command prompt to allow password change. One needs to install additional app or log in from computer.. which might be too late already.

...

But what one would expect from the device that is not designed with security in the mind?


What you have said is just profoundly silly. The SSH utility is a binary compiled and added by the jailbreakers. It's not something that comes with the iPhone nor shipped by Apple. The lack of an automatic way to change your password by default is completely the fault of the jailbreakers, not Apple.

Apple didn't provide any means for remote access so they certainly can't be faulted for not having "security in mind" if you hack in your own remote access tools and don't change the password.

That would be like faulting Honda for installing poor fire retardant materials in their cars after strapping your own homemade jet engine on the back. If the car explodes in a ball of flame due to your jet engine, it wouldn't be fair to then say that Honda doesn't design cars with safety in mind.

Reply Parent Score: 1

RE[4]: Smart and dumb?
by broch on Wed 11th Nov 2009 15:17 in reply to "RE[3]: Smart and dumb?"
broch Member since:
2006-05-04

nope:
symbian and blackberry require signed apps and don't give root access to most of the apps in contrast to iPhone.
If application does not allow password change, then root access should not be allowed.
As I said this is insecure device. Has nothing to do with crappy car comparison. Bad design is bad design.

Reply Parent Score: 0

RE[3]: Smart and dumb?
by ari-free on Thu 12th Nov 2009 06:14 in reply to "RE[2]: Smart and dumb?"
ari-free Member since:
2007-01-22

"Maybe Apple should start paying more attention to security instead of worrying if application containing word iPhone (e.g. iPhone reference manual) will be admitted to Apple store or not."

It's actually creating the problem. More and more iphone users (not hacker geek types) want to jailbreak just so they can get all the apps that Apple blocks.

Reply Parent Score: 2