Change your iPhone’s  root and mobile account passwords immediately after installing OpenSSH! In fact, ideally do so using MobileTerminal before installing OpenSSH.

Long version

So I’m pretty embarrassed. I found out in December (by complete chance) that my iPhone 3GS was infected with the Ikee worm, and had been ever since July 7th 2011 (5 months!). I happened to be browsing the phone’s crashlogs (at /System/) and noticed recent and repeated crashes by a process named poc-bbot. “A filename containing ‘poc’ and ‘bot’? Gotta be fishy” I thought. And Google very quickly confirmed my fears; poc-bbot is the main binary of Ikee.A, .B and .C.

Now I’ve never seen the gurning fizzog of Mr. Astley as my lockscreen background, so evidently the virus never managed to deploy it’s payload. My hypothesis is that it was written when iOS3 was current, and changes in iOS4 rendered it ineffective.

The good news is that removal is quite trivial, and the only cost to me appears to have been poor battery life for the last 5 months. But how did it get in? I consider myself pretty diligent regarding security. Well, this worm operates by scanning IP address ranges looking for iPhones and, when one is found, attempting to log in via SSH using the default root password, alpine.

If your phone is not jailbroken you won’t even have an SSH server installed, let alone running so the worm only affects jailbroken phones. Checking datestamps of various files shows that I jailbroke my phone on July 6th 2011 and installed OpenSSH, then the following day changed the passwords for the two accounts. Evidently then I was infected in this 12 hour-or-so window between installing the SSH server and changing the default password.

Now why didn’t I change the passwords first you ask? Well, there is but one app for iPhone that provides a local terminal window – MobileTerminal – and for reasons unclear the version available in one of the default Cydia repositories does not run on iOS  and higher. Consequently at the time I thought that it was no longer supported and I was SOL. The only other way to change the password was to log in via SSH using the default password, then change it immediately; this was the route I chose but I was foolish not to do so immediately after installing OpenSSH.

Moral of the story? Either isolate the phone from the internet before starting up OpenSSH, or try harder to get MobileTerminal installed!

Wi-Fi Sync 1.1a uses port 48281 (TCP and possibly UDP)

WiFi Sync 2.0ß (build 97) uses port 14867 (TCP)

Is Apple’s solution to educate the masses about file ownership? Oh no no, if Johnny wants to delete a folder full of files he should just be able to right? Regardless of whether his account created the files right? That’s “it just works” in action right?? So what do they do? They have a helper (hah!) application with admin rights that Finder can kick off to merrily delete files that you don’t have the rights to delete. Neat huh? This aberration’s name? Locum.

A nice analysis here for those of you who grok Unix. The author makes a number of hopeful assumptions that Apple have put in the necessary checks and balances to ensure this little bugger is not misappropriated. Given the greater attention iOS has been receiving in Cupertino for the last few years I’m afraid I don’t share his optimism.

Then I saw the graph on this recent follow-up from The Register; fully 16% of successful infections are on Macintosh. Given it’s relatively miniscule market share compared with Windows that is a HUGE infection rate! It just goes to show that the average Maccie is no smarter than any other computer user and will gaily click on any link if the social engineering is good enough ;-P

Front and centre on my desk is my work laptop; a big old HP Workstation, and the PowerBook always sat to it’s left. If only I noticed months ago that the exhaust vents for the cooling are at the back left corner, and that the intakes for the PowerBook are along the back behind the screen hinge…

So I checked the specs – the PowerBook’s top operating temp is 35ºC. The ambient temperature in the room was 26ºC. Then I put the thermometer behind the Mac….  33ºC! Okay so supposedly the Mac can take that, but for days and weeks on end?? I would imagine not.

Moral of this sad story? Always check where your laptop gets it’s cooling airflow from. Oh, and the new Macbook Pro now sits on the right hand side of the killer PC ;o)

Here’s step three – a missive recently sent out to all OS X Developers who have apps hosted at Apple’s Mac OS X Downloads site.

Thank you for making the Mac OS X Download site a great destination with apps that offer users new ways to work, play, learn, and create on their Mac.

We recently announced that on January 6, 2011, the Mac App Store will open to users around the world, presenting you with an exciting, new opportunity to reach millions of customers. Since the introduction of the App Store in 2008, we’ve been thrilled with the incredible support from developers and the enthusiastic response from users. Now we’re bringing the revolutionary experience of the App Store to Mac OS X.

Because we believe the Mac App Store will be the best destination for users to discover, purchase, and download your apps, we will no longer offer apps on the Mac OS X Downloads site. Instead, beginning January 6, we will be directing users to explore the range of apps available on the Mac App Store.

We appreciate your support of the Mac platform and hope you’ll take advantage of this new opportunity to showcase your apps to even more users. To learn how you can offer your apps on the Mac App Store, visit the Apple Developer website at .

Best regards,

Ron Okamoto
Vice President, Worldwide Developer Relations
Apple Inc.

The short version? Apple are closing their Mac OS X Downloads site. The long version? OS X Lion (or whatever cat follows that) will make app code signing mandatory and suddenly if you’re not in Apple’s cosy little walled garden you’re out in the cold, and your laptop joins your phone in being a device that you rent from Apple rather than actually own outright.

In the face of this disappointing future, three cheers for Jay Freeman (saurik) for his recent announcement of ‘Cydia for Macintosh’ – at least there’s one person out there who sees the way the wind is blowing and is in a position to do something about it. Note that it is very relevant that Jay sees that in the main Cydia contains ‘system tweaks’ rather than applications. Fighting Apple’s lockdown of your iDevice (whether phone, pad, or laptop) is and has always been more about giving you back complete ownership over the device you paid for rather than running any particular application on it.

Facebook’s Eroding Privacy Policy: A Timeline

In short, Facebook started out stating that your data would only be shared with other Facebook users, and then only those in groups you specified in your privacy settings.

Contrast that with the current policy whereby your name, picture, list of friends and more are considered public information (AS IF!) and much of your data is shared with Facebook’s partner sites whether you like it or not.

See Rixstep’s coverage for further redux.

The trick is that you need to quit Mail in order to force it to _truly_ delete the messages and hence allow the server to do so.