Common Paradox Tech Blog

nk497 writes “F-Secure researchers are calling attention to the fact that it’s impossible to run third-party anti-virus on iPhones, because the SDK doesn’t allow for it. It’s a problem, as they claim malware will start to target the phone. ‘None of the existing anti-virus vendors can make one, without help from Apple,’ chief research officer Mikko Hypponen said. ‘Apple hasn’t been too interested in developing antivirus solutions for the iPhone, because there are no viruses, which of course, isn’t exactly true.’ At the moment, the only worms faced by the iPhone have targeted unlocked, jailbroken devices — so Apple’s not too bothered protecting users of such phones.” While Apple claims that the iPhone’s closed nature offers protection to its users, and security vendors maneuver for a piece of a market now closed to them, clearly both sides are pushing their own self-interest.

Read more of this story at Slashdot.

Our podcast feed
Download Directly
Subscribe via iTunes

Join Rene, Chad, and Michael Manna of the T4 Show for AT&T and Apple ads strike back, Schiller speaks, the WebApps alternative, Jailbreak worms, Chrome OS, and all the week’s news! Listen in!

Credits

Thanks to the the iPhone Blog [...]

This is a story by the iPhone Blog. This feed is sponsored by The iPhone Blog Store.

TiPb Presents: iPhone Live! #77 — Apple Strikes Back!

We’ve told you over and over again that you need to secure your jailbroken iPhone. If you still haven’t listened and were affected by the latest iPhone worm then it is kinda your own fault. Even Apple thinks so.

Aside from blaming the victims, I don’t exactly entirely agree with Apple’s statement. It’s not the actual jailbreaking that exposed iPhones to these ridiculous worms, it’s simply the fact that a lot of people install and enable SSH without changing the default root password. If you don’t miss that important step, a jailbreak could almost be considered an improvement. After all, it allows you to use Google Voice, multitasking interfaces, and a bunch of apps otherwise unavailable. So don’t let the big A scare you. Just practice safe jailbreaking, kids. That’s all.

PS: If you still don’t know how to protect yourself from this silliness, it’s easy: Go into Cydia, install the MobileTerminal app, and use the passwd command to change the default from “alpine”, to something that won’t leave you in need of a de-worming. [Loop Insight]

A couple of weeks ago, the first iPhone worm appeared, spreading on jailbroken devices with the SSH application installed (vulnerability being the fact that many users haven’t changed the default root password). As far as worms go, this one was quite benign, merely “rickrolling” users; i.e., changing the background image on the device to an image of Rick Astley.

Now, according to early reports of strange activity by Dutch ISP XS4ALL, and later confirmed by Sophos, there’s a new worm in the wild, and this one is far more malicious.

The new worm is called “Duh” or “Ikee.B”, and it uses the exact same vulnerability as the first one. The fix is thus identical – change the root password in the SSH application to something other than the default, which is “alpine”.

Failing to do so might result in very serious consequences. According to Sophos, Ikee.B is “designed to connect to a server in Lithuania and to follow orders from remote hackers.” It can find vulnerable iPhones on a wide range of IP addresses, including IPs in several different countries, for example the Netherlands, Portugal, Australia, Austria, and Hungary. Furthermore, it changes the root password on the iPhone to “ohshit” (as discovered by Paul Ducklin, head of technology in Sophos Asia Pacific.)

Users who haven’t jailbroken their iPhone or haven’t installed the SSH application are not affected by this vulnerability.

Reviews: Australia

Tags: iphone, security, trending

Unexpof writes “Users of jailbroken iPhones in Australia are reporting that their wallpapers have been changed by a worm to an image of ’80s pop icon Rick Astley. This is the first time a worm has been reported in the wild for the Apple iPhone. According to a report by Sophos, the worm, which exploits users who have installed SSH and not changed the default password, hunts for other vulnerable iPhones and infects them. Users are advised to properly secure their jailbroken iPhones with a non-default password, and Sophos says the worm is not harmless, despite its graffiti-like payload: ‘Accessing someone else’s computing device and changing their data without permission is an offense in many countries — and just as with graffiti there is a cost involved in cleaning-up affected iPhones. … Other inquisitive hackers may also be tempted to experiment once they read about the world’s first iPhone worm. Furthermore, a more malicious hacker could take the code written by ikee and adapt it to have a more sinister payload.’”

Read more of this story at Slashdot.

CWmike writes “Microsoft said today that computers in countries with high rates of software piracy are more likely to be infected because users are leery of applying security patches. ‘There is a direct correlation between piracy and the malware infection rate,’ said Jeff Williams, head manager of the Microsoft Malware Protection Center. Highlighting research that showed worms to be the most prevalent computer security problem today, Williams said the link between PC infection rates and piracy is due to the hesitancy of users of pirated software to use Windows Update. China’s piracy rate is more than four times that of the US, but the use of Windows Update in China is significantly below that in this country. Same for Brazil and France. But Microsoft’s own data doesn’t always support William’s contention that piracy, and the hesitancy to use Windows Update, leads to more infected PCs. China, for example, boasted a malware infection rate — as defined by the number of computers cleaned for each 1,000 executions of the MSRT — of just 6.7 per thousand, significantly below the global average of 8.7 or the US’s rate of 8.2. France’s infection rate of 7.9 in the first half of 2009 was also below the worldwide average.”

Read more of this story at Slashdot.

Phishing and worms go together like, well, fishing and worms. But unlike the latter, you’re the prey, and it can be particularly dangerous swimming in social networking waters, suggests a new report by Microsoft and McAfee.

The two software makers noted a sizable spike in phishing attacks during the months of May and June, driven in large part by hackers concentrating their efforts on social networking sites. Other popular targets included gaming sites, banking portals, and e-commerce.

While Trojans still topped the charts, Microsoft noted that worms are becoming much more prevalent, rising from fifth place in the second half of last year to now being the second most prevalent category of threats. Much of the rise can attributed to Conficker, which still has most security experts puzzled.

For those still clinging to XP, Microsoft noted that infection rates for Vista were significantly lower than for XP.

Image Credit: serc.carleton.edu

An anonymous reader writes with this excerpt from Help Net Security: “In the never-ending battle to protect computer networks from intruders, security experts are deploying a new defense modeled after one of nature’s hardiest creatures — the ant. Unlike traditional security devices, which are static, these ‘digital ants’ wander through computer networks looking for threats … When a digital ant detects a threat, it doesn’t take long for an army of ants to converge at that location, drawing the attention of human operators who step in to investigate. ‘Our idea is to deploy 3,000 different types of digital ants, each looking for evidence of a threat,’ [says Wake Forest Professor of Computer Science Errin Fulp.] ‘As they move about the network, they leave digital trails modeled after the scent trails ants in nature use to guide other ants. Each time a digital ant identifies some evidence, it is programmed to leave behind a stronger scent. Stronger scent trails attract more ants, producing the swarm that marks a potential computer infection.’”

Read more of this story at Slashdot.

While there is often a lot of talk about the downside of URL shorteners being that if they go down, they take your links with them, the much more obvious and real problem is that they very easily mask potentially bad sites. We’ve been seeing this more and more in both public tweets and DMs, but luckily so far most of those have just been worms meant to replicate themselves, rather than really bad viruses. But security software company Symantec released a video today to show some very bad links in action.

As you can see in the video below, clicking on just one link infected a computer a dozen or so times in seconds. Obviously, Symantec’s intention is showing this is to sell their software that helps to protect against these attacks, but the point is still a good one to make. While URL shorteners like Bit.ly have begun warning users about potentially harmful links, others don’t bother. And let’s be honest, most of us click on links from friends regardless of what URL shortener they are using.

While there is often a lot of talk about the downside of URL shorteners being that if they go down, they take your links with them, the much more obvious and real problem is that they very easily mask potential bad sites. We’ve been seeing this more and more in both public tweets and DMs, but luckily so far most of those have just been worms meant to replicate themselves, rather than really bad viruses. But security software company Symantec released a video today to show some potentially very bad links in action.

As you can see in the video below, clicking on just one link infected a computer a dozen or so times in seconds. Obviously, Symantec’s intention is showing this is to sell their software that helps to protect against these attacks, but the point is still a good one to make. While URL shorteners like Bit.ly have begun warning users about potentially harmful links, others don’t bother. And let’s be honest, most of us click on links from friends regardless of what URL shortener they are using.