Apple must be pleased about this news. They haven’t become tired in telling the people that jailbreaking the iPhone seriously compromises user security.
And now a worm developed by Ashley Towns from down under is nothing else but attacking jailbroken iPhones whose Secure Shell has not been disabled or where the default root password (“alpine”) is in place.
Luckily the first version of the worm was almost imperfect as it just changed the background wallpaper to a photograph of Rock Astley – yes rickrolled again. Anyway ITBusinessEdge now reports that a second version of the worm has been seen in the wild. This new version of the worm gives no indication that it has successfully compromised your jesus phone. Beware guys.
Now, will we get virus scanners for our jailbroken iPhones? Will it be necessary to run firewalls?
It seems like irony, but it seriously looks like that all the probs Microsoft’s operating systems have had for years with viruses and worms – just because Windows is the most widespread desktop operating system – are now coming to the iPhone.
All of us know, there are lots of bad guys out there just trying to brute force our ssh ports. The following article provides information about the first steps to be performed when setting up a new webserver running Debian Etch.
For security reasons we recommend applying these how to’s before proceeding
Mandatory: How to secure your Debian server by updating the buggy openSSH Debian package (read tutorial here)
Optional: How to secure your Debian server by changing the SSH port number (read tutorial here)
The following howto will show you how to enable SSH login without a server based password (passwordless login) and how to disable password login in general on your server.
II. Generate SSH public- private-key pair
Generate keypair on your Linux client machine (works on Cygwin and Mac OS X as well!) client$ mkdir ~/.ssh client$ chmod 700 ~/.ssh client$ cd .ssh client$ ssh-keygen -q -f id_rsa -t rsa
You will be asked to provide a passphrase to encrypt your private key. Although you might leave this empty, we strongly recommend to provide it – for you own safety
In the folder called .ssh you will then find those two files: id_rsa > contains private-key (encrypted with your passphrase) id_rsa.pub > contains public-key (to be put on your Etch Webserver)
III. Upload public-key to server
In detail: the output of id_rsa.pub (which in fact is a textfile) is pushed via ssh on your root’s homefolder and being saved there as id_rsa.remote: client$ cat id_rsa.pub | ssh email@example.com cat “>“ id_rsa.remote
IV. Activate public- private-key authentication
log in to your server client$ ssh firstname.lastname@example.org (provide your password)
you may install nano (if you like vim, stay with vim), imho nano is faster for simpler tasks, but vim is much more powerful, so having both is no loss ;-) server$ apt-get install nano
Edit SSH configuration to allow public-key login server$ nano /etc/ssh/sshd_config
Allow AuthorizedKeysFile only (still in sshd_config) AuthorizedKeysFile %h/.ssh/authorized_keys
Disallow Password driven login (still in sshd_config) # Change to no to disable tunnelled clear text passwords