Cisco iPhone Security App Reaches Across the Network – ReadWriteEnterprise.

We recently wrote about a couple of brand new, out of the box or better to say out of an iPhone case viruses in Hello, I am the first iPhone worm! and Hello, I am the N iPhone worm!. As everyone is aware already those viruses target users of jailbroken phones.
We encourage all of our readers with a jailbroken phones to read the following blog describing a way to secure your iPhone.

Be safe!

Ok. It has started. I mean mobile viruses are on their way to become as common as regular once. According to INTEGO SECURITY MEMO – November 11, 2009 iKee virus we wrote recently about (Hello, I am the first iPhone worm!) is not alone anymore.

Exploit: iPhone/Privacy.A

Discovered: November 10, 2009

Risk: Low

Description: Following the recent discovery of a worm that changes wallpaper on iPhones1, Intego has spotted another piece of malware that attacks iPhones, one that is far more dangerous than the ikee worm. This hacker tool, which Intego identifies as iPhone/Privacy.A, takes advantage of the same vulnerability in the iPhone as the ikee worm, allowing hackers to connect to any jailbroken iPhone (iPhones hacked to allow installation of software other than throug iTunes) whose owners have not changed the root password.

When connecting to a jailbroken iPhone, this tool allows a hacker to silently copy a treasure trove of user data from a compromised iPhone: e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app. Unlike the ikee worm, which signals its presence by changing the iPhone’s wallpaper, this hacker tool gives no indication that it has invaded an iPhone.

Whatch out!

Every phone call, text message, email and website visit made by private citizens is to be stored for a year and will be available for monitoring by government bodies. Read More

iPhone owners in Australia were lucky enough to be the first once to experience the first ever iPhone worm. It affects users of jailbroken iPhones and simply changes the lock background image to Rick Astley with the messages saying:

ikee is never going to give you up

The first line of the code says:

/ “ikee virus” by ikex

So who is ikex and more importantly why? As very few of us know the first ever computer worm was written by Robert Tappan Morris, who also was first U.S. convict under the 1986 Computer Fraud and Abuse Act. He is now an associate professor at MIT. So after all it worked out fine for him. Will it work the same way for ikex? So what was the reason for ikex to create ikee?

Author of the worm was nice enough to explain why he did it

Why?: Boredom, because i found it so stupid the fact that on my initial scan of my 3G optus range i found 27 hosts running SSH daemons, i could access 26 of them with root:alpine. Doesn’t anyone RTFM anymore?So what does it tell us?

It tells us that once again a lot of people do not care much about their privacy.
Mobile web is rapidly changing and there are so many online services that also can be accessed from your mobile device with the key to the kingdom (you user name and password) stored on the device itself. It can be compared with putting your money in the safe and putting a sticker with the password on the safe door.

Wake up, its 2009!

Usually the answer is Google knows a lot about you. Well “a lot” is a big word. Now you can get an idea of what it means. Google launched Privacy Dashboard that covers a bunch of services such as Youtube, Orkut and Gmail but for some reason I still have that feeling this is not everything they know…

“Privacy 2.0 – Cleaning up the mess Web 2.0 left behind”

What is Privacy 2.0 you might ask? I’d like to start the explanation with a bit of background. Two years ago I founded a startup social network that was a mashup of Facebook, Myspace, Meetup and Yelp. Continue Reading

Mashable reports:

Another Twitter security event seems to be underway, with accounts being accessed and Tweets being sent out reading “hey! 23/Female. Come chat with me on my webcam thingy here www.chatwebcamfree.com.”

Taking a look at Twitter search, it would appear that regular users passwords have been compromised and are having the tweets sent out under their name. This type of scam is common with IM, but hasn’t been seen often yet on Twitter, minus the hacking of celebrity accounts that took place a couple months ago when hackers penetrated Twitter’s customer support system.

This would easily be solved if OpenID style solutions were more rapidly adopted by Web 2.0 companies. I’ve been using Verisign’s Personal Identity Portal (PIP) Wherever I can. By entrusting authentication to a company that makes it their specialty, you can rest assured that maximum effort is being placed on safeguarding your account and personal information.

Today we start on part 3 of our Photobucket Safety Series. Today we will be focusing on “fuskering”.

We have discussed previously that there are things you can do to prevent your password from being compromised. Sadly however, there is absolutely nothing you can do to prevent fuskering. You can only slow it down.

Fuskering is the action of using a program that can do a brute force search of a directory looking for specific file names. For those who do not know what a brute force search is, it simply means that the program goes through every possible combination of numbers, letters, and symbols looking for a hit. Now lets take an example direct link to an image located in a Photobucket account, www.photobucket.com/username/picture.jpg. This is not the proper form for a Photobucket account but it will suffice for our purposes. This fuskering program will now find the directory your pictures are located in and go through its brute force search to find combinations that will produce a picture. Photobucket makes this easier for crackers by using your user name as the name of the directory it stores your pictures in. There are a few programs available for free that will do this for you. Feel free to download them yourself and try it on your own account to see how secure it really is. Note, I am not condoning using these on other people’s accounts. Please do not do so.

Now the question becomes, “what can I do to protect my pictures?” The simplest one is to not put anything you don’t want others seeing on the internet. Were picking on Photobucket here merely for the fact that it is one of the most popular services out there. Unless you don’t mind others peeking at them, pictures of you naked, pictures of your driver’s license, and pictures of anything else that has sensitive information does not belong anywhere on the internet. If you want to share pictures, carrying around a flash drive with those files on them is much safer. If you insist on storing these online, do not name them something obvious. Files named “sexy1”, “sexy2”, and “sexy3” will not help you. Do not store them in a sub folder named “private.” During a fusker search, finding that sub folder is like hitting the jackpot in Vegas. Instead, rename all of your files and folders with a random combination of letters numbers and symbols. Each file and folder should also be over 6 characters long. By doing so, you make it unprofitable for the people searching as going through about 50 to the power of the length of your filename will take a very long time, days upon days of going through one account. Most people I have come across on those groups are not willing to wait that long. Use this to your advantage.

So as a recap, your private Photobucket account is not really private. Files containing sensitive information do not belong on the we. If you insist on having those files online, name them something difficult to guess. This wraps up part 3 of the series and next time we will go into how those pictures that were censored due to a “terms of service” violation, “TOS”, can be recovered, or “un-TOSd”. Stay tuned.

Today we start on part 2 of our Photobucket safety series. This part will be focused on password cracking.

There are two different passwords attached to your Photobucket account. The first is your main account password. This is the one you use to log into your account and access all your administrative tools such as adding and removing pictures and videos. As with other passwords, this need so to stay secret and secure. Most of us do a good job in this. This is not where the security risk is. The second password that is affiliated with your account is what is called a “guest pass”. This is the password that you give to your friends. It allows your friends to access your account and view all your pictures and videos. Many times, the guest pass is not as secure a password as your main administrative password. It is usually something easy to remember for your friends. This makes your pictures very vulnerable to those who wish to use your pictures against you.

Now that you know the risk, here as some ways to avoid having your guest pass exploited. First and foremost, DISABLE IT! There is no need to have your entire Photobucket inventory available to others. If you wish to show people your photos, simply make a slide show and give your friends the link to the slide show. Second, if you insist on using a guest pass, change it every week or so. This will minimize any damage should your guest pass get into the wrong hands. Also, make sure your guest pass is not a common word. Words like “friends” and your name are the first things people try when attempting to get into your Photobucket. Use a combination of letters, numbers, and symbols in your guest pass. Taking some care with your account will help you keep your private pictures private. Remember, no matter how advanced the security system, it is only safe from people who don’t know the password.

Please tune in next time for part three of the Photobucket safety series, where we will be discussing “fuskering”.