What does laptop encryption software have in common with the cultural zenith that was, and is, Rick Astley? Passwords.
Australians with jailbroken iPhones got the treat of a lifetime when their wallpaper got changed to that of a young Astley looking impishly serious (check out the darkreading.com site for an image), a result of a worm by an unemployed programmer from Australia. He meant no harm, he was just playing around. The worm's design seems to confirm his playful intentions. Besides Rickrolling, the worm doesn't seem to be engaged in other nefarious activities. It's not asking you for a five-euro ransom, for example. However, it is annoying the heck of a lot of people. The worm affects jailbroken phones that installed SSH and left their password set to the default, "alpine." Once an iPhone is infected, it will go through the contact list and find other iPhone users with an identical vulnerability and infects those as well. If an iPhone doesn't have SSH or if the default password is not being used, the vulnerability does not exist. SSH stands for "secure shell," btw. Ironic, yes?
Australians with jailbroken iPhones got the treat of a lifetime when their wallpaper got changed to that of a young Astley looking impishly serious (check out the darkreading.com site for an image), a result of a worm by an unemployed programmer from Australia. He meant no harm, he was just playing around. The worm's design seems to confirm his playful intentions.
Besides Rickrolling, the worm doesn't seem to be engaged in other nefarious activities. It's not asking you for a five-euro ransom, for example. However, it is annoying the heck of a lot of people.
The worm affects jailbroken phones that installed SSH and left their password set to the default, "alpine." Once an iPhone is infected, it will go through the contact list and find other iPhone users with an identical vulnerability and infects those as well.
If an iPhone doesn't have SSH or if the default password is not being used, the vulnerability does not exist. SSH stands for "secure shell," btw. Ironic, yes?
Many would take the above and point out that jailbreaking iPhones is what caused the problem in the first place. And, while such arguments wouldn't be wrong, it certainly wouldn't be entirely right either. People who've jailbroken(?) their iPhones to install SSH and forgotten to change the password would probably have forgotten to do so for "legitimate" iPhone apps as well. One of the central data security tenets of anything that requires a password is "don't use the default password." This is especially true of encryption software, for those cases where a common, default password is used. If a person continues to use the default password, the encryption is for naught: what's going to prevent a person from trying that as the first password in an attempt to gain access? Their conscience? Which is why many software designers will force users to change their password. For example, in AlertBoot encryption, a central administrator is able to set up policies on what types of passwords are or are not allowed, including, the size of passwords (a minimum length), how often passwords can be reused, whether palindromes can be used, etc. Furthermore, the initial password that allows a user to bypass the pre-boot authorization window has to be changed to one of the user's choosing (and satisfy the admin's initial demands of what a password should be). Otherwise, the user cannot proceed forward, and the volume with hard disk encryption won't be decrypted.
Many would take the above and point out that jailbreaking iPhones is what caused the problem in the first place. And, while such arguments wouldn't be wrong, it certainly wouldn't be entirely right either. People who've jailbroken(?) their iPhones to install SSH and forgotten to change the password would probably have forgotten to do so for "legitimate" iPhone apps as well. One of the central data security tenets of anything that requires a password is "don't use the default password."
This is especially true of encryption software, for those cases where a common, default password is used. If a person continues to use the default password, the encryption is for naught: what's going to prevent a person from trying that as the first password in an attempt to gain access? Their conscience?
Which is why many software designers will force users to change their password. For example, in AlertBoot encryption, a central administrator is able to set up policies on what types of passwords are or are not allowed, including, the size of passwords (a minimum length), how often passwords can be reused, whether palindromes can be used, etc.
Furthermore, the initial password that allows a user to bypass the pre-boot authorization window has to be changed to one of the user's choosing (and satisfy the admin's initial demands of what a password should be). Otherwise, the user cannot proceed forward, and the volume with hard disk encryption won't be decrypted.
Related Articles and Sites:http://www.darkreading.com/blog/archives/2009/11/worlds_first_ip.htmlhttp://www.computerworld.com/s/article/9140518/First_iPhone_worm_spreads_Rick_Astley_wallpaper?source=rss_security