p2pnet news view Security | Mobiles:- iPhone owners in Australia “awoke this weekend to find their devices targeted by self-replicating attacks that display an image of 1980s heart throb Rick Astley that’s not easily removed,” says The Register, going on:
“The attacks, which researchers say are the world’s first iPhone worm in the wild, target jailbroken iPhones that have SSH software installed and keep Apple’s default root password of ‘alpine.’ In addition to showing a well-coiffed picture of Astley, the new wallpaper displays the message ‘ikee is never going to give you up,’ a play on Astley’s saccharine addled 1987 hit ‘Never Gonna Give You Up’.”
“Tricking victims in to inadvertently playing the song has become a popular prank known as Rickrolling.”
And, it’s a lot more than a joke, confirms Peter Hansteen on That grumpy BSD guy
“The rickroller is about bad passwords, no more, no less,” he says, going on, “this incident only underscores what we’ve been repeating until your eardrums wear thin an my vocal cords swell from exhaustion: Publishing your username and password is a really bad idea. It’s almost as bad as picking a guessable password.
“Add to this that the fact, as we’ve noted here earlier, there is a whole cloud of hijacked machines out there beavering away at guessing passwords right now, and they have been at it for quite a while.”
Finally, he adds, “some words of advice for those of you who want to avoid both rickrolling and getting cracked by other password guessing” »»»
You should at least consider setting a password policy and enforcing it with something like John the ripper, which more than likely is available at the cost of a few keystrokes from your package system. And of course there is the fine art of sshd configuration. Some of the things you could do are, in no particular order:
- disable root logins over the network
- use packet filtering or other means to restrict where users can log in from
- disable password logins entirely allowing only key-based logins
- set up your sshd to listen on a non-standard port
… whatever your users can bear to live with.
Now you know.
First they ignore you, then they laugh at you, then they fight you, then you win ~ Mahatma Gandhi
Use free p2pnet newsfeeds for your site. It`s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.