Do you have a jailbroken iPhone?

It looks like iPhones that are jailbroken can be accessed by from the internet using ssh with the root password "alpine".

Instructions for changing the password are here. Please change the password now, you don't want your beautiful iPhone to change into a nice, shiny brick.

Perry

UPDATE 12/1/2009

It's not rickrolling now, the newest one actually steals information, like passwords, and changes your ssh password so you have to wipe the phone to remove it.  Luckily it's really easy to tell if there - The battery usage is so high you'll want to wipe the phone anyway.  Lucky the battery isn't replaceable, huh?   Change those passwords, folks.

Facebook Apps are really Insecure (and their creators know it)

The architecture of Facebook apps has some security problems, and according to this article, companies like Zynga (Farmville, Mafiawars) know about it and exploit it.

That means that you, the user take it in the chin ( and wallet ).

The problem is that when you load Facebook apps, they have access to your whole Facebook account, not just the piece they need. The app makers take advantage of this, or least point to people who do. This means extra charges on your credit cards at best, or identity theft at worst.

Moral of the story - be discreet when you load Facebook apps - do you really want to know which Anne Rice Character you are?

I don't. And I don't want to join MyCalendar, so no birthday requests(sorry), etc etc. I'm not sure about groups. Or Lists.

 Facebook is working on it - making your information disclosures selectable - no ETA though, I don't think.

Update 11/14/09 - ValleyWag says that there might be a class action suit in the works.  Zynga is going to have fun defending the "every horrible thing in the book"quote from their CEO, especially when it's on tape (nice touch).  Let's see how that IPO goes, huh?

Oh, another thing:  Do you use Facebook and care about your privacy settings? Are they all set to friends only?  I did a google search for myself (AKA vanity search) and found out my whole friends list was available to everyone.  I hadn't increased privacy on "search settings" - Click here to make those changes to your profile

Perry

Flash is really Evil

A post today on Slashdot describes how Adobe flash basically breaks the security of the Internet.

Unfortunately it's really complicated but the author maintains ( and shows ), that when a server sends an Adobe Flash object to a users browser, that object can execute code that's in a file in the originating domain, regardless of whether the file is a flash object. The executing flash object may not even have to be a flash object, it can be something else, like an image.

This opens up the web to a ton of attacks. Basically, any web site that allows file uploads ( like photo sites ), can only be partially resistant to this of they have a different domain for user uploaded content. So pbase.com would need to move all their files to pbase-img.com, or something similar. Some big sites like Yahoo are already doing this.

That means its bad news because it's really hard for anyone to fix other than Adobe, and the worse news is that Adobe says it's not their problem.

What's a poor user to do?

It's easy for a Security Goon to say:

1. Use Firefox. I already do this, as does my wife and kids. Really.
2. Use the NoScript add-on. I do this, but haven't got my wife or kids started(yet). This prevents flash from most sites, unless manually turned on. (I gotta pay him something). It's brilliant and improves the net experience if only because I haven't seen punch the monkey in years.
3. According to a comment in the above referenced article it's even better if you run the FlashBlock extension. This sounds good but I haven't tried it yet
   

If you insist on running Internet Explorer (bad), the above article mentions something called Toggle Flash which sounds really cool, but I haven't tried it.

Perry