Jailbreak SSH horrors strike back

Back in 2009 the “ikee” rick-rolling worm went around the iPhone world via the password of ‘alpine’ on the root account. You are now warned to change your root password when you pop into Cydia and Rock the first time. But this thing just wont stay down.
If you have jailbroken your iPad you might want to check out a little file called “master.passwd”. In it, there is another user called ‘mobile’ which has been pointed out since 2008 (here) on the iPhone as another account to change the password of. But the media and Cydia/Rock warnings only put emphasis on ‘root’.
Many iPad and iPhone apps STILL do not use the “keyring'” and store your password in plain text or somewhere in a binary file (still plaintext), which the user “mobile” has access to.


Ok, “so what” you say. Since this recent jailbreak was using a website, the individuals running that site now have the IP address of freshly jailbroken iPhones and iPads. I am certainly not saying that they have any ill intentions, but sites have been broken into before, and that would be one hell of a gold mine.
Hopefully AT&T has put in blocks of some sort so that it’s customers are protected, but who knows what the other countries around the world that carry iPhones are doing.
But at the very least, if you have jailbroken your iPhone, iPod Touch or iPad, please.. please set your passwords accordingly and do not have it a simple dictionary password.
Remember, you ARE giving up some security when you jail break your phone. It is on you to make sure that you lock what you can back down.
To change your password, use 'Terminal' and log in to one account at a time and issue the "passwd" command. You can also just log in to root and issue the "passwd mobile" command to change the password of mobile

What's on Your Mind...

Thank f' u C0mment