I feel unsafe connecting to wifi with the default root password. Are most of you guys changing the default root password? And what'd be the easiest way to change the default password? Can one just manually edit the master.passwd file? Also I remember there was a bug in the password command in BSD. Is that working in Cydia?

Thanks.

I've had no problems changing root passwd on 2.1 doing this from the mac

Last login: Wed Oct 1 11:25:13 on ttys000
Unknown-00-1r-c3-b5-cs-b5:~ n350z$ ssh root@192.168.x.xx
root@192.168.x.xx's password: alpine
tester:~ root# passwd
Changing password for root.
New password:xxxx

Originally Posted by TwistyValhalla

I feel unsafe connecting to wifi with the default root password. Are most of you guys changing the default root password? And what'd be the easiest way to change the default password? Can one just manually edit the master.passwd file? Also I remember there was a bug in the password command in BSD. Is that working in Cydia?

Thanks.

You dont need to edit the master.passwd file anymore. That bug has been addressed by Cydia's BSD implementation. Just use the passwd command. I have both the root and mobile user passwords changed. I am on 2.1

Don't forget that changing the password for mobile is just as important! It is also alpine by default, like the root password. If someone can get into your mobile account, they have access to all your personal data -- so everything you'd want to keep private!

For these reasons and more, it's wise to turn OpenSSH off when you're not using it. Use BossPrefs or Toggle SSH.

I've now changed both root and mobile passwords (manual edit) and feel much safer.

I'm not so concerned with changing the default passwords as I disable wi-fi while I'm moving from place to place_

I am finding it's slower in most places than 3G is and besides after the first day it got very annoying driving down a main road and every coupld of minutes having the phone alert me - only to find out it's not a call or message but the phone wanting to connect to some random wi-fi network it found_

My question is more to the effect that if I do change the passwords - will this in any fashion cause a problem connecting up to or interfering with my cell phone services_

I have jailbroken my phone and installed Cydia_ But I only mess with basic stuff like themes minor system tweaks here and there that are already built into the OS - just not user accessible without the jailbreak_

I just don't want to change the passwords - then go make a phone call and at&t won't let me onto their network - ya know_

----
¡ Eat at Fishy Joe's -- Ride the Walrus !

-uberFu

Originally Posted by uberfu

I'm not so concerned with changing the default passwords as I disable wi-fi while I'm moving from place to place_ I am finding it's slower in most places than 3G is

My question is more to the effect that if I do change the passwords - will this in any fashion cause a problem connecting up to or interfering with my cell phone services_

I'd be surprised if changing your passwords interfered -- we'd have been told about that by now, and there's no reason why it would.

I think you should change the passwords. I'm not sure about your provider, but some providers give 3G users public IP addresses. That means that a hacker can attack their phone over the internet. If you have SSH installed (and not completely turned off) and haven't changed the passwords, it is extremely easy for a hacker to get in and steal all your personal information. This is not fantasy; according to this blog comment it has already happened:

right now ph0n3.h4ck3r@gmail.com is exploiting the default password alpine on iPhones with SSH enabled in The Netherlands. The entire publicly accessible IP-range of the iPhone devices of T-Mobile was scanned to exploit vulnerable iPhones.

If you want to know whether your 3G IP address is a public address (as opposed to one that exists only within your provider's "router"), compare what you see at whatsmyip.org with the IP address your phone knows internally (seen in SBSettings, BossPrefs or other applications). If they're equal, change the passwords.

I checked against the site you mentioned and the 2 IP Addresses do not match up_

I think you also inadvertently answered my question without realizing it_ Again - not too concerned about folks bumming around scanning for the hopes of an open iPhone here and there_

BUT - the act of enabling SSH on the iPhone itself opens up the phone to being hacked without altering the default password_

If SSH is disabled then those folks do not have to worry about our friend in the Netherlands_

Which makes sense_ But again as I mentioned in my previous post - just making certain that it doesn't conflict with connecting to my carrier_ As I have no problem jailbreaking my phone to add some non-default customizing - but doing it to the exent that I end up with a $200+ paper-weight - not so much_

The point of this part of the conversation for those listening in - is simply change the password if you enable SSH and don't worry about it if you don't_

Thanks Jim_


----
¡ Eat at Fishy Joe's -- Ride the Walrus !

-uberFu

Here's a great video on why you need to change the root password.