Results 1 to 5 of 5
Discuss Being Safe at the Spirit (jailbreak) - Hackint0sh.org; Some question regarding JB security.. If you do not install openssh are you safe from ...
  1. #1
    Newbie Array

    Join Date
    May 2010
    Location
    Sydney
    Posts
    6
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default Being Safe

    Some question regarding JB security..

    If you do not install openssh are you safe from the ssh root password vulnerability?

    If you install afc2add you basically give access to the filesystem via another means. Does this introduce its own risks?

    If so, are their ways you can prevent viral attacks.

    Regards

    OliphanT



  2. #2
    Newbie Array

    Join Date
    May 2010
    Posts
    8
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    First of all why you don't change root's password?

  3. #3
    Super Moderator Array n1ckn4m3's Avatar

    Join Date
    Mar 2009
    Location
    USA
    Posts
    2,717
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    145

    Default

    Quote Originally Posted by OliphanT View Post
    Some question regarding JB security..

    If you do not install openssh are you safe from the ssh root password vulnerability?

    If you install afc2add you basically give access to the filesystem via another means. Does this introduce its own risks?

    If so, are their ways you can prevent viral attacks.

    Regards

    OliphanT
    1) Correct. If you do not install OpenSSH, you are safe from the SSH root password vulnerability.
    2) afc2add allows the iPhone to provide access to the root filesystem, not just the mobile user sandbox provided by default. It is possible this introduces other risks, however, I believe the risk is minimal.
    The preceding forum post has been brought to you by the letter "N" and the number 42.

    iPhone 4, 32GB (iOS 6.1.2 | evasi0n | SHSH: 4.0 - 6.1.2)
    iPad 2 3G, 64GB (iOS 6.1.2 | evasi0n
    |
    SHSH: 4.3 & 4.3.3 - 6.1)

    Restore problems? Read this: http://www.hackint0sh.org/f137/130802.htm

    Did we solve your problem? Got a dollar or two spare? Please Donate!


  4. #4
    Newbie Array

    Join Date
    May 2010
    Location
    Sydney
    Posts
    6
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    0

    Default

    The reason I ask is in my guide to the Jailbreak, I want to be able to say afc2add is a better way to access your files and does not expose you to the root password vulnerability.

    Give that context, does what you say still apply? Or you advise against it.

    OliphanT

  5. #5
    Super Moderator Array Olethros's Avatar

    Join Date
    Sep 2007
    Location
    Norway
    Posts
    8,360
    Post Thanks / Like
    Downloads
    0
    Uploads
    0
    Rep Power
    439

    Default

    Quote Originally Posted by OliphanT View Post
    I want to be able to say afc2add is a better way to access your files and does not expose you to the root password vulnerability.

    Give that context, does what you say still apply? Or you advise against it.
    Your exposure is greatly reduced. With AFC2 - the phone has to be connected to your computer via USB and a program needs to be able to talk the AFC2 protocol to copy files.

    The only realistic way I could see this happening is if a user downloaded and ran a "trojaned version" of a well known AFC2 app. This could then copy/install whatever it wanted onto your iPhone/iPad/iPod touch.

    So quite a lot of user interaction is involved.

    With SSH all you need to do is install SSH and not change the root/mobile passwords. Then you can be infected over wifi or even over the 3G/Edge data network (not possible on all carriers)
    Please read the stickies & search forum before posting!
    How to report an iTunes restore/update fail in a useful manner
    -

    iPad 3G 64GB (4.3.3, Redsn0w) oldest SHSH 3.2.2
    iPhone 4 32GB (4.2.1, Redsn0w JB-monte) oldest SHSH 4.1
    iPhone 3GS 32GB (4.3.3; Pwnagetool) factory unlocked oldest SHSH 3.1
    iPhone 8GB (3.1.3; Pwnagetool) AT&T Locked - Unlocked with bootneuter

    -
    Did we solve your problem? Got a dollar or two spare ? Donate!


 

 

Similar Threads

  1. Replies: 2
    Last Post: 11-09-2011, 09:39 PM
  2. 1.1.2(1.1.1 OTB BL3.9) Safe way to 1.1.4
    By l0id in forum iPhone "2G" (Rev. 1)
    Replies: 0
    Last Post: 04-21-2008, 08:50 AM
  3. Is It Safe
    By leeli in forum iPhone "2G" (Rev. 1)
    Replies: 0
    Last Post: 12-10-2007, 02:41 PM
  4. Is it safe to say you guy's won??
    By BCBud in forum iPhone "2G" (Rev. 1)
    Replies: 1
    Last Post: 10-17-2007, 11:19 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin®
Copyright © 2014 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO
(c) 2006-2012 Hackint0sh.org
All times are GMT +2. The time now is 07:32 PM.
twitter, follow us!