In time for AllHallows-Thanksgiving-BlackFridayCyberMonday-Xmas-Kwaanza-Passover-NewYears Day I have been reminded of all of the things that can go wrong with our computers especially during this time of year. With everyone shopping online, and in the holiday spirit, it is easy to forget that your computer is still a dangerous place to be with your private information.
With the debut of the Droid, and the other open source smart phones being released recently, mobile technology security is again being discussed. Will Droid, because of its open source origins, be more secure, or less secure, than the apparently invulnerable iPhone, whose Apple-designed software has had very few problems with security until recently? That security is in question with the hacking of the iPhone earlier this week. To be fair, the flaw only becomes manifest when the iPhone has been jail-broken from the iTunes store to run unofficial codes and other software installers. This process, jailbreaking, is in response to people wanting a choice of software other than the 100,000 applications available from Apple. Apple's database of apps appears quite vast but there are other repositories of software you cannot gain access to without sigificantly modifying your iPhone. And while 100,000 apps might appear to be more than anyone could ever use, consider Pareto's Principle or Sturgeon's Law. I do not sit in judgment about whether jailbreaking is good or bad, but in doing so, some users have made themselves vulnerable to an iPhone malware first, the ikee worm.
Discovered in Australia, this worm exploits a configuration error that should be corrected immediately. Jailbreaking does not cause the iPhone to be broken, it simply renders it more vulnerable to being taken over by people who have more advanced knowledge of the hardware than you do. If you jailbreak your iPhone, change your SSH, member and root passwords from the default. The virus is spread wirelessly. Your iPhone sends the virus to other iPhones and exposes everyone whose phone may be in the right state. It is likely that in the future, iPhone viruses may be spread via the desktop as well as remote connections.
There was another virus that changes the desktop of your iPhone and attempts to hold your phone data hostage. Analyzed by SophosLabs, they indicate that there may be as many as four different variants of that hostage-ware in the wild. A new and harmful virus for the jailbroken iPhone or maybe we should call them jiPhones called iPhone/Privacy.A. It is spread just like the ikee worm through wireless SSH connectivity. Now that we have these three, more will certainly follow. Your iPhone is essentially a computer, remember to follow standard computer protocols for security.
If you plan on shopping online this holiday season especially on Black Friday or CyberMonday please remember to do the following things:
- Create strong passwords and never write them down (unless you store that information in a safe or other safe place, just in case your memory slips). Strong passwords are combinations of letters, numbers and special symbols. Don't use your kids names, pets names, your birthday or anything that someone might be able to guess about you. There are software tools that you can use to create relatively unbreakable ones but they usually make passwords no one can remember.
- Never give your passwords to anyone online. If you are solicited in your email, call the company using a bill or official documentation that you receieved when you opened the account.
- Never dial any numbers from an email. Social engineering is another technique used to get you to give away your password. No vendor will ever ask you for your password.
- Never click on a link in an email. Most of those links automatically download viral loads into your computer when you complete the mouseclick.
- Never download any files from an instant message client that you did not ask for. They are almost always infected in some way.
- Be mindful of security if you purchase anything on line. Make sure the site you are using has a security setting. The site's address name will usually begin with https:// (the extra "s" indicates it is a secure site) Most browsers will also include a small lock icon in the interface window.
- Avoid filesharing software - many of them have been bundled with keyloggers or other security violating software that puts your files or your identity at risk. File sharing software if improperly configured could also make your files vulnerable by making directories open to download without your knowledge.
- Avoid any software or advertisements that promise to make your computer behave like it did when it was new. Almost always hyperbole and very likely the source of your next malware or virus. If you want your computer to run like new then learn how to reinstall your operating system and do that ever six to twelve months. When that stops helping, upgrade your component hardware. When that fails to bring any performance gain, get a new box.
About the Author: Thaddeus has a WordPress technology and science commentary blog called Storm Warnings: A Matter of Scale and can be reached at
Comments