The Unofficial Apple Weblog (TUAW)

The internet has been ablaze with reports of jailbroken iPhones being infested with worms. The exploit takes advantage of unwitting jailbreakers who install OpenSSH on their iPhones via Cydia without taking into account all of the impacts on security. The most notable, and now famous, hole in this theory is that every iPhone ships with the same default password for both the all-powerful "root" user as well as the more-restricted "mobile" user.

Not surprisingly, Apple has officially commented on the situation noting that "the worm affects only a very specific set of iPhone users who have jail broken[sic] their iPhones and hacked it with unauthorized software." It is pretty clear from Apple's statement their feelings on the jailbreak community and its effects on the iPhone and iPod touch.

Luckily, if you need to have OpenSSH installed on your iPhone (who doesn't want a remotely-accessible, full UNIX terminal in their pocket?), there is a pretty simple solution to this problem that will prevent this breed of infestation from ever reaching your iPhone.

1. Remember, this only affects jailbroken iPhone owners who have installed OpenSSH...
2. Begin by installing MobileTerminal via Cydia (alternately, you can login via SSH from Terminal.app or a Cygwin-equipped Windows PC).
3. Type "login", you will be asked for a login name which should be "root" then a password which should be "alpine".
4. Type "passwd" then tap return, you will be asked to type the new password. Tap return and type the new password again.

Repeat this same process for the "mobile" user by replacing "root" with "mobile" in step 3. Also, when using passwd to change the password for "mobile" you may be asked the old password which would be "alpine". It is not necessary to use a different password for "root" and "mobile" but if you're highly security conscious, it wouldn't hurt. The second half of this post includes a screen image of my exact process working successfully on OS 3.1.2 with an iPhone 3GS.

In addition to changing the user passwords for your iPhone, another good security measure is to use one of the jailbreak apps like BossPrefs or SBSettings to have a toggle that will disable SSH when not in use. Obviously, having SSH disabled (or not installed) is the best defense against worms of this sort. Got any other iPhone security tips? Let us know in the comments!

Read more →

This piece isn't about shooting Mac Pros, but it is about how the Mac Pro is helping forensics professionals solve cases faster and more accurately. Pyramidal Technologies produces a system called ALIAS (Advanced balLIstics Analysis System), a replacement for standard ballistic investigation systems that offers faster ramp-up times, increases data accuracy in ballistics investigations, and lowers operator error.

Pyramidal's tagline, "Solve more crimes, Convict more criminals, Save more lives" sums up their mission pretty succinctly. ALIAS will help to convict more criminals with more accuracy, and should even solve some previously-unsolvable cold cases. Helping to proactively build a civil society by identifying wrongdoers and exposing them to justice is among the many socially conscious goals of Pyramidal Technologies.

I found this story of interest because, in my limited experience, the world of law enforcement does not lean very heavily toward the Apple side of the computing spectrum. I assume that this is for the same primary reason that any agency, organization or company tends to stick with Windows: the software they depend on is Windows-based and often proprietary. What intrigued me here was the fact that the benefits of various systems, both hardware and operating system, were weighed in an OS-agnostic fashion, and the Mac won. Here's what I learned about the reasons why ...

Share

Read more →

Apple's jumped into the Verizon versus AT&T fray, according to BusinessWeek, with a couple of new ads -- and, somewhat surprisingly, they come out in full defense of AT&T. Both ads show an iPhone user in the middle of a phone call who multitasks by looking up movie information, restaurant ratings, and many other things over AT&T's 3G network. The ads end with the question, "Can your phone and your network do that?" with a very prominent AT&T logo in the final seconds of the ads.

As I'm personally somewhat on the outside looking in at the U.S. telecom spats, I don't know how much US smartphone users really miss the ability to do simultaneous data browsing and phone calls while on Verizon's network. Based on what I've heard about AT&T's network reliability, however, there are some areas of the U.S. where you'll be lucky to be able to make and receive calls at all, or hold on to a call in progress, much less multitask in the manner depicted in these ads.

What's most interesting about these ads is how favorable they are to AT&T. It's no secret that Apple's been less than thrilled with AT&T over the course of their relationship, and it's even less of a secret how dissatisfied U.S. customers have been with the telco giant. It's understandable that Apple wants to paint the iPhone in a favorable light, but I'm admittedly surprised that they seem to be going to bat for AT&T at the same time. Sure AT&T is their business partner, but from my point of view this smells a lot like telling your family that your less-than-presentable date for Thanksgiving has 'a really great personality.'

Read on to see the ads in action.

Read more →

Boy Genius Report claims to have gotten its hands on Apple's Black Friday brochure. Although they had posted another brochure earlier that made less than credible claims of 30% iPod discounts and 25% Mac discounts, BGR claims this newest ad comes from "a pretty credible connect of ours." The new ad's discounts are also more in line with Apple's previous Black Friday deals, which tend to be fairly modest compared to other retailers.

Below are a few of the discounts on the "leaked" ad:
iMac: $101 off
MacBook Pro: $51-$101 off
iPod nano: $11 off
iPod touch: $21-$41 off

Boy Genius Report notes that these deals apply only on the online store, not at Apple's retail stores.

Though this ad seems legitimate on the face of it, it's worth noting that pretty much everyone here at TUAW agreed Boy Genius Report's last "leaked" ad was a fake. So take this latest "leak" with a grain of salt. However, after taking into account Apple's Black Friday deals in earlier years, whatever discounts it offers this year are at least likely to be similar to this latest ad leak whether it's the real deal or not.

[Via Mac Rumors]

It's a rather stunning number from AdMob in an October report. The firm reports on web requests from thousands of sites world wide. In the latest report, Apple has 55% of the domestic Smartphone traffic share, and Android has 20%. Interestingly, the Blackberry share dropped 2% to a 12 percent share, and Palm's webOS dropped from a 10% share to 5%.

Windows Mobile OS has 4% of the U.S. Smartphone web traffic.

The AdMob statistics do not show handset sales, but rather are calculated by measuring traffic on more than 15,000 web sites and applications.

The Motorola Droid, running only on Verizon, has captured 24% of all Android traffic, even though it has been out only a few weeks.

The iPhone has been on the market for 28 months. That 55% share of traffic is a pretty robust number for such a relatively new product. The Android numbers, especially those of the Droid are also good news for Google, Motorola and Verizon.

The balance of Smartphone data may change dramatically as the holiday season unwinds, and it will be interesting to watch the ebb and flow of the competing brands.

AdMob was recently purchased by Google. Apple also had reportedly had some interest in the company.

We've mentioned ScreenSteps from Blue Mango Learning Systems before. A few times, actually. Version 2.7 is coming up quickly, and it's going to have some great new features. There's also a sale this week that I thought was worth mentioning, check the end of the post for details on that.

First, a recap. ScreenSteps is one of the best ways I've found to quickly create documentation for screen-based projects, whether it's company software, a CMS admin panel, or anything else you can document with screenshots. More recent versions of ScreenSteps can embed video, as well. You just snap a screenshot or screencast segment and add markup (arrows, highlights, sequence numbers, etc.) using the built-in tools. ScreenSteps handles creating lessons and manuals which can be templated and output to PDF, HTML, sent directly to a blog or wiki, or hosted online at ScreenSteps Live, where you can maintain a constantly-updated manual for company/client reference.

Version 2.7 of ScreenSteps desktop is going to have a couple of shiny new features. The first one I'll mention is aesthetic, but a welcome addition: drop shadows. Markup elements added to screenshots now have the option to include a drop shadow underneath them. This is not just better looking; it helps to call out the markup in a way that clearly distinguishes it from the screenshot itself. I got a chance to test this in private beta, and am pleasantly surprised at what a difference it makes.

The other new feature, and potentially a very useful one in many situations, is the ability to copy a lesson directly to the clipboard (video preview here), ostensibly with an email as a target, though the possibilities are a little wider than that. Blue Mango hopes to be able to open the beta to the public in the next few weeks so you can try it out for yourself.

Now, the sale. It's billed by Blue Mango as "The Sale that Goes Stale" and, as you might guess from the moniker, it decreases in value over the course of this week. Monday and Tuesday you can get 40% off of any purchase (including ScreenSteps Live accounts). On Wednesday it drops to a still-a-hefty-discount 30% savings. By Thursday it's down to 20%, and Friday, it's leftovers ... 10% off. Stop by the store to check prices on the desktop version ($39.95US-$79.95US, academic pricing available), and ScreenSteps live accounts ($19US/mo-$285/mo). Use the coupon THANKS at checkout to take advantage of the savings.

Last month a Dutch iPhone user demonstrated how careless jailbreaking can cause trouble. Namely, after finding users who enabled SSH with the phone's default password intact, he sent those phones a message that read, "Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your iPhone right now! Right now, I can access all your files." A similar worm caused phones to rickroll their owners.

They could have done worse. This week, someone has. Again from the Netherlands and again finding jailbroken iPhones with SSH enabled, F-secure reports that this infraction puts up an ING Direct login page that lets the hacker gather login credentials and, we assume, move funds to wherever they please. This version also changes the 'alpine' password to block users from getting to the phone via SSH.

We'll have more on this as the story develops, but the moral is this: If you jailbreak your iPhone, you should know what you're doing -- and you should change your SSH password.

[via Engadget & ZDnet Asia]

In 1979, the Apple II Plus was a badass piece of hardware, and the Apple Graphics Tablet was a flashy accessory. At $650US, it let users sketch with a wired stylus. Measuring 3/4 in x 15 1/2 in x 15 3/4 in, the Graphics Tablet was eventually discontinued when the FCC discovered that it caused radio frequency interference problems.

Sure, the wired stylus is a kludge, as is the general design (don't look at the back), but remember that 1979 was 5 years before the first Macintosh was released and computer mice became ubiquitous.

Edible Apple has some additional photos and an old ad promoting the tablet and Utopia software. Go and check out an interesting piece of Apple history -- complete with vintage scotch tape!

As usual for this time of year, Apple has announced a special one-day sale on November 27th, which is Black Friday (the day after Thanksgiving). The page on Apple's online store reads:

"Come back to the Apple Online Store the day after Thanksgiving for a special one-day-only holiday shopping event. You'll find dozens of great iPod, iPhone, and Mac gift ideas - all with free shipping.

Mark your calendar now. And until then, start your research by browsing the Apple Online Store to find iPod, iPhone, and Mac gifts for everyone on your list."

There's no details on what's exactly going to be on sale, and this doesn't look like the questionable leaked email we saw last week stating Apple's Black Friday discounts. Apple has in the past not posted the actual sale prices until early Friday. We'll let you know when we find out what's on sale and what those discounts are.

What are your purchase plans? Let us know by leaving a comment!
[via Mashable]

Barcodescan Pro [iTunes Link] is an app that uses the autofocus camera of an iPhone running OS 3.1 or better to scan a bar code and provide a variety of information on the product including pictures, high and low prices and more depending upon how much information is in the Barcodescan database.

To scan a barcode, you just hold the iPhone so that the barcode appears in a highlighted window and as soon as the image is steady enough, the app automatically takes a picture, compares it to its database, and renders your results. Another way of getting information into the app is typing in the numbers of the barcode into an oversized numeric keyboard.

I had it scan the CD of Tommy and it came back with a picture of the album cover, a prices line showing the lowest to highest found price which when tapped upon, showed the underlying five vendors, another tap gets you to the selected vendor's site to buy it. You can also choose a tab to get to Google for a standard search and another for Amazon where you can log-in and put it on your wish list or purchase the item. The vendors in the low to high price list never included Amazon, which I thought odd since Amazon was a persistent button on each search.

You can check If the item is found on iTunes. If so, you are presented with a contextual service option which brings in iTunes information. Instead of giving me one entry for the album of Tommy, it gave me many instances that contained the word Tommy.

Results are saved to lists. The Recent list shows the last thing you searched for, the History list shows everything you've searched for. You can create custom lists and easily move any searches between lists. Results can also be shared allowing you to email the search.

So, is it any good? Read on...

Read more →