While doing my daily scan of the online InfoSec news, I was caught offguard by the following quote from this post over at Krebs on Security:
One of the more interesting developments over the past week has been the debut of jailbreakme.com, a Web site that allows Apple customers to jailbreak their devices merely by visiting the site with their iPhone, iPad or iTouch…
Reading that sentence, it was instantly apparent to me that the site was exploiting some sort of vulnerability (and the next sentence confirmed that it was in fact the latest vulnerabilities in the built-in PDF reader that were being used to ‘jailbreak’ the devices.)
While leads me to ask the following question; WHAT THE HECK WERE THE FOLKS WHO WENT TO THAT SITE THINKING‽*
A simple perusal of the news archive (known as the Internet) reveals that most, if not all, of the malware which has ‘hit’ the iPhone and iP*d devices has found its way in because the system was ‘jailbroken’ (the usual means of entry is via a default ‘root’ password and an open SSH service on the device.) Besides which, ‘jailbreaking’ may void the warranty (not a big thing for some folks, understandably.)
But, what boggles the mind is that folks would knowingly go to this site, and trust their valuable devices (and even more valuable personal data) to its tender mercies. This kind of trust really requires a knowledge of the person (somewhere between “Facebook Friend” and the biblical definition of “knowing someone”) who runs that site. Anything less is like throwing your email accounts, your saved passwords, your financial information, and those photos you took of you and your SO last weekend (ewwwww) on the crap table, and betting it on a roll of the dice – winner take all.
Seriously, dudes**, you have got to use your brain cells when playing around on the Intertubez!
(Not real brain cells)
Not to worry, though. I’ll try to keep you on the straight and narrow. Because, that is what I do.
{cross-posted on eTee Too}
Photograph copyright © 2009 E D Truitt.
*Interrobang.
Oh, the Places You Go …
{from etee2kDOTnew}…