What's new

Security Warning! Both Jailbroken and Non Jailbroken devices..

The password issue is ONLY IF YOUR JAILBROKEN ALREADY AND INSTALL OPENSSH!!!!

I guess you miss the fact that this JB DOES install OpenSSH... or even skipped past my post where I mentioned that this JB does install OpenSSH...

It already has access to your system before can install OpenSSH. OpenSSH isn't something you can just install on any device without already gaining full access to it.



I'm going to just stop commenting on this thread, you guys obviously don't know or want to know. Its doing what ever you THINK it does and thats it.
 
The password issue is ONLY IF YOUR JAILBROKEN ALREADY AND INSTALL OPENSSH!!!!

I guess you miss the fact that this JB DOES install OpenSSH... or even skipped past my post where I mentioned that this JB does install OpenSSH...

It already has access to your system before can install OpenSSH. OpenSSH isn't something you can just install on any device without already gaining full access to it.



I'm going to just stop commenting on this thread, you guys obviously don't know or want to know. Its doing what ever you THINK it does and thats it.


I hate to say it... but it's only getting access through the known root credentials... The jailbreak uses stock FW from CrApple with the stock Root password.... He found a way to inject his code, and run it in a hole left open from CrApple... And is only able to execute it because stock FW has a Root PW of "alpine"...

I'm almost 100% sure that if you JB using jailbreakme.com.... change your root password... and, for whatever reason, try to re-jailbreak without restoring.... It would fail.....

I'm nearly 100% sure that he is depending on the Root PW to be "alpine" to run his code.... Again... like I mentioned, it would be best to ask @Comex about this....

For all we know... this PDF Warner app is just gathering device info, and could be a "virus" in itself....
 
Last edited:
It already has access to your system before can install OpenSSH. OpenSSH isn't something you can just install on any device without already gaining full access to it.

How do you think he gained access to install OpenSSH?
How do you think he got "full access to it" to manage his code?


How about you let me rig up my website, and you leave the administrator/root password on your machine as "alpine"..... come visit my site...

Let's see what happens to your machine......
 
I hate to say it... but it's only getting access through the known root credentials... The jailbreak uses stock FW from CrApple with the stock Root password.... He found a way to inject his code, and run it in a hole left open from CrApple... And is only able to execute it because stock FW has a Root PW of "alpine"...

I'm almost 100% sure that if you JB using jailbreakme.com.... change your root password... and, for whatever reason, try to re-jailbreak without restoring.... It would fail.....

I'm nearly 100% sure that he is depending on the Root PW to be "alpine" to run his code.... Again... like I mentioned, it would be best to ask @Comex about this....

For all we know... this PDF Warner app is just gathering device info, and could be a "virus" in itself....

I just tested your crazy theory. Changed default password, went over to jailbreakme.com and guess what. It was still able to load the jailbreak and go through the jailbreak process again.

Oh and by the way, OpenSSH wasn't installed by the jailbreak I had to manually install it.
 
Last edited:
I hate to say it... but it's only getting access through the known root credentials... The jailbreak uses stock FW from CrApple with the stock Root password.... He found a way to inject his code, and run it in a hole left open from CrApple... And is only able to execute it because stock FW has a Root PW of "alpine"...

I'm almost 100% sure that if you JB using jailbreakme.com.... change your root password... and, for whatever reason, try to re-jailbreak without restoring.... It would fail.....

I'm nearly 100% sure that he is depending on the Root PW to be "alpine" to run his code.... Again... like I mentioned, it would be best to ask @Comex about this....

For all we know... this PDF Warner app is just gathering device info, and could be a "virus" in itself....

I just tested your crazy theory. Changed default password, went over to jailbreakme.com and guess what. It was still able to load the jailbreak and go through the jailbreak process agian.

How did you change your Mobile/SSH/Root passwords?
Granted, he may even have code in there to see if you're already JB'ed...and do nothing.... although it "looks" like you did actually JB...

Again... I'd love to see you ask @Comex about it...
 
Last edited:
I hate to say it... but it's only getting access through the known root credentials... The jailbreak uses stock FW from CrApple with the stock Root password.... He found a way to inject his code, and run it in a hole left open from CrApple... And is only able to execute it because stock FW has a Root PW of "alpine"...

I'm almost 100% sure that if you JB using jailbreakme.com.... change your root password... and, for whatever reason, try to re-jailbreak without restoring.... It would fail.....

I'm nearly 100% sure that he is depending on the Root PW to be "alpine" to run his code.... Again... like I mentioned, it would be best to ask @Comex about this....

For all we know... this PDF Warner app is just gathering device info, and could be a "virus" in itself....

I just tested your crazy theory. Changed default password, went over to jailbreakme.com and guess what. It was still able to load the jailbreak and go through the jailbreak process agian.

How did you change your Mobile/SSH/Root passwords?

Open Rock App and it gives a warning saying you still have the default alpine password and would you like to change it. Enter new password and its set.

I also checked via MobileTerminal and PuTTY
 
@DawgBone: I completely agree with Mike. Do you know what an exploit means? Do you think viruses brute-force your OS-password? No.
Maybe this makes things more clear to you:
Exploit (computer security) - Wikipedia, the free encyclopedia
There is nothing about any password in the JB procedure...
Maybe they get access to a part of the memory by an buffer overflow where they can inject code which is executed. Same thing with the Wii and the Twilight Hack:
Twilight hack - Wikipedia, the free encyclopedia
 
Two link chain?

If i'm reading the description of this exploit correctly, it requires two things.
1. An infected PDF
2. Opening the PDF in safari

My question is how do i disable safari handling PDFs on the iPad. Frankly i don't want it doing so anyway.

The second is if your PDFs are coming from legitimate sources where's the concern?

Thirdly, why is the browser even allowed to download anything without your acceptance?

There are two culprits here. Adobe for having such a blatant hole and Apple for removing control of what your browser does to handle file types.

---------
When i originally wrote this i didn't realize that the true culprit was a flaw in one of the Adobe dlls related to handling true type fonts. And apparently the hole has been around for a long time.
 
Last edited:
Back to the original topic of this topic.....

I have a Magazine app and it is having the same problem as the iBook problem...asking for permission to allow for access to PDF. I am hoping that there will be a way to tell the app the iBook and my magazine app does not need the 'checking'.
 
Already uninstalled

I already uninstalled this app as one of the primary reasons ai got an iPad was to have a portable solution for reading documents.

I have several PDF readers installed on my iPad some of which allow annotation of the original source.

Whevenever i try to load PDFs in any of them I get several popups warning against loading the document.

Needless to say,that is not at all a useable solution form me.

For the time being I'm relying on the fact that my PDFs are from clean sources.

Unless there is a way to constraining the warnings to browsers it is of no use to me.
 
Last edited:

Most reactions

Latest posts

Back
Top