Aside from blaming the victims, I don’t entirely agree with Apple’s statement. It’s not the actual jailbreaking that exposed iPhones to these ridiculous worms, it’s simply the fact that a lot of people install and enable SSH without changing the default root password. If you don’t miss that important step, a jailbreak could almost be considered an improvement. After all, it allows you to use Google Voice (in the States), multitasking interfaces and a bunch of apps otherwise unavailable. So don’t let the big A scare you. Just practice safe jailbreaking, kids. That’s all.

PS: If you still don’t know how to protect yourself from this silliness, it’s easy: Go into Cydia, install the MobileTerminal app, and use the passwd command to change the default from “alpine”, to something that won’t leave you in need of a de-worming. [Loop Insight]

What you’re seeing here is really the combination of two apps, standby jailbreak justifier and essential iPhone app Backgrounder, which lets you designate any app to run in the background, and new task switcher interface called Multifl0w. (There are other, more basic task switchers already, the most widespread being Kirikae) The new combo feels like magic: It’s a little bit Android, a lotta bit Pre, and more importantly, an obvious improvement, at least on the speedier 3GS.

Granted, anyone who’s used Backgrounder knows that for the sake of your battery, you have to be careful how many apps you open, and how many you leave running. Honestly though? Every other smartphone manufacturer trusts their users to mind their own damn processes, which seems to work out pretty well. So, uh, when will we get this by default? OS 4.0? 5.0? Shut up, blogger?

You can give it a try now in jailbreak app manager Rock, and Cydia’s on its way. Sadly, it’s only free on a trial basis, after which it’ll cost you $US5. Backgrounder and Kirikae, though? They’re still free, in all sense of the word. [MultiFl0w--Thanks, William!]

It only effects those who have installed SSH and not changed the default password. To fix: go into Cydia and use the passwd command to change the default from “alpine”, to something a little more secure.

This worm attacks IP ranges from a larger range of ISPs, including UPC (Netherlands), Optus (Australia), and T-Mobile (Many). When an infected device is hooked up to a Wi-Fi connection, the worm can spread more quickly to more IP addresses than on a typical 3G connection. One symptom noted by security.nl is that battery life is very, very short when the device is connected to WiFi, because the worm is generating so much network activity

[Sophos and BBC]

The previous design was a lot sleeker and placed the controls on the side. But it didn’t have those awesome nubs. A test run of those units were shipped to selected people in February, and early feedback plus a “sleepless night” lead to the updated, bigger look.

You’ll need to jailbreak your iPhone, but the iControlPad is supported by some of the biggest iPhone devs (including ZodTTD’s PSX and GBA emulators). If you’re interested in placing a pre-order, sign up for the newsletter over at: [iControlPad]

Fortunately the virus is little more than a prank and not actually malicious. It only affects jailbroken iPhones with an SSH daemon installed. It preys on the fact that many users haven’t actually changed their SSH password from the default Alpine.

Whirlpool user JD managed to track down the guy behind the virus and interviewed him on his blog. There are instructions on how to undo the rickroll if you’ve been victim to this virus, as well as a post dedicated to how to prevent future viruses hitting you through the same security hole.

Despite the somewhat questionable method of doing it, ikee has at least done one good thing in reminding us all of the importance of changing default passwords. If you’ve got a jailbroken iPhone, you should probably change all your passwords now. In fact, today’s probably a good day to change all your passwords for everything, just in case – because next time, it might not just be a picture of Rick Astley on your home screen…

[Whirlpool and JD's Blog – Thanks Craig!]

Apple can permanently patch the blacksn0w exploit in their next firmware update. You must download Cydia’s “On File” system in case Apple blocks more exploits in future updates.

It’s still safe to run the tool, but keep in mind that Apple can — and probably will — patch the core exploit used by Blacksn0w, rendering your unlock useless, or worse. Running On File will ensure you can downgrade in the future, so you don’t lose whatever precarious network/plan/phone arrangement you’ve so fallen in love with.

Mac and PC downloads are available here. [GeoHot via iPhoneOS3]

Apparently all that it took to terrify many dutch iPhone users was a “trivial” port scanning technique and “a modicum of networking know-how”. After the hacker gained access to the jailbroken phones with unchanged root passwords, he sent the pictured message which led to a demand for a €5 ($8) PayPal payment and words of caution:

If you don’t pay, it’s fine by me, but remember, the way I got access to your iPhone can be used by thousands of others-they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intention of harming you or whatever, but, some hackers do! It’s just my advice to secure your phone.

This particular gentleman was almost kind. He didn’t inflict any serious harm, only demanded a small optional payment and limited his activity to the Netherlands. Whoever learns from his approach might not be as nice. The lesson, my darlings? Change your root passwords if you’ve got a jailbroken iPhone. I finally did. [Ars Technica]

The hacks are pretty hardcore, and demand not just a jailbroken iPhone, but a working knowledge of the handset’s operating system internals. Basically, I wouldn’t recommend anyone who enjoys having a not-bricked iPhone try either one. Anyway! The former comes by way of the Hackint0sh forums, courtesy of user Whiterat:

1. Backup original CommCenter (goes without saying…)
2. Replace CommCenter in: /System/Library/PrivateFrameworks/CoreTelephony.framework/Support/ with a patched one.
3. Chmod the new CommCenter to 755
4. Open /System/Library/CoreServices/SpringBoard.app/M68AP.plist and insert a true boolean value for “mms” under capabilities

and the latter, from the Dev Team Wiki, step-ified by The Beat Mix (the instructions are too long to include here; just check them out at the link).

If they’re soooooo dangerous, then why even mention them? Because in their respective forums, the chatter around the hacks is that they’ll make their way to the Cydia jailbreak app store before too long, and both be installable with little more than a tap. [MuscleNerd's Twitter via 9to5Mac]

It turns out the new boot ROM doesn’t totally prevent the 24kpwn exploit employed by the Dev Team hackers, but instead just kind of interferes with it. The result? You can still jailbreak your late-model 3GS, but the device will need to be tethered to your computer to boot up. It’s a major annoyance, but not necessarily a dealbreaker.

Chances are it won’t be this way for long anyway — remember the iPod Touch 2G? It was jailbroken fairly quickly after launch, but it had a new, slightly more secure boot ROM, and needed to be tethered in order to boot. A few weeks later, the hackers did their thing, and there was much rejoicing. Cue the remainder of this exact chain of events..now. [Gadget Lab]