• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • RockApp Update Brings SSH Security: Another Reason To Use RockApp


    I just noticed an update to the RockApp and after installing, and rebooting, I was prompted by RockApp with a note that told me my SSH Password was still at the default of 'alpine' and that I should change my password immediately. (I just restored recently and had not done this yet)

    After accepting the pop-up, I was able to enter in a new password. I was then informed that the password had been successfully changed.

    Most of you have probably already changed your passwords by now, but if you haven't, this is possibly the easiest way to do so without entering the terminal.

    Not only does this update bring an easy way to change your SSH Password, I believe this is another huge step forward for RockApp and another reason you should use both Cydia AND RockApp. I am starting to use RockApp more and more, and the stability just keeps getting better and better.

    2.15 UPDATES
    • (2.15.3 Update - Bug Fix for Apps with Space in Name)
    • Warning for SSH - mobile/root passwords as default 'alpine'
    • Force Removal option for "stuck" packages
    • RockID Manage View now shows lists of Purchase Apps
    • Added forgot password link
    • Ability to disable MobileSubstrate Extensions via Extension Manager
    • Fix: Removal of sources added via Package
    • Fix: Upgrade/Dependency Installs Fixed
    • Fix: For purchasing apps when can't find catalog
    • Fix: Adding user entered repos sometimes points to wrong repo url
    • Fix: Homepage Tag


    Related Posts:
    RockApp Store Projects $2Mil/Year
    RockApp Launches 2.0
    Rock Your Phone [ LAUNCH ] - iPhone Application Stores Abound
    This article was originally published in forum thread: RockApp Update Brings SSH Security: Another Reason To Use RockApp started by nickhesson View original post
    Comments 82 Comments
    1. cocotutch's Avatar
      cocotutch -
      I think it's pretty pathetic that ROCK are so desperate to get supporters of their software using something like this.

      Firstly.

      The "ikee virus" originated on the OptusNet Australia phone network (my network) -- I live in Melbourne, so I got it.

      After following some simple instructions to remove it, it stays away after changing your ROOT password, helps if MOBILE has the same new password too.

      Now, in the screen shot, there is a "Rogers Canada" user. This virus wouldn't infect anyone in Canada unless the Virus developer spread it over another network. I don't know whether he has, but I know the source code is available somewhere.

      Now Who, May I ask, would deliberately spread the virus through another international network?

      A jack*** that's who. If the network is NAT, the Virus has like 2% Chance of spreading throughout iPhone's. A network that isn't NAT, will be fully affected by the "ikee virus".

      Seriously. Unless you are deciding to spend your time somewhere on the East or West coast of Australia and are planning on purchasing a Pre-Paid Optus SIM Card, you don't need to change your Root password.

      cocotutch
    1. Nick Hesson's Avatar
      Nick Hesson -
      I really don't understand the battle between the two. I wrote this post and I don't know how many times I've already said this. Rock is not meant to replace Cydia. This post is not meant to sway anyone in a particular direction and it was not meant to be the showdown people have made it out to be.

      A few of you ramble about how a jailbreaker should know how to use terminal and change their password. Fair enough, so what's your excuse for not understanding the difference between Cydia and Rock? Use Cydia for Cydia related things. Use Rock for Rock related things. It's not that hard to understand. Rock has just so happened to allow viewing of Repo's you've entered.

      For the love of god people. It's like you enjoy drama. This is not a battle between the two. You shouldn't be installing Rock thinking it's going to replace Cydia. No! You need to keep Cydia! It is CORE to your jailbreaking. Stop fighting! Where is the peace?!

      Quote Originally Posted by saurik View Post
      For the record, I wanted to add this feature to Cydia back when I launched it in 2008, but all of the major players told me "no, I don't need you babysitting me". (If you will remember, the reason we have the ability to change the password at all since 1.1.3 is because of the work I did repairing the passwd tool, which the people running Installer didn't care about and had let rot, as Apple's code didn't actually work correctly on the iPhone.) In fact, when I even indirectly mentioned adding such a feature to Cydia on Twitter a couple weeks ago, I again got a ton of people yelling back at me "don't you dare put that feature in Cydia" despite the fact that I was obviously right: users were installing SSH onto their phones and not realizing the security ramifications. *sigh* I hate people.
      I think the problem here is that a majority of the people on twitter are not a relative indication of what the jailbreak users want. I know over a dozen jailbroken users that do NOT use twitter and never will. Let alone keep up on things. They depend on their geeky friends for that.

      My suggestion, which I'm sure you already know, is to go with your guy instinct. Don't bother asking if people want such a feature. If YOU think its worth while, then it probably is. I don't think you'll lose anyone from making such decisions.

      Keep up the great work. Can't wait to see some Cydia refreshments
    1. Lister Of Smeg's Avatar
      Lister Of Smeg -
      Hi All,

      Ditto what MetaSerph has said...

      I really like this company/product, not only is it the fastest, the easiest, cleanest systems... I think its the best.

      And too offer this as an extra service, certainly will help all those who dont know how to change their passwords easily...

      Cheers,

      Lister

      Quote Originally Posted by metaserph View Post
      I really like what this company is bringing to the table, in spite of all the flak they get here. Good for them!
    1. alpawa's Avatar
      alpawa -
      RockApp is great, but I'm kinda pissed about the false popup. Sucks!
    1. bobsco's Avatar
      bobsco -
      I like it but it still advised me that my password was alpine when I had already changed it. So it can't tell what your password is, just sends the message regardless advising to update. It's a good thing.
    1. confucious's Avatar
      confucious -
      i am somewhat confused as to why it says the default mobile password is 'alpine' when I always thought it was 'dottie'.
      I was also under the impression that changing the 'mobile' user password will screw up some apps and is un-necessary as 'mobile does not have root access'.
      I will be sticking to cydia.
      The more I see of Rock, the less I like it.
    1. kwickone's Avatar
      kwickone -
      All you "Rock Bashers" are killing me! Every single post about something most of us see as positive for Rock, you guys jump on there and bash away. Don't you have anythnig better (more constructive) to do?

      Here is how it 'should' go down.

      You don't like Rock. Fine. Don't use it. Period. (they have enough users that they will not notice you are missing).

      Quit your ******** and move on. Life is about choices. Life has free things and things that cost money. Deal with it.

      I am now making the 'choice' to stop posting on this thread.
    1. skeels's Avatar
      skeels -
      Confucious: No - when you're at a pub on WiFi - someone could hack you. There are no problems with mobile password being changed. Stick with Cydia - sure. But change your password (dottie is so 2007 .

      All: There are 0% false popups. If you read the popup - it'll tell you the correct information (ie - see Nick's posting - he had changed root but not mobile - most people FORGET/UNAWARE to change the mobile and that's how people are still being hacked!). (Wait, wait - Rock works? OMG ).


      Enjoy!
    1. bootleg's Avatar
      bootleg -
      anybody getting the conflict message after installing rock app: "try disabling rock extensions" what actually does that mean. is it worth having the rock app if the extensions are disabled?
    1. metaserph's Avatar
      metaserph -
      When it says 'Disable..." just click yes and then reboot. That always does it for me. When it reboots, the Rock Extensions will be enabled and working again.
    1. confucious's Avatar
      confucious -
      Quote Originally Posted by psuskeels View Post
      [COLOR="Blue"]Confucious: No - when you're at a pub on WiFi - someone could hack you. There are no problems with mobile password being changed. Stick with Cydia - sure. But change your password (dottie is so 2007 .
      You're right, of course, but without root access they can't do much harm - they could take my music, but if you'd seen my taste in music you'd realise no one would want to, but not do any serious harm. I know I should change mobile p/word but I'll stick with just changing the root one for now.
      I'm obviously getting dottie in my old age...
    1. bobsco's Avatar
      bobsco -
      It's funny how the Rock is trying to help people from being hacked and some people still think there's a catch or something......lol. For those who want to disreguard the notification about changing the default password. Disreguard all you want. I just hope you don't get hacked.
    1. g12007's Avatar
      g12007 -
      If you Uninstall Rock will it set your ssh password back to the root/alpine default?
    1. metaserph's Avatar
      metaserph -
      Confucious, LOL. Funny about getting "dottie" on your old age.
    1. skeels's Avatar
      skeels -
      g12007: No - uninstalling rock doesn't do anything with your passwords
      Confucious: All of your data (email, calendar, sms) is owned by mobile. I know most people don't want this to be taken/modified/etc. Of course, if you're comfortable with that being taken/modified - leave mobile password unchanged.
    1. baebenezer's Avatar
      baebenezer -
      I have to say Rock truly ROCKS!!!! App purchase hassle free Please I need more apps!!
    1. x3ith's Avatar
      x3ith -
      Well that's very nice, but rock wanted to update itself so I couldn't change the pw, coz two things at ones seems to be to much. but good to know I've got to change my mobile pw aswell
    1. skj8100's Avatar
      skj8100 -
      I have never seen so many rock fanboys in all my life!!!!
      and yes this is a selling point to get people to install rock. I don't blame them but let's not be naive and think rock devs did this to be "good guys" they implimented a feature they thought would help them push their installer to sell their apps. In my opinion rock is trash and so says most people I've ever talked to. And yes I have tried it multiple times and it still sucks. but hey if you want it on your phone I don't give two shits. I love all you people that bash myself an others for expressing our opinions on it then turn right around and do the same thing but hype rock. I'm not a fanboy of anything. I like what I like and I don't like rock because I think it is worthless trash. Have a wonderful day all of you who will give crap because you have rocks penduals in your cheeks.
    1. THE SE7EN SINS's Avatar
      THE SE7EN SINS -
      I had already changed my super user root password but it said I didn't. When I tried to use rock to change it, RockApp crashed.
    1. rhekt's Avatar
      rhekt -
      Quote Originally Posted by The Maestro View Post
      I have no idea. I just felt like talking to some random guy about cydia, question is do you know who you are talking to:
      its a respect thing. sounded like you were giving someone of major importance in this community some complete disrespect. if i read the situation wrong, my apologies. but now your just giving it right back to me, so im not too sure about that

      psuskeels is correct. it is the mobile passwd that needs to be changed if you see the popup even though youve changed the su/root passwd.

      all you need to do is enter mobile terminal:

      type: passwd
      [changing password for mobile] will show
      type in old password: alpine
      type in new password:
      retype new password: