In the spirit of Richard's post below on a little 'no tech hacking'; on a couple of occassions recently I've had friends wanting to show me photos taken on their iphones, and inadvertantly reveal some potentially quite damaging information.

To set the scene, you're discussing a subject (such as a holiday) and your friend says "want to see the photos?". Applying the in the affirmative, they whip out their phone and hold it up for you to see, hitting a button and entering their unlock PIN to begin showing you the photos.
It's at this stage I ask "so, is that number you just entered the same as your ATM-card PIN?"
Sheepish looks ensue as they mumble "....yes...." and I reply "you might want to change that...or lend me your ATM card!"

Now this certainly isn't an 'iphone-problem' as such, or I'd wager even a new problem. It is however exacerbated by the new touchscreen smartphones and their big friendly on-screen keypads that make it much easier to 'shoulder-surf' from greater distances and see the PIN number more easily as it is entered.
ATM card PIN numbers are a little unusual as for a lot of people they are one of the few 'enforced' passwords they use. By 'enforced' I mean they are passwords that are dictated and not chosen by the end user, they are often just a random (or semi-random) 4-digit string that was supplied by the bank.
Although these days you can often choose a PIN number while opening a new account, this wasn't always the case and many people have had the same PIN number for years, from card to card, keeping the one they've already memorized. After all we are often creatures of habit.

So when the new phone arrives and needs to be set up with a 4-digit PIN number, it seems not uncommon to grab the first available 4-digit number that you already have memorized - your ATM PIN (I'd wager birthdays or borth year are the other popular options) and off you go.

What's the risk? Well it's probably pretty low. I'm not really going to run off with my friend's ATM card, nor bother remembering their PIN number after seeing it initially. But low risk is not no risk and doing something as simple as scrambing or reversing your ATM PIN (if that must be the basis of your phone PIN) is better than using the same number.

A little research into PIN numbers brought up an interesting fact; the inventor of the ATM PIN, Brtion Mr Shepherd-Barron wanted to use a 6-digit number (based on his army number), but his wife said she could only remember 4-digits - so that became the world standard!*

And btw, yes I have an iphone and no my PIN is not the same as my ATM card! (nor any derivative thereof!)

*Except for Switzerland, where apparently 6-digits is the default....

It's been widely reported that an Australian man has developed the new iphone virus that 'rickrolls' owners of jailbroken iphones.

The virus spreads via ssh using the iphone's default password of 'alpine'. Normally ssh access is not available on a standard iphone, but enabling access is a requirement of jailbreaking the iphone to get around restrictions placed on the device by Apple.

This comes hot on the heels of a ransonware scam with a dutch hacker holding jailbroken iphones 'hostage' for €5 which uses the same method to gain access to jailbroken phones. (The dutch hacker has since apparently stopped asking for money and has now provided instructions on how to undo his changes).

Does this represent a big security hole for Apple? Not really, as both attacks only affect jailbroken iphones. If you are jailbreaking an iphone, or modifying any device against the manufacturer's instructions, then the onus of providing a secure device has passed from the manufacturer to the end user - something which most end users probably don't think about.

While both 'hackers' have claimed the release of their viruses was a educational 'wake up call' for users with jailbroken iphones to ensure they change their default passwords, the simplicity of the attacks could mean something more sinister is on the horizon.
The pair of them may be in hot water as even a relatively harmless change like rickrolling can have unintended legal consequences (the attempted extortion from the dutchman aside).

If you have a jailbroken iphone, change the default password asap!

*edit* I just came acoss this post from Sophos which has a screenshot of some of the virus source code: