SERIOUS OpenID and OAth2.0 flaw revealed

skull

Okay folks ANOTHER security issue you should be aware of.
A bug has been found in OpenID and OAuth 2.0, two authentication programs that let you log into web sites using your Google, Facebook, and other major accounts. Read here and here too

OAuth—and its alternative OpenID—let you log into sites or apps using your Google, Twitter, Facebook, or other credentials, without having to create yet another account or give the app more permission than necessary. OAuth and OpenID, in essence, authenticate you with the site or tell the site you are who you say you are and let you log in without having to enter a username and password.

For example; logging into LinkedIn you are asked if you’d like to use your Google or Facebook account credentials. Then you enter said credentials (FB or Google) and you can then get on because they then ‘authenticate/use’ your other credentials. You see this all the time on news sites and blogs – if you’d like to comment or post you’re asked for some sort of ‘authentication’ usually Google, Yahoo, Hotmail or Facebook etc..

THAT’S why I live by the mantra – use different credentials (username AND passwords) for EVERY site you login to!! AND NEVER ‘LINK’ ANY ACCOUNTS!
Though this may seem difficult given the amount of our lives that are now ‘online’ it is not that hard if you use an app/service like LastPass or KeePass. I NEVER use any ‘other’ account to login to any services – ever. Every account gets it’s own credentials. That way if one is compromised no other one will be.

Please be safe out there folks!

Serious OS-X and iOS Security Vulnerability Completely Opens Up Your ALL Your Secure Communications

Rotten_plus_GreenApple

It had been know for MONTHS that there was a serious security flaw in iOS and possibly the latest version of OS X that could allow attackers to surreptitiously circumvent the most prevalent Internet security protocol – TLS/SSL and and Security Certificate validations. The issue is a “fundamental bug in Apple’s SSL implementation,” This can allow attackers to view ANY of your ‘secure’ Web communications. This includes e-mail, banking sites. Facebook etc..

Apple finally released an ‘emergency patch’ to the latest version of iOS last week, but it appears that the flaw affects more than just Apple’s mobile platforms. It actually affects the latest versions of OS X – Apples latest desktop Operating System too!!

If you have an iDevice I’d recommend backing it up; via iTunes or any of the other methods I’ve previously recommended. Then checking for any System Updates. Tap Settings > General > Software Update. Then download and Install to download the update. [Updates might download automatically while your device is connected to Wi-Fi and a power source.]

As for you Desktop computer, well there lies the rub. Apple appears to have at first done the usual – deny, then downplay, then finally admit there is a serious problem and ‘promise a quick fix/patch’. [It’s really crazy that they are able to get away with this so often; I guess those reporting are too busy licking Apple sack….but I digress]

So what to do..

If you use the Desktop Apple Operating System – OS X you should always use the latest versions of Chrome or Firefox for internet browsing to help mitigate some of the possible exposure. [I NEVER use Safari and always recommend to all my clients that they don’t either]. Even if you’ve take the latest update on your iDevice I’d still recommend I’d recommend Chrome for iOS.

Here one of the latest articles I’ve found with a VERY good explanation. You should at least read this! But I’d recommend hitting all my sources.

Be safe folks!

Sources to read 1, 2, 3

Zero Day Adobe and Microsoft Exploits

Adobe has released (for the second time this month) an emergency update for its widely used Flash Player to combat active attacks that exploit a previously unknown security bug that hackers are actively exploiting to surreptitiously install malware on end-user computers.

Attackers are already exploiting it!

Please apply this patch and stay secure.
If your version of Flash on Chrome (on either Windows, Mac or Linux) is not yet updated, you may just need to close and restart the browser. The version of Chrome that includes this fix is v. 33.0.1750.117 for Windows, Mac, and Linux. To learn what version of Chrome you have, click the stacked bars to the right at of the address bar, and select “About Google Chrome” from the drop down menu (the option to apply any pending updates should appear here as well).

The most recent versions of Flash are available from the Adobe download center here, but beware potentially unwanted add-ons, like McAfee Security Scan, Chrome browser etc..). To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here. Windows users who browse the Web with anything other than Internet Explorer will need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).

AND..

Microsoft has released a stop-gap fix for a previously unknown zero-day vulnerability in Internet Explorer versions 9 and 10 to combat a separate zero-day campaign. IF possible (many users cannot because of other ‘line of business software’ that requires versions 9 or 10) to update to version 11 of IE, since it contains exploit mitigations not available in earlier releases. Those who are prevented from running version 11 should install the Microsoft fix as soon as possible.

Microsoft site explanation is here

Actual ‘Fix-It tool is here

If you run it make sure you ‘right-click’ on the file after it’s downloaded and ‘Run As Administrator’

Be safe folks, Peace.

BlackPOS breach

So here is a story about the recent MASSIVE thefts at Target Neiman Marcus and other retailers.

What is by far the most scary is this line,
“…said it was possible for Target and Neiman Marcus to be hacked after the software tried several easy passwords to remotely hack the stores’ registers, and added that the malware, called BlackPOS..”

We are finding out the breach occurred because of poor Security practices! Easily guessed or worse, standard passwords at the gates!

This is totally unacceptable and, in my opinion, everyone involved from the top to bottom of these IT chains should be fired and also be part of any litigation directed at the companies.

You know you hear it from me and just about everyone else: use complex Usernames and especially passwords. NEVER use a default username or password. Never use the same password for different accounts.

So I’ll say this again to everyone. Please change your passwords to something complex (that includes Upper and lower case letters, numbers AND symbols) and do NOT use that same password for different accounts.

Well that is all. Peace out.

Adobe Hacked (again)

Yay another security hack. 🙁

If you have an Adobe Account Please login to their site and change your Password. You may have already received notice to reset them, if so please do!

I’d suggest if you have any payment information associated with any Adobe account/login you remove it! You can read from Adobe about it here.  And some more (and scarier) details from some other tech sites like this one  or this one.

Disable UPnP to Protect Yourself from New Security Hole Found in Wi-Fi Routers.

If you don’t know. And most of you probably don’t. There is a major security flaw that has been recently aggressively exploited. It could allow people with malicious intent access your system(s). Mac, Windows PC and Linux, all are vulnerable because this is NOT a OS flaw, but a router flaw! So please don’t think you are safe just because you by into the belief (very wrong by the way) that ‘your’ type of Operating System ‘doesn’t get infected…’.  Scans from security companies have shown about 50 MILLION vulnerable access points already.

It is strongly suggest that end users, companies, and ISPs take immediate action to identify and disable any internet-exposed UPnP endpoints in their environments.
UPnP is pervasive – it is enabled by default on many home gateways, nearly all network printers, and devices ranging from IP cameras to network storage servers.

Rapid7.com has an online tool here  that can check the external interface of your router and let you know if you are vulnerable.

To fix/resolve this issue all you need to disable UPnP on your wireless router.
Since each router is different, you’ll need to login to your wireless router’s admin panel (use the manual to figure that out), and then find the UPnP setting. This may require someone with more skills (like your teenager) or an IT professional (preferred method) to turn this off for you you. But however you do it, please do it.

Be safe. Smile

Amazingly Simple One-Click Android root

This is a follow up on my previous post(s) about rooting your android phone.
I posted some specifics for my personal phone – Epic 4G Touch (Sprints version of the Samsung Galaxy S2) here

Now comes an incredibly simple one click ‘root’ that looks like it will work to ‘root’ a WHOLE BUNCH of Android phones (including the Epic 4G Touch) with incredible ease!
Check this site OUT!

Directions are DEAD SIMPLE.
Follow – in order, and you will gain ‘root access’ to your phone with out changing ANYTHING else! That means that you will then be able to install applications that require ‘root’ system access.

Make sure as it states in step 1 to set the device to USB Debugging Mode.

Download the application here.

Follow the directions and MAKE SURE YOU HAVE A HIGH QUALITY USB CABLE! Poor quality cables are the cause of MANY failed updates and connection issues!! I was having problems gettin my friends AT&T Galaxy S2 to root till I switched USB cables to a higher quality one. But once did get the good cable the root process took only a few minutes!

So now that you have root access here are the things you should do/get first.

1st:
Superuser: An application from the Android Market. lets you manage superuser (root user) permissions; this is the first app a newly rooted phone needs installed on it allowing you to approve/disapprove of applications install access permissions. This should be already installed via the root process but you can check if it is there by looking in the applications. If not try downloading and installing if it won’t install it means your are not rooted.

Root Explorer: [Market Link] This is a File Manager ($3.80): shows you the files you can now access as a root user.

Titanium Backup root [Market Link] This backs up all your apps, removes bloatware, and otherwise helps you manage apps. And break down and spend the money for the Pro Key for Titanium. As I have mentioned a few times in other posts this app alone is reason enough alone to root your phone!!
I believe it is inexcusable to NOT have your data systems backed up – regularly and fully! I am going to provide a follow up of how to use this application to it’s fullest for backups and recovery. [stay tuned]

Wireless Tether for Root Users [Market Link] This turns your phone into a mobile hotspot. [Use this application at your own risk. It is possible that use of this program may violate your carrier’s Terms of Service.]

I hope some find this helpful. I plan on helping many of my friends with other Android phones get the benefits of having a root access with such great ease!

Epic 4g Touch EL26 Modem/Kernel/ROM – Full Restore – Rooted

Sprint has been trying to ‘push’ a system update to my phone for a couple of weeks – one that is supposed to fix many ‘bugs’ such as LOS (loss of signal) some where having and improve overall performance by updating the phone to Android version 2.6.3.

I have already ‘rooted’ my phone as I described in a previous article using this method with this file.

Even though the ‘root’ I did was the Stock ROM with just the addition of enabling full root access with recovery options, I was leery of running any ‘stock’ updates. Most cell providers have done a piss poor job of pushing out updates and my research showed this update was indeed causing more problems than it was supposed to fix!

So I waited and researched for further updates and ‘custom/patched’ fixes from the great folks at XDADevelopers Forum and the ACS team. My patience and research paid off.

Because my phone is already rooted I am able to use Titanium Backup Pro http://bit.ly/pLtba8 to back up all my application AND settings. I do this nightly to the local SD card AND to Dropbox (pretty much the only reason I use Dropbox actually).

If you want ANY reason why I believe you must root your Android phone, it is for the ability to use this application! If you install nothing else that requires root access or make any customizations you still win if you use Titanium. [OK so major plugging done.]

The guys at XDA now have a full ‘One-Click’ root available here.

I backed my data using Titanium (just in case!) then set about updating my phone following the easy to use (and very precise) directions. I chose the ‘NoData’ package – to preserve all my applications and settings! [but remember I still have my backup just in case!]

Following the instructions it worked flawlessly!!

Then to install even more recovery options (the Clockworkmod – a full system imaging tool!) I followed the directions here. They are simple and precise too. After the update and all the reboots system is up and running WITHOUT ANY ISSUES.

My download speed for both 3G and 4G have increased. My 3G data speed doubled – modem really made a difference!
The responsiveness of the phone is now even faster. Switching between applications and screens is faster and smoother too!

Super video on the ‘Rooting’ using the one-click root little faster than what I originally did!

Once the update to EL26 was complete I installed the Clockwork Mod exactly as described above and laid out in this awesome video below.

The guys at ACS and XDA are GREAT! I can’t thank them enough. To download and access some files you might be required to register for each forum. Both are free and the process is painless – do it!

Well there it is. I hope someone else finds this useful. Peace

My adventures in a phone upgrade part 2 the root and apps

I wrote about my phone adventure recently here  so I won’t go into WHY I needed a device that I could ‘completely control’ and have full access to. Suffice it to say I must be able to have complete access to the system I own without artificial limitations from the manufacturer or service provider. I want to use my hardware and software to its fullest potential. Humor to illustrate:)

 

I chose the Sprint Epic 4G Touch as my device. I loved the technical specs and knew from research that it would be easy to root and customize.

With Android devices there are so many different options to customize, tweak and really make the device your own, that it can be overwhelming. There are dozens of ROMs available and even subcategories of the main ones!

But there are some basic and simple tools to at least give you root access enough to be able to install ‘non-approved’ or custom applications and get a taste of freedom from the hardware manufacturer and service provider (ATT, sprint, Verizon etc.)

One of the most important things for me was the ability to be able to totally and completely back up the device – operating system, applications and settings; the WHOLE thing. I need to know that my system is backed up nightly (to the SD card AND the ‘Cloud’) and can be restored in a matter of minutes. I do not want to have to take a trip to a ‘corporate store’ or have to send my device away to be ‘reloaded or reset’. If an update – pushed from my carrier or other application, locks up or otherwise makes my device unusable. I have only one phone so I cannot be without it for any extended period of time.

So my quest led me to first just ‘root’ the stock ROM. Essentially giving me full root access but keeping the rest of the original Stock Sprint ROM. This way the only really operating system customization I was messing with was the actual ability to install and use non-approved applications or ones that require more system access than the carriers want to give you; like the ones for full system backups!

I must give credit here to the folks at these sites; XDA Developers, PPC Geeks and ACS, have a plethora of options, files and techniques for customizing your phone. Full access to these sites and their links and files is free with simple email sign up. I would recommend spending a few weekends just ‘looking’ through their sites; read the FAQs and poke through the different topics, tutorials and guides. You will learn a lot. I have spent years going through XDA and PPC Geeks learning so much about phones and systems.

I used the method and files found here: Stock root or Epic 4G

[Take note that you may need a new GOOD USB cable. I have had SO MANY USB devices report as ‘failed’ or ‘not fully connected’ when it turns out that all that was needed was a better cable! I have spent hours with clients trying to connect printers, phones, cameras etc., installing driver after driver, tool after tool etc.. When all that was needed was a good cable. DO NOT TAKE THIS TIP LIGHTLY! GET A FEW GOOD CABLES!]

OK so after flashing/rooting your device all will still look the same except you should now have a new application called ‘Superuser’ installed; this shows that you now have root access. You can download it here if it does not show up. It will only install if you do indeed have full access to your system.

After insuring that I had root access to my phone, the first application I installed was Titanium Backup AND I bought the Pro Key ($6.00 well spent!). This allows for full backups to the SD card(s) AND to Dropbox ‘the cloud'[I only use Dropbox for this purpose]. I have it set to back up my system nightly to the SD card and Drop Box. Now if I want to experiment with another ROM I can load it (via one of many methods from those great sites; probably ODIN) and if it doesn’t work out then I can reload the Stock ROM as above and reload my full back up and I’m good to go!

I then loaded and installed AppBrain Android market app here. Account is free and easy to set up.

Since I am an IT guy the most important app for me was my LogMeIn application. It was also my most expensive but well worth it. It is an amazing tool! After that the next best application I paid for was iSync. It allows me to sync iTunes playlists and libraries to my phone! AND it works better than I have ever seen iTunes work with any iDevice either.

So below is a list of all the applications I have currently on my phone. Many came pre-installed (Sprint) and some I got on the Android Market ‘daily deals’ for only $.10. I included the links to the applications (as they are on AppBrain; most can also be found in the official Android Market too). Check them out  – or don’t but have some fun!

Device: Samsung Epic Touch 4G

Apps: 73 total, 60 free (82%), 13 paid (17%)

Total Size of installed applications :183MB

Total value (at current prices – note that many apps were purchased on specials for only 10 cents U.S.):

clip_image002[4]

A HIIT Interval Timer
Free 276kb

clip_image004

ADWLauncher EX
$3.28 1895kb

clip_image006

Adobe AIR
Free 8575kb

clip_image008

Adobe Flash Player 11
Free 4583kb

clip_image010

Adobe Reader
Free 2761kb

clip_image012

Advanced Task Manager
Free 412kb

clip_image014

AirDroid
Free 2764kb

clip_image016

Android Lost
Free 121kb

clip_image018

AppBrain App Market
Free 724kb

clip_image020

Auto Mount Your SD Card
Free 68kb

clip_image022

Barcode Scanner
Free 589kb

clip_image024

Camera ZOOM FX
$4.85 961kb [$.10]

clip_image026

Dolphin Browser™ HD
Free 3500kb

clip_image028

Dropbox
Free 3076kb

clip_image030

Drudge Report
Free 193kb

clip_image032

ESPN ScoreCenter
Free 1483kb

clip_image034

Endomondo Sports Tracker PRO
$4.21 3014kb [$.10]

clip_image036

FOX News
Free 1447kb

clip_image038

Facebook for Android
Free 3929kb

clip_image040

Fast Web Installer
Free 418kb

clip_image042

Firefox
Free 15019kb

clip_image044

GPS Status & Toolbox
Free 454kb

clip_image046

Galaxy Core 3D LiveWallpaper
Free 994kb

clip_image048

Gmail
Free 2147kb

clip_image050

Google Books
Free 2381kb

clip_image052

Google Docs
Free 2557kb

clip_image054

Google Maps
Free 6379kb

clip_image056

Google Reader
Free 1673kb

clip_image058

Google Search
Free 608kb

clip_image060

Google Shopper
Free 3131kb

clip_image062

Google Sky Map
Free 2212kb

clip_image064

Google Voice
Free 4304kb

clip_image066

Gwang-Ju Subway
Free 81kb

clip_image068

Jota Text Editor
Free 547kb

clip_image070

KeePassDroid
Free 996kb

clip_image072

Keyboard from Android 2.3
Free 1744kb

clip_image074

Kindle
Free 9362kb

clip_image076

LogMeIn Ignition
$29.99 2578kb

clip_image078

Lovely Beach Live Wallpaper

$.10 13277kb

clip_image080

Lovely Sky Live Wallpaper
$.10 7914kb

clip_image082

MoboPlayer
Free 3426kb

clip_image084

MyAppsList
Free 37kb

clip_image086

OI File Manager
Free 172kb

clip_image088

Opera Mobile web browser
Free 12881kb

clip_image090

PdaNet 3.02
Free 117kb

clip_image092

ROM Manager
Free 2375kb

clip_image094

ROM Manager (Premium)
$5.99 42kb

clip_image096

Remote Control Add-on
Free 560kb

clip_image098

Remote Web Desktop
Free 2460kb

clip_image100

Root Explorer (File Manager)
$4.06 272kb

clip_image102

Root er
Free 662kb

clip_image104

SMS Backup +
Free 1135kb

clip_image106

SkyDrive Browser
Free 301kb

clip_image108

Skype – free video calling
Free 11828kb

clip_image110

Speedtest.net
Free 3063kb

clip_image112

Sprint Mobile Wallet
Free 328kb

clip_image114

Street View on Google Maps
Free 281kb

clip_image116

SwiftKey X Keyboard
$4.06 [$.10] 4903kb

clip_image118

Swype Keyboard
Free 1994kb

clip_image120

Tabata Sport Interval Timer
Free 204kb

clip_image122

TeamViewer for Remote Control
Free 1786kb

clip_image124

Terminal Emulator
Free 28kb

clip_image126

Tiny Flashlight + LED
Free 1668kb

clip_image128

Titanium Backup PRO Key ★ root
$6.16 31kb

clip_image130

Titanium Backup ★ root
Free 3234kb

clip_image132

Tuner – gStrings
$2.85 136kb

clip_image134

Voice Search
Free 2267kb

clip_image136

YouTube
Free 2182kb

clip_image138

Zemna AppList Backup
Free 244kb

clip_image140

iSyncr WiFi Add-On
$0.99 925kb

clip_image142

iSyncr for PC
$2.99 1983kb

clip_image144

iris. (alpha)
Free 518kb

clip_image146

ooVoo Video Call
Free 6327kb

Peace out.

My adventures in a phone upgrade part 1

It all started almost two years ago. I knew it was time to upgrade my phone but I could not find a suitable replacement for my ‘rooted/custom ROM’d’ Windows Mobile 6.5 phone – an HTC Touch Pro2. When I say suitable, I must first explain who I am and what I do. That may help to understand why I need what I do. I will also give out some definitions later too.

I have been having issues with my phone for over a year now, and of course they are not getting better with age. Hardware related problems and not ROM/Operating system issues like the reception of phone (which used to be stellar) getting poorer, data and GPS not working all the time – especially and of course when needed most. So I began my phone search in earnest nearly a year ago.

My background: I am a Network and System Administrator and integrator. I manage systems including Windows Domain(s), Cisco Firewalls/Routers/VPNs, VMware clusters and many Operating systems contained therein – Windows, OSX, Linux, Cisco IOS etc. I have been working in IT for a few decades, so I am very comfortable with technology. I am also not a ‘fan boy’ of any particular type of Operating System or hardware. I have and use Windows machines primarily, but have a Mac and Linux box here under my desk (and many Virtual Machines of those OS’s too). I have owned many machines since my first Amiga in the 70’s as a kid. I simply use the tools that provide me with the best ability to do my job(s) and any other tasks I may wish to.

I settled on Windows Mobile years ago because of the amount of customization and third party tools I needed that I could use with it. I need MS Exchange support, Terminal services/Telnet abilities, MS Office compatibility and other remote management software and tools – all to at least do my job and NONE available on any other platforms at the time. I was also able to put a custom ROM on my device to provide for even more flexibility and control of the Operating System, applications and themes.

I looked at the BlackBerry and iPhones but neither had the application support I needed, let alone the ability to customize the operating system in any real ways.

And the Android phones at the time were also limited in their functionality and performance. But I was sure that the Androids would improve fastest.

So I figured my next phone would be a Android but didn’t rule out the iPhones either. With the increasing ease of ‘Jailbreaking/rooting’ the iPhone and the newer iOs I thought that might be an still be an option for me.

Next and just as important for me is the service provider. I have been with Sprint for over a decade and it has provided phenomenal value, and most importantly RECEPTION in the places I use it most – home and work.
I had a friend who was on ATT and was considered the Blackberry guru – seriously this 80+ year old guy would show the ATT reps how to use their phones! [RIP Gerry] And his phone lost reception at my house and our office fairly often; much more than mine. So ATT was probably out. My fathers Verizon phone(s) too didn’t work well in his house or mine (both very close to each other) and neither did my step-brother’s Verizon phone(s). So Verizon was probably out too. I’ll stop here and say what ever phone you get won’t mean crap if you have no coverage and can’t use it!

A few months ago I demo’d an ATT iPhone and could not get ANY reception at my place – so goodbye ATT. Plus I was still not able to do all the things necessary for my work and fun. Even ‘rooted/Jailbroken’, the Apple device is WAY to constricting for me. Don’t get me wrong. the iPhone is a fine device. It makes phone calls, chats, take pictures and plays music and video well. And all fairly simply for the novice and average user. But to truly customize this device for my uses and needs is nearly impossible.

ALSO and this is NO small point the iPhone 4S is NOT repeat NOT a 4G device! No matter what network you use it on it uses 3G phone services! [look it up if you don’t believe me]. I require fast data connections for many of the management activities I do and it would be foolish for me to not have a 4G device. I also was again tempted to move to Verizon because of their build out of their 4G LTE network, but their recent changes in data plan fees are WAY too costly and restrictive for my uses.

So I stuck with Sprint. Now which phone? I purchased an EVO 3D a few months back but returned it because I just didn’t like the phone enough and the phone itself had some connection issues (much like the iPhone did – poor antennae placements I think) and it just didn’t quite meet my tech needs.

Back to my old dying Touch Pro2…

I found a device to dramatically increase my reception in my home for Sprint called an Airave for only $50.00US on Amazon and decided to give it a try to ‘extend’ the life (and reception) of my poor old phone. WORKED AMAZINGLY! It is essentially an in home ‘cell tower’. It uses your broadband connection to extend your wireless services. [Both ATT and Verizon offer these type of devices too by the way. Except Verizon’s devices START in price from $250.00US and ATT’s the same!] I was also able to install this device behind my home router in a DMZ – so it has it’s own network and is separate from my home systems yet still used my cable broadband.

So on to my final choice. After doing months and months of research (I’m kind of a nut about that) I settled on the Sprint Galaxy S2. And wow, am I a happy camper! I have the ability to completely customize the sh*t out the operating system(s). Blazing speeds on wifi, 3G and 4G and a very nice multi-media device which can actually play more types of media from more sources than the iPhone! With a rooted Android phone I can put any number of customized ROM’s and applications on the device – freedom, yay!

I mentioned rooting/jailbreaking. I would not get any device that did not provide me with this ability.
I completely understand why so many people (probably MOST) would not care one rip about this. They just want to be able to do what ever they can very easily. And they don’t mind be limited by their carrier, hardware or phone operating system as to what they can or can’t do. That is one reason the iPhone is such a huge success. It ‘just works’ as the fanboys like to point out. But of course it only works the way Apple and the carrier ‘let you work it. Period. Me, I must know that I have full control of the device I own! I must be able to make a ‘real full image back up’ of my device not just a file backup. And secondly I do not wish be stuck in a ‘walled garden’ of ‘approved’ applications and devices. I own it I want to be able to do what ever I want with it.

So let me briefly explain those terms.
Some definitions:
What is Rooting/Jailbreaking?:

Android Rooting is a process that allows users of mobile phones and other devices running the Android operating system to attain privileged control (known as “root access”) within Android’s Linux subsystem with the goal of overcoming limitations that carriers and manufacturers put on some devices. A good description of why.

iOS jailbreaking, or simply jailbreaking, is the process of removing the limitations imposed by Apple on devices running the iOS operating system through use of custom kernels. Such devices include the iPhone, iPod Touch, iPad, and 2nd Gen Apple TV. Jailbreaking allows users to gain root access to the operating system, allowing iOS users to download additional applications, extensions, and themes that are unavailable through the official Apple App Store.

A jailbroken iPhone, iPod Touch, or iPad running iOS can still use the App Store, iTunes, and other normal functions, such as making telephone calls. Unlike rooting an Android device, jailbreaking is necessary if the user intends to run software not authorized by Apple. A tethered jailbreak requires that the device be connected to a computer each time it needs to be booted; an un-tethered jailbreak allows the device to be powered without computer assistance. Under the Digital Millennium Copyright Act, jailbreaking Apple devices is legal in the United States.

ROM:

Essentially a ROM is the phone’s operating system that comes with your phone when you buy it.

I was going to explain what a ROM is but this post here is WAY better than I could ever have done so check it out.

I just realized how freaking long this post is! So I am going to write another post about the steps and tweaks I applied to my device along with some tips and tricks for Android and the Galaxy S2 in particular. Stay tuned.. [I post most of this sh$t for my own reference anyways. 🙂 ]

A little side by side with the iPhone 4S and the Galaxy SII