News of a Mac OS X worm incites death threats and intrigue
A soap opera is playing out on the mailing lists of several security newsgroups this morning, complete with people hiding behind pseudonyms, people "outing" one another and rumors of death threats against the major players. At stake? A possible worm for Apple's Mac OS X operating system.
Over the weekend, someone using the name Infosec Sellout posted on the BugTraq mailing list news of a worm exploiting a vulnerability in mDNSResponder, a component of Apple's Bonjour automatic network service. Apple patched the mDNSResponder vulnerability in May, but the author claims there remains an unpatched vulnerability. The author also claims to have a proof-of-concept worm ready to go, named Rape.osx, but says he won't release the worm. In a security vendor blog, McAfee quotes the author as saying he was compensated for this work.
As news of the posting and possible worm spread, skepticism grew. The author suffered harsh criticism from security colleagues for hiding behind a pseudonym, and for not providing any proof of the worm. The author also reportedly received death threats in reader posts to his blog site. In response, Infosec Sellout says in a blog post that he removed all prior postings on his blog site. Is that true? Last night someone else claiming to be Infosec Sellout claims the site in question, called Security Information, is not the real Infosec Sellout blog site, but a hijacked site, hence the lack of prior posts.
The story gets weirder. One of the names thought to be behind the hijack of Infosec Sellout is David Maynor of Errata Security, who might be using the name "LMH." Last summer, during BlackHat USA, security researchers David Maynor and Johnny Cache disclosed a wireless vulnerability using an Apple Computer Macbook. The team found that malformed network traffic could allow the laptop to be compromised, and they provided a video of the attack. The researchers did use a third-party wireless card for their video demonstration, but said repeatedly that the Apple Airport wireless driver was also vulnerable. Two months after BlackHat, Apple quietly released a patch, which, if the vulnerability that was fixed had been exploited, could have compromised the Airport wireless drivers in MacBooks.
This morning in a post on the Fuzzing mailing list, someone calling himself David Maynor responded. In a post called "The Truth," the author using the name LMH says he is David Maynor and then proceeds to confess that after last summer he needed to hide behind the name "LMH" to get the word out about new vulnerablities. Yet if you go over to the Errata Security blog site, the real David Maynor says the Fuzzing mailing list post is a sham, and cites several factual errors. We took the text and put it through Hacker Factor Solutions Gender Guesser and it appears a male did indeed write the Fuzzing plot. But based on the words chosen and sentence length, the tool also suggests it was a male European who wrote it. David Maynor has been based near Atlanta, Ga., for years.
Remember all of this intrigue concerns a proof-of-concept worm that no one has seen that supposedly affects a patched vulnerability in mDNSResponder on Apple OS X.
Stay tuned for more weirdness.
As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments. 
Really, people, macs arent even that good. Get over it.
Better yet, get a Windows PC and a life.
worked up about stupid crap.
Grow a brain and realize that there's no rationalization WHAT SO
EVER to tie together the attitudes and mentalities of people who
share a consumer product.
I do agree that Apple fans take their OS evangelism too far. They take up for Jobs like he is a god and take his lip service for truth. I have seen some crazy stuff from Apple fans, but the death threats surprise even me. Hello?!?!? It's software that YOU are paying to use.
1. You pay for software.
2. You make someone else rich.
3. Jobs hides behind a veil of bashing other systems and you think my OS is great.
4. you buy what he says. You buy his products.
5. Goto 1.
My money is this guy is a Microsoft fanboy desperately trying to cling to the notion that all OS's have to have as many security issues as Windows does.
SecurityFocus for 10.4.latest vulns show only his alleged one... and there's no details, no code, no nothing. No one else has been able to confirm/deny it yet.
A check on 10.4.unpatched (that is, 10.4.0 w/ no patches at all) shows 99 vulns and DoSes total since 10.4 was released sometime in 2005. The vast majority of them are responsibly reported, and mostly from Apple.
(by contrast, it is interesting to note that Vista, having been out for less than 1/4 of the time, already has 27. I figure it'll surpass 10.4 by the end of the year ;) ).
/P
Most hard-news stories remain commentless, and most MS/Apple stories are heavily commented with some techno-geek subculture which get's in a snit about operation systems.
But, still, it entertains me.
Don't beleive it can or will happen. Just look at the number of security threats discovered (patched and unpatched) on the OSX platform. In many cases, the number greatly exceeds the number of pacthes released on MS's patch tuesday (and these patches are for all MS systems, not just Windows). There is also the MOAB project that even exceeded the author's expectations on finding apple holes.
A secure product is secure regardless of whether there is 1 user or 100 million.
An unsecure product is unsecure regardless of whether there is 1 user or 100 million.
Just look at the web server market and the fallacy of your comments will rear its ugly head. Why are windows servers the most exploited when they are a fairly small player in this market? The answer is the same as for the question why is windows the most vulnerable OS.
IT IS THE EASIEST.
A 12 year old kid with no technical knowledge can ravage windows machines and networks.
It takes a lot of time and skill(and often contrived situations) to exploit OSX and Linux.
There is a HUGE difference between a flaw and an exploit. An unpatched flaw in Linux or OSX is much harder to exploit then one in Windows. That is fact, and comes from the security from the ground up and modular design of both OS's.
Time between discovery of exploits is another important factor. Apple and the OSS community runs circles around MS in this area. MS patch day is a huge negative. Fixes have to wait to go out the door, not elsewhere. And the patch system in Windows is ****-poor. On every Linux distro that I know of, every single application that is on your system get patched from a single program and are available as they are released. No wanting for days, weeks, and even months.
You do know that the sasser worm was caused by one line of code, yet MS took 188 days to issue the fix? If that is your idea of security, then nothing will convince you that MS has always treated security with disdain, and new management with a new mindset comes it, it always will.
There are more flaws found so far in Vista then in the entire lifespan of OSX.
conducted him/herself leaves His/Her credibility in question.
How does anyone know exactly who posted what? This childish
idiot may have posted some of this stuff himself. Also he said
his site was hacked. His childish attitude & his hyperbolic
statements & the fact that someone paid him to do this has to
make you wonder. I wonder where the payment came from? That
would be interesting to find out. MS has recently said that Vista
is more secure than, well all the other OSs...but of course that's
not smug. Where is this anonymous cowards outrage over that
statement? Apple has never said that OSX is invulnerable. Their
commercials state that there are 100,00+ plus viruses on
Windows that don't effect the Mac. Essentially that's true. Most
Mac users know that OSX is not invulnerable. Nothing is.
other OSs..."
I'm fairly certain the MS statement was something like "Vista is the
most secure 'Windows' OS to date"... I recall finding it humorous
they included the word 'Windows'.
Even you know that isn't true.
Also, someone allegedly posts death threats, and instead of being skeptical of the facts and remaining silent until the facts are out, you start posting character attacks against him. Posts like this are exactly what all the "Mac Fanboi" posts on your various tech forums are complaining about.
On the plus side, it did get Apple to focus on their WiFi drivers, in which they actually found and patched a different flaw, so that one wasn't too bad.
Meanwhile, while every responsible researcher on the planet...
1) can't seem to locate very many (if any) exploitable OSX flaws, and...
2) report everything they do find otherwise, along with example code and full details
...we find Maynor suddenly gripped with hysteria about some alleged death threat.
To him I say "*yawn*... whatever, chump." Come back when you can actually tell us what it is you think is broken.
/P
If you want to do true damage to the internet, you could hit all of the LAMP servers. If you want true fame, the kind that makes you immortal, write a virus that works in the wild for the Mac.
No one remembers the 4th man to walk on the moon, or the 122nd person to fly across the Atlantic. Just the first.
We all know that someday a successful virus will hit the Mac. Many people have been trying for quite some time. Lets all hope it is a long way off.
- Whew!
- by cyclelogicpress.com July 21, 2007 10:19 PM PDT
- The drama ... the intrigue ... the utter senselessness of the act.
- Like this Reply to this comment
-
(39 Comments)