InfoSec Sellout disappears, worm now claimed to affect OS X 10.4.10
By Thomas Ricker 
posted July 19th 2007 4:36AM
posted July 19th 2007 4:36AM
InfoSec Sellout, the hacker(s) behind that claimed OS X worm we mentioned yesterday, has kinda-sorta disappeared from the Internets. Sellout's blog, which classified the information security industry as a bunch of "snake oil salesmen, pimps and whores," is "now dead" according to the anonymous blogger (or bloggers) who many think is hacker LMH of January's "Month of Apple Bugs." Mysteriously, the site has reemerged under a new name boasting a link to SecurityFocus where InfoSec Sellout's vulnerability claim now includes the latest version of OS X: 10.4.10. Oddly, Sellout claims that his/her site was hacked, and the new posts are fakes. Huh? Sellout claims that the reason for the shutdown was due to the loss of hacker anonymity from "cry babies" who can't handle a little honesty. Of course, none of this makes any sense. After all, there's always Google cache. Besides, if his/her (or their) claim of developing a first, massively propagating OS X worm is true, then just like DVD Jon before, Sellout's fiscal future as an industry professional would be all but guaranteed. So what are you really hiding from Sellout? [Via Macworld]
Read -- InfoSec old site (via Google Cache)
Read -- InfoSec new site
Read -- InfoSec Sellout's identity?
Read -- SecurityFocus vulnerability description
Pah! Pitiful bastard, and to think I appreciated his sense of evil, now he's nothing more than sad, pathetic attention grabber. Wonder what'll happen now? And was the vulnerability even real?
Yeah, it kinda sounds like it was never real...
Perhaps InfaSec Sellout was hired by Steorn to work on Orbo v2.0?
("irony is like goldy or bronzy - only different" - Baldrick, BlackAdder series 2)
i don't deny it could be possible but all this crap seems a bit iffy to me, especially the change to 'now effects 10.4.10' after it was engineered from a bug fix from apple.
"NO I will not send you the PoC or any related details"
Bend over abit more mate, I can't quite hear you.
My head hurts.
well now he has no cred and macs everywhere are still safe once more
Why does every single guy who purports to find some vulnerability in OS X end up looking like a total sleaze douche (Maynor and Ellich, cough cough)? Finding and reporting vulnerabilities is noble work, but these guys are all shady? Is this just a coincidence or are there no security researchers who know how to do things like a) be clear and b) be professional? They act shady, and then nobody believes them, and then they whine about Apple fanboys. It's stupid.
Because if you report a Windows vulnerability, you get money from Microsoft, the praise of the security community, and job offers. If you report an Apple vulnerability, you get Apple PR calling every Apple friendly publication they can, to attempt to discredit you, death threats, and get vilified across the net. Yeah, I wonder why they all end up looking like lowlifes?
@L.M.Lloyd: If you are not intentionally trolling for flames, you're doing a good job of looking like you are. Please keep focused on the issue instead of posting inflammatory "MS vs Apple" statements. They simply derail the discussion, which is specifically about:
- the existence or non-existence of a new OS X exploit, and
- the ethics of how such a discovery is related to the OS vendor.
Thanks.
That's an overgeneralization. Do you have an example that isn't Maynor and Ellich?
David Maynor: "I want to take a lit cigarette to Apple users' eyes."
Info Sec: "Some vendors need to be treated like children."
When you say things like this, you villify yourself. Crazy conspiracy theories don't need to come into play. Right now the Apple community has mostly been curios about the exploit, but now the story is focused on info sec and his crazy behavior and ramblings. HE is making the story about HIM. Nobody has villified him yet, but his shady behavior and mean spirit aren't exactly winning him any fans.
Even if Apple is "difficult" (which other security researchers have disclaimed) it doesn't give security researchers free reign to act like 12-year olds. Even if you are a bug-finding genius, if you act like a a shady asshole you'll get treated like one. So my question remains: why do security experts finding exploits in OS X seem like sleazy, immature assholes? There has to be some respectable, professional security researchers who can tell us what's going on here.
L.M. Lloyd
So what do these people think about Apple crediting them with finding these security issues?
http://docs.info.apple.com/article.html?artnum=305759
Apple credits anyone who reports a bug that is then fixed.
"Macs don't get viruses."
Woops, "related" -> "conveyed".