InfosecSellout
Latest
OS X worm saga turns it up a notch with death threats
If you can keep track of the bad TV movie / high school drama that the OS X worm saga has become, hats off to you. In the latest round of confusing doublespeak from the underbelly of the security world, a few key players are (possibly) taking turns swapping identities -- and trading death threats. In the latest installment, Jon Ramsey is Infosec Sellout, David Maynor is LMH, anonymous commenters are promising to "put a bullet in your head for this!" and a spooky legion of "black hat" hackers known as the "Phrack High Council," (or PHC) are doing their best Freemasons impersonation. Now, with the Infosec site deletions, and Dave Maynor's supposed self-outing, calls being issued for the worm to be proven in the wild are increasingly mixed with the literal cries of bloody murder -- all over what can best be described as the lamest hoax for the biggest nerds in internet history. Check out the Computerworld article for some... insight?Update: As noted by a few commenters, David Maynor is now claiming on his blog that he isn't LMH, and that the admission "from" him had been faked. Of course, in this subterfuge-filled war of words, we'll take it with a grain of salt.[Via Slashdot]
Alleged OS X worm creator disappears
I'm not sure if you've been following the story of "Infosec Sellout" (it's a tough one to follow), but apparently the anonymous Mac hacker has given up blogging about OS X security-- his blog has been deleted and renamed on Blogspot. Just recently, he made headlines by claiming that he'd developed a worm for OS X called "Rape.osx," that hit a known vulnerability in the OS X mDNSResponder, an open source Internet protocol used by Apple. But apparently Infosec Sellout didn't think Apple responded appropriately to his warning (and/or his site was hacked itself), and he's gone quiet.Robert McMillian of the IDG news service has has contact with Infosec Sellout in the past, and heard from the hacker in an email that "it was a great experiment to see how the industry could handle some honesty, which they can't. They are quick to attack the credibility of others in order to hide their own flaws." From that comment, it sounds like Infosec thinks Apple is somehow claiming to be impenetrable, but as other security analysts say, that's far from true. Still another story is that Infosec's identity was close to being found out, and he quit because of that. Apparently Infosec says that the identity discovery was a factor, but not because he didn't want to be found out, just because he didn't want his employer to be approached by "crybabies."Strange story indeed. Unfortunately Infosec still hasn't revealed the hack, and says he won't reveal it to Apple until testing is completed.
InfoSec Sellout disappears, worm now claimed to affect OS X 10.4.10
InfoSec Sellout, the hacker(s) behind that claimed OS X worm we mentioned yesterday, has kinda-sorta disappeared from the Internets. Sellout's blog, which classified the information security industry as a bunch of "snake oil salesmen, pimps and whores," is "now dead" according to the anonymous blogger (or bloggers) who many think is hacker LMH of January's "Month of Apple Bugs." Mysteriously, the site has reemerged under a new name boasting a link to SecurityFocus where InfoSec Sellout's vulnerability claim now includes the latest version of OS X: 10.4.10. Oddly, Sellout claims that his/her site was hacked, and the new posts are fakes. Huh? Sellout claims that the reason for the shutdown was due to the loss of hacker anonymity from "cry babies" who can't handle a little honesty. Of course, none of this makes any sense. After all, there's always Google cache. Besides, if his/her (or their) claim of developing a first, massively propagating OS X worm is true, then just like DVD Jon before, Sellout's fiscal future as an industry professional would be all but guaranteed. So what are you really hiding from Sellout? [Via Macworld] Read -- InfoSec old site (via Google Cache) Read -- InfoSec new site Read -- InfoSec Sellout's identity? Read -- SecurityFocus vulnerability description
New OS X vulnerability found: worm released in lab?
Look, we're fine with Apple gloating about the security of OS X in their Mac vs. PC adverts. After all, we have yet to see a large-scale worm released into the Macintosh community. However, the fact that a worm hasn't been released on a Windows-esque scale likely has less to do with Apple's superior coding than the size of their market share, i.e., OS X is a smaller target. That might soon change, however. A vulnerability has reportedly been found and more importantly, exploited by an "independent researcher" known only as "InfoSec Sellout." Apparently, a previously undisclosed vulnerability in the OS X mDNSResponder (which Apple has patched before) allowed Sir Sellout to cobble together a worm dubbed "Rape.osx." InfoSec Sellout claims to have released the worm into a controlled environment thereby infecting a network of about 1,500 OS X systems by nabbing root and dumping a text file as an evidentiary foot print. However, the worm's author claims that it can be broadly weaponised with a payload of choice across both PPC and Intel-class Macs with just a bit more work. InfoSec Sellout will disclose the vulnerability to Apple only after his/her "research is complete" and after an appropriate level of compensation (er, InfoSec Ransom?) received. Dubious as that sounds, for better or worse, it's the way the game's currently played. [Via Slashdot]
