worm
Latest
OS X worm saga turns it up a notch with death threats
If you can keep track of the bad TV movie / high school drama that the OS X worm saga has become, hats off to you. In the latest round of confusing doublespeak from the underbelly of the security world, a few key players are (possibly) taking turns swapping identities -- and trading death threats. In the latest installment, Jon Ramsey is Infosec Sellout, David Maynor is LMH, anonymous commenters are promising to "put a bullet in your head for this!" and a spooky legion of "black hat" hackers known as the "Phrack High Council," (or PHC) are doing their best Freemasons impersonation. Now, with the Infosec site deletions, and Dave Maynor's supposed self-outing, calls being issued for the worm to be proven in the wild are increasingly mixed with the literal cries of bloody murder -- all over what can best be described as the lamest hoax for the biggest nerds in internet history. Check out the Computerworld article for some... insight?Update: As noted by a few commenters, David Maynor is now claiming on his blog that he isn't LMH, and that the admission "from" him had been faked. Of course, in this subterfuge-filled war of words, we'll take it with a grain of salt.[Via Slashdot]
Alleged OS X worm creator disappears
I'm not sure if you've been following the story of "Infosec Sellout" (it's a tough one to follow), but apparently the anonymous Mac hacker has given up blogging about OS X security-- his blog has been deleted and renamed on Blogspot. Just recently, he made headlines by claiming that he'd developed a worm for OS X called "Rape.osx," that hit a known vulnerability in the OS X mDNSResponder, an open source Internet protocol used by Apple. But apparently Infosec Sellout didn't think Apple responded appropriately to his warning (and/or his site was hacked itself), and he's gone quiet.Robert McMillian of the IDG news service has has contact with Infosec Sellout in the past, and heard from the hacker in an email that "it was a great experiment to see how the industry could handle some honesty, which they can't. They are quick to attack the credibility of others in order to hide their own flaws." From that comment, it sounds like Infosec thinks Apple is somehow claiming to be impenetrable, but as other security analysts say, that's far from true. Still another story is that Infosec's identity was close to being found out, and he quit because of that. Apparently Infosec says that the identity discovery was a factor, but not because he didn't want to be found out, just because he didn't want his employer to be approached by "crybabies."Strange story indeed. Unfortunately Infosec still hasn't revealed the hack, and says he won't reveal it to Apple until testing is completed.
InfoSec Sellout disappears, worm now claimed to affect OS X 10.4.10
InfoSec Sellout, the hacker(s) behind that claimed OS X worm we mentioned yesterday, has kinda-sorta disappeared from the Internets. Sellout's blog, which classified the information security industry as a bunch of "snake oil salesmen, pimps and whores," is "now dead" according to the anonymous blogger (or bloggers) who many think is hacker LMH of January's "Month of Apple Bugs." Mysteriously, the site has reemerged under a new name boasting a link to SecurityFocus where InfoSec Sellout's vulnerability claim now includes the latest version of OS X: 10.4.10. Oddly, Sellout claims that his/her site was hacked, and the new posts are fakes. Huh? Sellout claims that the reason for the shutdown was due to the loss of hacker anonymity from "cry babies" who can't handle a little honesty. Of course, none of this makes any sense. After all, there's always Google cache. Besides, if his/her (or their) claim of developing a first, massively propagating OS X worm is true, then just like DVD Jon before, Sellout's fiscal future as an industry professional would be all but guaranteed. So what are you really hiding from Sellout? [Via Macworld] Read -- InfoSec old site (via Google Cache) Read -- InfoSec new site Read -- InfoSec Sellout's identity? Read -- SecurityFocus vulnerability description
New OS X vulnerability found: worm released in lab?
Look, we're fine with Apple gloating about the security of OS X in their Mac vs. PC adverts. After all, we have yet to see a large-scale worm released into the Macintosh community. However, the fact that a worm hasn't been released on a Windows-esque scale likely has less to do with Apple's superior coding than the size of their market share, i.e., OS X is a smaller target. That might soon change, however. A vulnerability has reportedly been found and more importantly, exploited by an "independent researcher" known only as "InfoSec Sellout." Apparently, a previously undisclosed vulnerability in the OS X mDNSResponder (which Apple has patched before) allowed Sir Sellout to cobble together a worm dubbed "Rape.osx." InfoSec Sellout claims to have released the worm into a controlled environment thereby infecting a network of about 1,500 OS X systems by nabbing root and dumping a text file as an evidentiary foot print. However, the worm's author claims that it can be broadly weaponised with a payload of choice across both PPC and Intel-class Macs with just a bit more work. InfoSec Sellout will disclose the vulnerability to Apple only after his/her "research is complete" and after an appropriate level of compensation (er, InfoSec Ransom?) received. Dubious as that sounds, for better or worse, it's the way the game's currently played. [Via Slashdot]
Does QuickTime pose a security risk?
The whole QuickTime/MySpace security hole that was discussed this week on TUAW has given rise to a general concern about QuickTime's vulnerabilities. The QuickTime bug apparently allowed a worm to infect MySpace user profiles and redirected traffic to a phishing site, where passwords were harvested. An Information Week article suggests the security flaw could extend well beyond Myspace to both Mac and Windows users. The problem seems to stem from QuickTime's JavaScript support and a bug that allows malicious JavaScript code to affect browsers. The article states that although Apple has provided an Internet Explorer patch, it has yet to issue a general QuickTime fix across all platforms.
How would you react to a wide-spread Mac OS X virus?
One of the long-standing major appeals of the Mac OS has been its relatively small and low-impact ratio of serious security vulnerabilities and virus attacks. Users wear it like a badge on their shoulder, and even Apple has jumped in by flat-out bragging about Mac OS X's security with their latest Get a Mac ad campaign.While the debate surrounding exactly why the Mac has earned this reputation has raged at least since the term 'trolling' was coined, I'm a bit more interested in bending the space-time continuum and asking you, dear readers, a hypothetical: what would happen if a truly malicious Mac OS X virus were to break out in large scale? I'm talking about something along the lines of the Sasser worm, which grounded some Delta Airline flights, brought many other companies to their knees, and is estimated to have caused billions in damage.I know Apple's machines aren't quite as integral to the various operations of our society and businesses like Windows and Linux are, but it would be hard to argue that a good portion of of the Mac user base doesn't care about the security of their chosen OS. With this in mind, I wonder: would you keep your Mac in a day and age when 3rd party virus and security tools become a basic necessity of Mac OS X? Would you bite the bullet and buy Norton Virus Mega Security Bundle Premium 2007 beta 5? Do you think all those switchers - reeled in by Apple's "We don't have any viruses" Get a Mac commercials - would become crippled in disillusion?What say you, TUAW readers. How large of a hole in Apple's security record would be 'too large'?
MySpace blames Apple and QuickTime for hacked accounts
A malicious QuickTime movie made the rounds across MySpace profiles last weekend, altering user profiles and changing links on their pages to redirect to phishing websites crafted to look like MySpace logins. The movie, CNET reports, actually capitalized on a MySpace flaw and QuickTime's legitimate support for JavaScript to craft what has been dubbed the Quickspace attack. It is also worth noting that while this movie could infect users who simply viewed a compromised page, the attack (as far as we know) only works on IE and Firefox in Windows (in other words: if you're on a Mac, you can resume your regularly scheduled MySpace obsession). Yesterday, MySpace's chief security officer Hemanshu Nigam contacted Apple to request a fix to plug the hole, even though it was a flaw of MySpace in combination with a legit feature of QuickTime that caused all the damage. Apple is reportedly working on a fix, but for now the two companies have ironed out some workarounds, such as blocking all the phishing URLs and scrubbing their network for compromised profiles.On a side note: what exactly does one gain from harvesting MySpace account logins? Wouldn't oh, say, credit card numbers be a little more productive? I know there's a lot of kids out there who bank on whether they're in some people's top 8 spaces, but I'm still having a hard time seeing how or why phishers would deal in the same currency.Thanks Daniel
TUAW Podcast #13
This week's podcast involves Dan Pourhadi and the C4 developer shindig he attended, those exclusive Leopard screenshots we nabbed, iPod viruses and the corporate blame game, and we round off with Apple's preliminary 4th quarter earnings results. Dan and I kept things short this time around, as the podcast rounds off at just over 20 minutes and 18.6MB.As usual, you can grab the podcast via a direct link, our podcast RSS feed or in the iTunes Store podcast directory. Enjoy the show.Update: It seems there's a bug in our iTS feed preventing from getting this latest episode, though our other links for accessing the podcast are working just fine. We'll keep you posted.
Symantec offers an update for OSX.Leap.A
Well, here's something you don't see very often. Symantec has issued an update that offers protection agains OSX.Leap.A, the Mac Trojan Horse that we wrote about earlier. They classify it as a "level 1" on a scale of 1 to 5, so there's no need to slip into panic mode. It seems to be PPC only, so you lucky Mactel owners have nothing to worry about. Carry on.
