Worm Claimed For Apple OS X 398
SkiifGeek writes "Controversy is slowly building over the development of a claimed new worm that targets OS X systems, dubbed by its inventor Rape.osx. Using a currently undisclosed vulnerability in mDNSResponder, the worm is said to give access to root as it spreads across the local network. As with a number of recent Apple-related security discoveries, the author, InfoSec Sellout, is delaying reporting the vulnerability to Apple until after completing full testing of the worm. While the worm has yet to leave a testing environment (with 1,500 OS X systems), it is bound to join the likes of Inqtana and Leap as known OS X malware."
*ahem* (Score:5, Insightful)
If by fully testing you mean "auctioning it to the highest bidder" then yea.
I question the ethics, and my legality (Score:4, Insightful)
Tipping the scales? (Score:5, Insightful)
Re:worm in apple? (Score:3, Insightful)
Re:I question the ethics, and my legality (Score:5, Insightful)
Okay... let me get this straight... (Score:5, Insightful)
Somebody writes a worm for OSX that works across a specific test network (of which we have no clue as to settings, layout, patch levels, etc etc), and it's really, really, really big news. Media orgs around the planet sound the klaxon, and (nearly) everyone gets all hyper-ventilated. Claims of "OSX is just as vulnerable!!!1111!!" will fly off the pages.
Meanwhile, the next near-periodic iteration of MSFT-specific malware in-the-wild will get not so much as a grunt outside of security circles (such as SANS ISC and F-Secure's blog as ferinstances). It will likely subvert 40x as many victims in its first hour, and the media won't say so much as 'boo' about it.
Perspective (at least outside of security and some geek circles)? Never heard of it.
Re:I question the ethics, and my legality (Score:0, Insightful)
I want to give you the benefit of the doubt, but your post really reads like you're an irritated Mac fanboy. Congress? Illegal? Give me a fucking break!!
Re:I question the ethics, and my legality (Score:4, Insightful)
Re:Okay... let me get this straight... (Score:1, Insightful)
Market share? (Score:3, Insightful)
Re:Tipping the scales? (Score:5, Insightful)
The author claims, "While it is nothing special compared to Windows based Malware it does prove a point -- Apple Computers are just as susceptible to Malware as Windows based ones." Oh, bullshit. The fact that this particular security vulnerability exists does not mean that OS X is just as much a wide-open target as Windows is.
In the "Classic" MacOS days, there was a fair amount of Mac malware -- never as much as in the PC world, of course, but plenty of it running around. Since OS X became the standard, this hasn't happened. The "vulnerability through popularity" argument just doesn't hold up to this fact.
Re:Okay... let me get this straight... (Score:4, Insightful)
Re:Is mDNS even routable? (Score:5, Insightful)
Re:Okay... let me get this straight... (Score:5, Insightful)
Major difference. In fact, every Mac user I know expects a "true" virus or two to show up for OS X sooner or later, but what of it? So the ratio will go from a bazillion to zero to a bazillion to one or two.
Apple has roughly a 2.5% worldwide market share--wake me when they have anywhere close to 2.5% as many viruses as Windows and I'll start being overly concerned.
Re:I question the ethics, and my legality (Score:4, Insightful)
Re:I question the ethics, and my legality (Score:5, Insightful)
Maybe it shouldn't be. There are hundreds of
Neglecting to report a vulnerability is not remotely criminal, no matter how much you disagree with his motivation.
Re:I question the ethics, and my legality (Score:5, Insightful)
Re:worm in apple? (Score:2, Insightful)
Re:I question the ethics, and my legality (Score:1, Insightful)
Re:Tipping the scales? (Score:3, Insightful)
Perhaps Paterson's folly?
1500 Test stations? (Score:5, Insightful)
Re:That's not true... (Score:1, Insightful)
also quite useless (Score:4, Insightful)
Isn't this kinda like working out a vulnerability in AppleTalk a month before they stopped using it?
Re:Dear Apple Inc (Score:1, Insightful)
Re:Okay... let me get this straight... (Score:3, Insightful)
here, look for Viruses...
Quote:
PC: Better stand back this one's a doosy.
Mac: That's ok I'll be fine.
PC: No, no not be a hero. Last year there were 114,000 known viruses for PCs.
Mac: PCs, but not Macs, so...
Where does it say that Macs are invulnerable to viruses?
Re:I question the ethics, and my legality (Score:3, Insightful)
HOWEVER, you don't have to be a fan of any specific platform to find the way the guy handles this to be extremely unprofessional.
The
Meanwhile, this guy is proclaiming a vulnerability (but disclosing no details for anyone to learn from or judge the severity of), while simultaneously saying he has not yet -- and does not yet plan to -- report the vulnerability to the vendor. It's basically a shameless grab for publicity with vague information, rather than someone demonstrating that they take security research seriously.
The nature of the exploit, or the platform it affects, is not relevant to the guy's behavior; it's just plain irresponsible of any security researcher to act this way. It would be equally irresponsible to find some serious, significant exploit in Linux and trumpet 'ZOMG, I just discovered that there's a way for any program to steal root through a specific exploit in the current version of KDE! But I'm not going to tell the KDE folks anything about it until I've finished testing.' (Also, the guy would get eaten ALIVE by the Slashdot community for pulling a stunt like that, but I digress.)
Security researches are respected and taken seriously by vendors and developers (rather than being thought of as malicious hackers) specifically
That's my $0.02, anyway.
Re:pfft (Score:5, Insightful)
Covered in shit? (Score:4, Insightful)
"I'm not going to use Mac because while it may be clean now, I could get covered in shit at any time!"
"But you're already covered in shit".
"Errr... yes. But I'm sorta used to it..."
Re:I question the ethics, and my legality (Score:5, Insightful)
Re:also quite useless (Score:4, Insightful)
Many of the major Windows worms and so forth target vulnerabilities which have already been fixed (and the fixes pushed out) months before. Not only will many not upgrade to Leopard, if the OS X userbase is similar to the Windows userbase (I'm not sure if it is, but still), many will simply not click the button to install the updates, and leave themselves vulnerable.
Re:But I don't understand... (Score:1, Insightful)
Erm, what do you think browser plugins using NSAPI do?
I have no doubt that OSX is more secure than Windows - how could it not be? Maybe a silly attitude since I don't know much about BSD, or what Apple changed to make the OS more user friendly (maybe they added in something equivalent to ActiveX that gives nice fancy features but poor security?), but I find it hard to believe that any recent OS could be worse than the mess that is Windows. And I hope there never will be.
OS X probably is more secure, at least than XP if not Vista, because of obscurity. On a technical level, browser plug-ins are technically similar to Active X, in that they give nice features, but allow foreign code to execute it the browser process (ie the plug-in code), so if there's a bug in that code, a malicious website can potentially take advantage of it to hijack the browser process, and then do anything that process can do (which on OS X is, I think, anything the owning user can do -- Vista runs at least IE processes with more restricted security, so hijacking the browser process is of limited value).
Re:rape.osx is fitting (Score:4, Insightful)
Actually... (Score:5, Insightful)
Here's an idea: Shut up, and let those who are interested in the article discuss it. Thanks.
Assuming he hasn't made up that bit... (Score:3, Insightful)
Re:also quite useless (Score:3, Insightful)