back to article 'Mac worm' hacker in death threat farce

Claims by an anonymous author that he was paid to create a worm targeting Mac OS X systems are turning into a soap opera-style farce. Infosec Sellout said his 'Rape-OSX' worm uses an undisclosed vulnerability in the mDNSResponder component of Mac OS X to spread. Low-threat malware targeting Mac OS X systems is unusual, but …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Joanna Rutkowska

    I suspect the "Hi Joanna" comment might be related to the story a few weeks ago about her requesting payment in order to development the Blue Pill undetectable rootkit (http://www.theregister.co.uk/2007/07/06/blue_pill_showdown/), but who knows?

  2. Charles

    Hacker revealed?

    Macintouch.com leads today with a link to this very interesting linux listserv message:

    http://www.whitestar.linuxbox.org/pipermail/fuzzing/2007-July/000399.html

    A message claims to be from LMH, identifies himself as David Maynor, and says that Infosec Sellout is Jon Ramsey of Secureworks

    The message looks more like disinformation and self-aggrandizing hype to me.

  3. Paul

    Well what dose he expect?

    Mac Fanboi's dont want it known that there is any problems with any Mac product.

    He would be ok. Apple have yet to bring out the iGun or iKnife...

  4. Anonymous Coward
    Anonymous Coward

    The noise you just heard

    Was as if millions of fanboy voices suddenly cried out in terror and were suddenly silenced. I fear something terrible has happened...

    My mistake, they aren't going to be quiet...

  5. Dave

    iKnife?

    I think he'd be safe from the iKnife, it might use cutting-edge technology but the blade would probably be nicely radiused to give a more aesthetic appearance.

  6. Anonymous Coward
    Anonymous Coward

    iGun

    nothing to worry about it has a point and click... click... click interface

  7. Anonymous Coward
    Anonymous Coward

    iDon'tCare...

    ...if Mac worms really exist, because I don't plan on owning a product that might somehow associate me with the psychotic, insult hurling, death threat making fanboys. Bloody maniacs the lot of 'em.

    On the iGun: Putting in a reloadable clip would "spoil the aesthetic lines", you'd have to take it to your nearest Apple dealer to have it reloaded.

  8. Ron Eve

    Wot no fanboys?

    Interesting.

    Second time today I've read a Mac-related article on El Reg which has several comments by folk who seem to expect loads of Apple fanboys to flame the comments. But flames there are none...

    Is it because Mac users really couldn't give a toss what these mostly illiterate and ill-educated losers think?

    (And please note the spelling - 'lose' which means 'to be deprived' and not 'loose' - which means 'not tight or firm')

    Bracing myself...

  9. Anonymous Coward
    Anonymous Coward

    iGun

    "nothing to worry about it has a point and click... click... click interface"

    Yeh, but it's only got one button, which has to serve as both safety-catch AND trigger.....

  10. Steve

    Clique Cliche

    "The information security community is a small, almost exclusively male clique"

    In all fairness, that should probably read "The small number of self aggrandizing egomaniacs who dub themselves security researchers and spend most of their time engaged in mastubatory self publicising via the medium of the interent and humping each others legs, is a small, almost exclusively male clique"

    There are plenty of people involved in security research around and about the place who just quietly get on with it without all the 'I'm a leet hax0r, but yet oh so respectable' bullshit.

  11. Bryan Baca

    Re: iGun

    "Yeh, but it's only got one button, which has to serve as both safety-catch AND trigger....."

    So it's a Glock? Pretty ugly for an Apple product...

  12. Anonymous Coward
    Anonymous Coward

    Why keep having a go at Mac Fans????

    I find it funny that so many people feel so threatened that they have to keep having a dig at people who use Macs. I was a Windows programmer and user for 20 years but got sick of the patch updates - but I still have to work with it. I found that all of the "real" researchers and scientists doing processor design, OS design, Java/JavaEE strategy and futures, and real "science" in the US labs used Macs out of choice. So did NASA engineers!

    Basically, the GUI makes things easy when you want to be lazy and just get things done, and the Darwin (BSD on a Mach MicroKernel) core gives security, flexibility and power when it is needed.

    If the guys with IQs higher than a room full of politicians use Macs, who am I to argue....

  13. Levente Szileszky

    Title

    "Wot no fanboys?

    By Ron Eve

    Posted Thursday 19th July 2007 17:58 GMT

    Interesting.

    Second time today I've read a Mac-related article on El Reg which has several comments by folk who seem to expect loads of Apple fanboys to flame the comments. But flames there are none...

    Is it because Mac users really couldn't give a toss what these mostly illiterate and ill-educated losers think?

    (And please note the spelling - 'lose' which means 'to be deprived' and not 'loose' - which means 'not tight or firm')

    Bracing myself..."

    Thanks - I was worrying we won't have a single idiotic Apple fanboy-comment calling everybody else "ill-educated" and "loser" who's outside of effective radius of Apple's RDF... now we have at least one entry, thanks for your help.

  14. Levente Szileszky

    Sheesh. These fake 'switchers' are really boring.

    Anonymous Coward wrote it:

    "I was a Windows programmer and user for 20 years but got sick of the patch updates..."

    Oh, yes sure. That's all you have to say- we got who you are, trust me.

    "and real "science" in the US labs used Macs out of choice."

    Sheesh... this is one of the most worn-off fake posts that fake Windows-switchers/programmers/sysadmins/researchers/etc (= zealot Mac fan) used to post since the beginning of digital age - how about some creativity when it comes to faking posts, fanboys? :)

  15. Dillon Pyron

    Elite clique?

    I'm a security jock. There is, in fact, an elitist clique. Of course, most of them know very little about security and lots about how to talk big. And largely male? Not where I've worked.

  16. Anonymous Coward
    Anonymous Coward

    mDNSResponder

    This is not a very popular product, so its not a big threat. Its not like its something that comes built into the Mac, its freeware you download if you want to update no-ip.org or others when your IP address changes.

    Thats why there are no fanboi flames. They probably don't even use it.

  17. Jared Earle

    Freeware?

    "Its not like its something that comes built into the Mac, its freeware you download if you want to update no-ip.org or others when your IP address changes."

    Bzzzt. Try again, Jeremy.

    It's the Multicast DNS daemon installed as a standard part of OSX since 10.2 (Jaguar).

  18. Anonymous Coward
    Anonymous Coward

    A few comments:

    1. Given the possible identity of this guy, does he have any credibility left?

    2. Given that almost anybody gets death threats via the internet, why do we care? I've received death threats before, why is this news?

    and 3. How do we know that he's not just making this all up for attention?

    4. When a fanboi of anything comments, they are usually made great fun of. Would they fall into that trap, assuming that they have a minimal amount of intelligence?

  19. Joe S.

    Waterboys

    Anonymous Coward wrote it:

    "I was a Windows programmer and user for 20 years but got sick of the patch updates..."

    Oh, yes sure. That's all you have to say- we got who you are, trust me.

    "and real "science" in the US labs used Macs out of choice."

    Sheesh... this is one of the most worn-off fake posts that fake Windows-switchers/programmers/sysadmins/researchers/etc (= zealot Mac fan) used to post since the beginning of digital age - how about some creativity when it comes to faking posts, fanboys? :)

    How about some actual facts when it comes to replying to anyone? Instead we get the usual MS waterboy nonsense. Check this forum who is responding? Why, it's the usual MS zealots & their ilk armed with nothing but insults & low on facts. Cheap name calling tactics & ready to hump Billyboys leg at the drop of a hat. Wow! some unknown coward who took money from some unknown source to expose a hole in Apple's OS got an alleged death threat! Must be true...after all the credible source with no name or accountability says so. Talk about no signs of rational thought.

    There may be a hole in OSX...but this person has no credibility. Bill Gates himself has spouted that Vista is the most secure OS on the planet.

    http://news.bbc.co.uk/1/hi/technology/6313981.stm (many more of these articles)

    Where is this this "Experts" outrage over those statements? Another MS waterboy carrying the FUD.

    Apple has never stated that their OS is more secure than anything on the planet or that it is invulnerable. Their commercials stated that the 100,000 plus viruses & 10,000 plus pieces of malware out there that affect Windows don't affect the Mac OS. Which is essentially true. Most Mac users know that OSX is not invulnerable. Nothing is. They just know that it was built on a better foundation than Windows ever was. That's not being smug...just being honest. Same with Linux users. Better foundation. I'd like to know who paid this guy to do this. That would be a story.

  20. Anonymous Coward
    Anonymous Coward

    Re:Sheesh. These fake 'switchers' are really boring.

    Not a fake switcher by any means.

    My house has Unix machines of different flavours (AIX, HP-UX, Solaris, SGI Irix), various Unix clones (Linux), and lots of Windows machines. All sitting behind Cisco networking (firewalls, routers, switches). Why? Well, most enterprises are complex and Windows is important.

    But, when I do development work what do I choose to work on... A Mac. Since I got most things working in Eclipse (yes, even C Sharp and MSIL via Mono) its more comfortable. When I test I use Virtual PC or Bochs on PowerPC or Parallels on Intel if I have to target Windows.

    What do I use for authentication? Windows AD becuase of Kerberos (RFC1510) and LDAP/POSIX (RFC2307).

    Yet, after 20 years of Windows (yes, C and x86 assembler with Windows 1.04), I just got fed up with viruses, spyware and constant patching. A researcher from Sun told me to try a Mac and I laughed at them. One of the leading figures behind virtualisation and high end processor design told me to try one. I wanted to be balanced so I did try one - fully intending to make fun - but I was hooked. So, my main development machines are now iBooks, Mac Minis, Mac Pro, etc.... Even MS use Mac Pro's for some of the Windows Developers - running Windows of course.....

    The Mac has less of an attack surface than Windows Vista, but may not be inherently secure by design although I suspect it possibly is. However, it doesn't have the idiots who target it day after day. So, end of problem...... I stilll run firewalls. I still have virus checkers. I haven't suffered from a virus, trojan, or spyware since I switched. Yet Spyware or untested patches in responses to spyware was causing lots of wasted evenings before. I'm happy - are you?

    So, grow up. Some people really do switch.

  21. Iain Cartledge

    Re: Re: Sheesh. These fake 'switchers' are really boring.

    I've used MS PCs for development, gaming, writing and general web use for the last 17 years or so and I've had 2 virii over that time. One was a Word macro virus which the family PC got when I was about 12 and the other is an IRC worm which I picked up when I first started using IRC and was a bit uneducated about its use.

    If you're sensible about your PC or your Mac you won't get infected, it's pretty much your own fault if you do. Seeing as I like to play games I use a PC, especially since I want to keep my PC up-to-date hardware wise without doubling my carbon footprint and buying a new box each time I want to upgrade.

    Saying that, Eclipse is great..and when I was doing Java, using IntelliJ IDEA was amazing (until its refactoring deleted a load of stuff I had been working on the weekend before I had to hand it in).

  22. Spike Ravenscroft

    Fanbois Vs Waterboys

    Geez, Some people like Macs and some people like PCs.

    *vision of the future*

    2 armies poised on the edges of a battlefield, one flies the four color Microsoft banner, one the white apple flag...

    Why does everyone have to like the same thing?

    I think i missed the memo on that one.

    And I used to be a confirmed PC user...and then I started using a Mac and I havent looked back. I find it much easier to use and more suitable for the tasks I want to acheive. And, I do find it much more secure

  23. Ian

    NASA use Macs?

    If by NASA and so forth using Macs you mean the bright people at NASA then you couldn't be further from the truth. If however you mean the muppets in the design/advertising section, then maybe, but unlikely.

    One of the fundamental rules when doing scientific or mathematical work is that you can't state something as being correct unless you have all the facts, closed source operating systems like MacOS X and Windows don't allow engineers, scientists, mathematicians and so forth to examine how the OS implements various features, can you really trust the OS to handle some mathematical function and so forth? Open source OS' like the Linuxs and BSDs are the OS' use by anyone in a serious role at a place like NASA, because you can prove the correctness of the fundamental parts of the OS from the source code and assure yourself that nothing has changed in the source using diff each time a patch is issued to the system in question. It's no use designing something, say perhaps a piece of machinery that's safety critical for astronauts in space that depends on say a certain mathematical function provided by the OS, proving that piece of code correct using mathematical induction under the assumption that the OS provided function works only to find that it doesn't work right for certain inputs when the astronauts are already up there. You need to be able to prove the correctness of the hardware implementation, the OS layer and your own code. The same rules apply to any computer-aided scientific research or any safety critical system anywhere. To suggest Macs are used by some of the world's most intelligent minds for their work, is, quite frankly, a lie.

    Mac OS has a major problem and that's that it doesn't have the proprietary market share that Windows does and hence doesn't have even 1% of the applications or even games and it doesn't have the openness of the open source operating systems. It looks pretty, and it has the rebellious factor in that people can say "Hey look at me, I'm different!", many people will tell you how amazing the UI is, but when it comes to it's simply not all that. To cite an example, you hear the same argument with the iPhone, "Sure it has sod all apps but it's so easy to use!" Hate to say it, but if my 3yr old cousin and my 83 year old grandma can use existing mobile phone UIs then ease of use is clearly already at a level where it's not a barrier to entry for anyone whatsoever anyway. The only thing Apple's notebooks, desktops and phones have going for them is the style factor and the rebellious "I want to be different factor", there's really no practical reason to use MacOS at the end of the day because it doesn't do anything practical that other OS' don't do better, aesthetics do not make up for lack of practicality at the end of the day.

  24. Steve

    RE: Why keep having a go at Mac Fans????

    I don't think anyone *is* having a go at 'Mac fans', rather at the 'fanboys', who are a different species of drooling zealot altogether.

    As for the whole patch update malarky, I personaly have never seen a machine get zorched by MS update and I've worked with pretty large orgs.

    There isn't anything that makes Macs, Windows or linux boxes intrinsically better than each other, just dfferent strokes for different folks.

    Wilful blindness to this hapy fact is part of what defines a 'fanboy', IMHO.

    And for the record, I also dislike MS and linux fanboys, methodology zealots, and the whole spectrum of drooling loonies that believe they have found the One True Way and anyone who disagrees with them must therefore be wrong.

  25. Craig Edwards

    Virii

    I believe the plural of virus is viruses. Where does the common use of 'virii' as a plural come from anyway?

  26. Sceptical Bastard

    Get a life (and NOT on Sadville)

    Quote: "So, grow up. Some people really do switch."

    Years on Macs, a bit of BSD, plenty of Linux, and most Windows since 2.0 - I've chopped and changed as work demanded but I hope I've not been a smug self-righteous know-all git about any OS.

    How the f**k can people get so fundamentalist about computer operating systems? I mean, aren't there enough zealous nutters in the world already? Maybe there are 72 virgins awaiting every Unix martyr?

    I sit in front of bloody computers all day every day to earn a crust and, far from zealotry about this or that OS, I am delighted when 5pm comes round and I can turn away from the monitor , get out of the office, and pursue my *real* passions - drinking beer, watching television, and trying to persuade the wife's sister into wildly kinky transgressional sex (or ANY sex come to that)...

    Fanboys, forget computers - get a life!

  27. Neil Anderson

    Latin plurals

    You are correct, Craig. The plural of virus is viruses. It is not viri, or even worse, virii. True, the word comes directly from Latin, but not all Latin words ending in "us" have "i" as their plural. Viri is the Latin word for 'men' — plural of vir, man; root of the English "virile". There is no written attestation of a Latin plural for virus.

    Cheers, Neil Anderson http://www.cyclelogicpress.com

  28. Jim

    Re: NASA use Macs?

    I have to assume that you work at NASA, going by the authorative nature of this comment. Although the overall feeling I am left with is that you are guessing (my opinion obviously).

    If you are doing number crunching on a computer then you need to know how the hardware, OS and complier handle data types such as integers and floats. This information is widely available irrespective of the open/closed status of the OS. Also, remember that one of the most powerful computers on the planet is a cluster of Macs.

    If you want a super reliable system then you are going to base it on an RTOS such as LynxOS. Something where you know what is going to happen and when. The RTOS example given is open standard but closed source so, by your argument, not suitable for safety critical applications – exactly the market in which it is promoted.

    "there's really no practical reason to use MacOS at the end of the day because it doesn't do anything practical that other OS' don't do better, aesthetics do not make up for lack of practicality at the end of the day."

    This is just rubbish. Are you saying that OS X (not MacOS – different thing, think of a number 9 or less) is “worse than every other OS out there for everything” or that “while better than some at some things is worse at others”. The first being untrue and the second being irrelevant until a set of requirements are compared against performance. There is always a practical reason to use any mainstream OS. If there wasn’t then it would disappear, as many have.

This topic is closed for new posts.