Filed under: Rumors, Software, Hacks, Blogging, Open Source
Alleged OS X worm creator disappears
I'm not sure if you've been following the story of "Infosec Sellout" (it's a tough one to follow), but apparently the anonymous Mac hacker has given up blogging about OS X security-- his blog has been deleted and renamed on Blogspot. Just recently, he made headlines by claiming that he'd developed a worm for OS X called "Rape.osx," that hit a known vulnerability in the OS X mDNSResponder, an open source Internet protocol used by Apple. But apparently Infosec Sellout didn't think Apple responded appropriately to his warning (and/or his site was hacked itself), and he's gone quiet.Robert McMillian of the IDG news service has has contact with Infosec Sellout in the past, and heard from the hacker in an email that "it was a great experiment to see how the industry could handle some honesty, which they can't. They are quick to attack the credibility of others in order to hide their own flaws." From that comment, it sounds like Infosec thinks Apple is somehow claiming to be impenetrable, but as other security analysts say, that's far from true. Still another story is that Infosec's identity was close to being found out, and he quit because of that. Apparently Infosec says that the identity discovery was a factor, but not because he didn't want to be found out, just because he didn't want his employer to be approached by "crybabies."
Strange story indeed. Unfortunately Infosec still hasn't revealed the hack, and says he won't reveal it to Apple until testing is completed.
Reader Comments (Page 1 of 1)
Steve D said 9:24AM on 7-19-2007
Maybe the Apple Mafia took care of business.
Reply
Buckingham said 9:27AM on 7-19-2007
Corny.
Reply
Gandhi said 10:05AM on 7-19-2007
May be we ought to sic Valleywag on this hacker and out him ;P
Reply
Cameron Campbell said 10:06AM on 7-19-2007
Anyone who calls their viral delivery packages "rape" is a moron of the very first water.
Reply
Maddles said 10:07AM on 7-19-2007
So this worm is fully automated and ready to use? Holy shi...wait, where is it? I don't see it.
...
Huh? It was never posted? No proof at all? And this person/group has disappeared? They got hacked!? Right when everyone began to focus on them? Is this too many question marks?...?......?...?........????????????
Seriously though, with no proof and a cocky attitude that sounds pretty much anti-Apple (has Infosec Sellout criticised Microsoft in the past?) I don't think this is true at all. When it comes to advertising their security Microsoft is just as bad as Apple. Remember when Allchin said he would let his son use Vista with no anti-virus? Quite frankly, you can tell Infosec Sellout is lying because to hack their blog they'd need to hack Blogger itself, or even his/her/their Gmail account depending on the way the blog was used.
I know if my blog were hacked like this I wouldn't just sit around. If you check the comments on the blog you'll find the guy (John) controlling it. I would then contact the appropriate services and get my blog back. Simple.
Reply
DrLex said 10:41AM on 7-19-2007
Maybe this worm made the infected computers self-conscient and it killed its creator.
Reply
Patrick McCarron said 10:56AM on 7-19-2007
So he created a worm, but wont tell Apple because he hasn't tested it yet? So it's just a theory and not in practice then? Why even announce something if it hasn't been tested?
Reply
mentalsticks said 10:57AM on 7-19-2007
I declare Shenanigans.
Reply
Todd said 11:01AM on 7-19-2007
+1 for BS. The original blog post claiming the worm wasn't really believable, more filled with hot air than credible details.
Reply
Michael said 11:32AM on 7-19-2007
"has Infosec Sellout criticised Microsoft in the past?"
Yes, he has.
Quote:
"How about any issues Microsoft has fixed in Vista and not disclosed. We know they do it and even a couple "researchers" whom I picture as the "Dumb & Dumber" of vulnerability research agree ..."
Infosec Sellout seems to have a pretty low opinion of *all* the vendors - and of some other researchers into the bargain. He has described David Maynor as a "media whore", suggesting Maynor was making too much of the Safari 3 flaws in order to get attention.
Quote:
"Why is it breaking news that you can crash Safari and maybe two of these issues are exploitable. I am sorry readers but unless someone spells it out to them both Maynor and Ferris would not know if something is exploitable if it slapped them in the face."
Go to MacWorld, if you want to take a peek at some of his old posts before they were wiped. They've got links to a cached page.
http://www.macworld.com/news/2007/07/18/worm/index.php
The posts are stylistically interesting apart from anything else. The quotations I've seen reported recently read like something from a 13-year-old with learning difficulties, but these earlier ones are written in a fairly clear and fluent style. One can only speculate on whether this guy was hacked or whether he deliberately defaced his own site to throw people off the scent.
Reply
Joel said 2:42PM on 7-19-2007
It's amazing how this guy has ZERO proof, then when the heat gets turned up he just disappears and some people want to somehow believe he is for real!
It's just hard for me to believe so many people are naive enough to think you can trust someone who refuses to provide any proof.
I guess when you blindly hate Apple you are willing to believe any negative Apple "news".
Reply
smoke_tetsu said 1:00AM on 7-21-2007
How dare we be so ungrateful for them trying to bring to us what we've been missing on our Macs? After all they did it from the goodness of their hearts! Don't you know a lot of people are holding off getting Macs because of lack of their favorite applications.. Malware!
I kid! ;)
Reply
Tom said 3:30AM on 7-21-2007
He didn't disappear. Well, he did briefly, but that's because his blog was hacked. Supposedly by David Maynor (the same David Maynor involved in the MBP WiFi exploit last year), who denies it.
If you ask me, these security "researchers" who find vulnerabilities in Mac OS X are extremely unprofessional and childish. That includes Maynor, InfoSec Sellout, and the Month of Apple Bugs guys. They're basically just out there to give Apple some bad publicity and gain attention for themselves.
Reply
JeffDM said 6:37PM on 7-22-2007
Tom (#13); I think it's more likely that these people are interested in personal gain and they don't care who bears the brunt.
As far as I know, the two examples that you gave are the only ones causing problems. There are plenty of security researchers that do find problems and they actually bother to tell Apple rather than do this public posturing. These two guys are outliers and should not be taken as representative of the whole.
I don't know why David Maynor would hack someone else's blog, there at least needs to be a better motive than that, so I don't buy that explaination. If he's really out to get Apple like you suggest, then why would he sabotage the efforts of someone else that's also supposedly out to get Apple, as you also suggest? While I don't think one has sabotaged the other, it would be for personal gain because of "stealing" the limelight, not because of an anti-Apple sentiment.
Reply