Slashdot Mirror
Worm Claimed For Apple OS X
SkiifGeek writes "Controversy is slowly building over the development of a claimed new worm that targets OS X systems, dubbed by its inventor Rape.osx. Using a currently undisclosed vulnerability in mDNSResponder, the worm is said to give access to root as it spreads across the local network. As with a number of recent Apple-related security discoveries, the author, InfoSec Sellout, is delaying reporting the vulnerability to Apple until after completing full testing of the worm. While the worm has yet to leave a testing environment (with 1,500 OS X systems), it is bound to join the likes of Inqtana and Leap as known OS X malware."
But if I were the guy, I'd have made a virus and called it AIDS.osx.
Hey, there's a worm in my apple...
I thought Apples didn't get worms. (sarcasm)
That's impossible!
It's not a flaw; it's a feature. Remember, things are a little different in the Apple world ;)
As with a number of recent Apple-related security discoveries, the author, InfoSec Sellout, is delaying reporting the vulnerability to Apple until after completing full testing of the worm.
If by fully testing you mean "auctioning it to the highest bidder" then yea.
- Adam L. Beberg - The Cosm Project - http://www.mithral.com/
Disable mDNSResponder:
/System/Library/LaunchDaemons/com.apple.mDNSRespon der.plist
sudo launchctl unload -w
First of all, if he's found a real vulnerability, he reports it. I don't care if it's Apple or Linux or even Windows. "Waiting until I finish it" is a disgusting excuse. Will he sell it to the bad guys? Is this free publicity for some jerk? I think the Slashdot world ought to have a serious discussion of this kind of jerk. I think Congress might to. If what he's doing isn't illegal now, maybe it should be.
The fact that the breaking news on slashdot is "someone found the third way to attack a mac machine" is a compelling argument to purchase a mac over a PC. Unless someone can explain to me how this is the seed of an impending snowball of mac-targeted malware.
exactly what vulnerability in mDNSResponder is it exploiting? Since mDNSResponder also runs on windows if you install bonjour for Windows, does that mean it can possibly be affected too?
Is there controversy over the fact that someone is making, testing, improving, and preparing a worm that could be used to infect systems, or controversy because Macs can be infected by this worm?
While InfoSec Sellout states that the worm only seeks out other systems on the same network for infection, they point out that it is not going to take much extra work for the worm to attack a much broader network segment.
It's my understanding that the daemon in question works only on the LAN and is part of Bonjour/Rendezvous/Zeroconf/Avahi.... if this is the case, assuming a decent firewall, aren't you only vulnerable within your own local network?
and he ends up married to a GINGER!
Somebody writes a worm for OSX that works across a specific test network (of which we have no clue as to settings, layout, patch levels, etc etc), and it's really, really, really big news. Media orgs around the planet sound the klaxon, and (nearly) everyone gets all hyper-ventilated. Claims of "OSX is just as vulnerable!!!1111!!" will fly off the pages.
Meanwhile, the next near-periodic iteration of MSFT-specific malware in-the-wild will get not so much as a grunt outside of security circles (such as SANS ISC and F-Secure's blog as ferinstances). It will likely subvert 40x as many victims in its first hour, and the media won't say so much as 'boo' about it.
Perspective (at least outside of security and some geek circles)? Never heard of it.
Quo usque tandem abutere, Nimbus, patientia nostra?
It's a bug, it's a problem, but it's no Blaster by a long shot.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Doesn't mean you can't build them. Just means none are released in the wild, true to this date.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Mod parent funny. I got a laugh.
So, not quite like the Internet-spanning, DDOS-producing Windows worms we've come to know and hate. I'm not too surprised the vulnerability was in MDNSResponder, though. Someone I work with found a few problems in the code when running it on Linux.
I havent really looked at the market share percentages of OSes recently, has Apple really grown large enough for Virus makers to start targeting Apple?
I'm guessing Matasano Security is paying him for this vulnerability.
They're the ones who challenged Joanna Rutkowska about her bluepill (see the "Hi Joanna" quote on the blog), and have had contact with infosec sellout in the past.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 is the magic number.
Given that the claimed vulnerability is in mDNSResponder, whose source is available under the Apache-2 license, and that we have a hint of what the vulnerability is ("proof-of-concept worm was able to reliably deliver root and was based on a variation of mDNSResponder vulnerabilities that Apple had previously patched" - the only one that I could think of was CVE-2007-2386) someone far smarter than I could find and patch the vulnerability before InfoSec Sellout's work is complete. Isn't F(and/or)OSS great?
The actual exploit code would need to be different for Windows than for Mac OS X, but it's a safe bet that the underlying vulnerability (buffer overflow or whatever) is present in Bonjour for Windows, as well.
It seems to me that the vulnerabilities in OSX will keep increasing as they keep layering stuff over their BSD core. It seems to me their kernel and lower level stuff is widely tested and secure, since you can see most of its source. However, software that they keep pushing out to improve OSX will probably be just as vulnerable as any of Microsoft's stuff.
Disclaimer: Disregard the above post.
200,783 to go...
guns kill people like spoons make Rosie O'Donnell fat.
I was being serious!
Isn't the root account disabled by default on OS X systems? I wonder how the worn handles that... Just curious. I have never **cough cough** enabled the root account on my Macs.... Most likely, it will go after any account with admin rights? Steve
Rumour has it there are some fairly major Ubuntu virus programs on the horizon. (Targeted for September "back to school" time.) I wonder what slashdot will have to say about that.
Y'poor bastard, Apache has a larger share of the web server market than IIS, and is just as often targeted, but is more secure. Your question, however, is about targeting, and you're spot on. Mac users are singularly useless when it comes to security. You got modded flamebait by an overzealous dickwad Mac user (and I use Macs m'self)
My take on it as well. The wording of the claim site is somewhat dubious.
If this is a real concern, there is a workaround to have mDNSResponder run without root privileges. Part of the claim is that they can deliver root payloads - this is likely because mDNSResponder runs as the root user and they might be using a buffer overflow exploit [NOTE: I have not analyzed the mDNSResponder code - this is a guess.]
/System/Library/LaunchDaemons/com.apple.mDNSRespon der.plist /usr/sbin/mDNSResponder /usr/sbin/mDNSResponder /System/Library/LaunchDaemons/com.apple.mDNSRespon der.plist
% sudo launchctl unload
% sudo chown nobody:wheel
% sudo chmod 4750
% sudo launchctl load
If someone wants an explanation of what the above commands accomplish, please read further.
1. launchctl is used to unload and load the mDNSResponder daemon.
2. We change the owner of the mDNSResponder to nobody and ensure that wheel is the group. The group is used to ensure that members of the wheel group may launch mDNSResponder and not other users of the system (with the exception of root and anything else running as nobody.)
3. We change the permissions of the mDNSResponder program to be setuid nobody. This means that mDNSResponder will run as nobody and only be able to affect files owned by that account or by files it may happen to have write privileges against.
Where on earth will those dweebs find 1500 Macs on the same subnet to test this on?
Right.
Apart from the claim by infosec sellout sounding less than adult - he says the payload was "weaponised" - and his claim that Apple will somehow not fix the "root cause" of the vulnerability if he gives it to them now - extortion anyone? mDNSResponder is Open Source - I seriously question how some independent reearcher can have, as he claims, a test base of 1500 systems. A big company with $1million to throw around might have that, or a university, but I seriously doubt he has the place or resources to afford a test base of this size unless he is using a local university or school, and judging by his spelling and grammar, he is either not English native or he is a teenager, or both. That says nothing about the veracity (truth) of his claim but it is somewhat juvenile, the whole thing.
Is this a legit worm or one of those, well-you-have-be-root non-threatening infestation?
This guy seems to be spending more time posting on his blog and reacting to the fireworks rather than getting his bug reporting done. Even if this is a proven malware app, the poster acts more like a script-kiddie and less like a researcher.
Rape.osx?
"Hi, I'm an apple..urrgh"
"unf unf unf"
Well it would be an interesting ad I guess.
I am government man, come from the government. The government has sent me. -- G.I.R.
I would not say one potential laboratory specimen for OSX is as bad as all 180,000 known Windows threats in the wild even if it's real.
Bad, though, yes, it is, if it's real.
Did I mention it wasn't in the wild? Your mac cannot catch this one yet and likely won't ever, if it's even real.
That is not as bad as zero to pwned in 23 seconds average just by connecting XP to the Internet. But bad, yes it may be.
If it's real, then it's bad.
Help stamp out iliturcy.
i got involved in a little bet about where the first major virus or worm will be on mac os x.
mines was on mDNS. $500 in the bank biatches.
If this is the start of a run of viruses attacking macs, it's not funny or good for pc users. It shows an increasing skill in virus writers that indicates that in the future, every machine (even linux boxes) will need security and anti-virus software. And if the virus writers get good enough, that software won't be much of a comfort
... as a profit driven public company, CEOs have a legal responsibility to create as much profit for shareholders as possible, within the sometimes-loose values of the law (e.g. if a company can get out of paying taxes with certain loopholes, the management of the company is legally responsible to take those loopholes). It is unfortunate that legal responsibility sometimes includes working against the morals and ethics of its CEOs, who have high moral character in all matters but company business.
Also, companies sometimes move operations to a less lawfully structured nations if the founding nations laws are too restrictive upon them.
Seriously, sit down with this guy. Put a suitcase full of large bills on the table, and tell him it's his if he can prove it works. And then, give the guy some incentive to continue to disclose his so-called "root causes". He is CLEARLY a total whore for cash, which means he is easily bought. You have pockets deep enough, you just sold a bojillion iphones, so buy this guy. If he's full of crap, make the fact that you wanted his "root cause" and he couldnt show you it publicly known, then he gets shamed into STFU and stops spreading FUD. If he does show the root cause, then great, put him on retainer and continue to have a fantastic OS. I know jobs likes to do things all secretive and on his own terms, but this is a public perception issue, it needs to be handled in the public eye. Get on the private jet and go see this guy in person, use the RDF to mess with him and get this shit cleared up. Microsoft got into the situation they're in now by ignoring things like this and pulling the secretive garbage, you don't wanna go down that road, otherwise this crap will get out of hand.
IMO the really funny thing is that this joker decided to use a Bonjour vulnerability to work on, when everything I've heard indicates a major reworking of the Bonjour code in Leopard anyway.
Isn't this kinda like working out a vulnerability in AppleTalk a month before they stopped using it?
And I'm sorry to say the bell curve flattens even more to the left side.
How did this make the front page?
I felt this was worthy of its own post instead of being buried in the comments section. Everyone DIGG this so that the world can see how crazy some of these Apple Fanboys are.
EVERYONE LIKE ME! I AM TEH COOLEST! I AM TEH... BULLSHITTER!
Meh!
qz
...for modding parent up!
mDNSResponder is related to the Bonjour service, or at least the Bonjour for Windows service.
If you have Adobe Version Cue CS3 then the Bonjour for Windows service is automatically installed, as it is used in that particular program and required for some of the functionality.
Is this "undisclosed vulnerability" in the Windows version as well? if so, a lot of production companies that use Version Cue may be in trouble as well.
Hilarious! iSTFU -- Awesome.
3 hypothetical worms in seven years. At this rate, I may have to switch to Linux next century!
You don't have to be smart to use a Mac, you just have to be smart enough to buy one
If the 8 Macs in the creative department get hit it may take us 40 minutes to recover!!!! The horror!
This is not news. Wake me when there's a Mac equivalent of Slammer or one of the others that plagued XP a few years back-- it seemed like all I did was deal with the aftermath of Windows worm attacks in the summer of '04.
Let 'em fix it.
And it'll be fixed on the next update of OS X 10.4.x and 10.5 onward.
Fur Christ sake, I'm not exactly quaking in my boots here...
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
I believe you missed the point here. Bonjour is not part of iTunes or iChat but a network discovery service also known as Zeroconf. Sound familiar? Removing iTunes is pointless since Bonjour only comes preinstalled with OS X. It does not have anything to do with iTunes for Windows or OS X.
P.S. Yes, you can get Bonjour for Windows.
This is about a potential exploit of Bonjour that Apple has apparently already patched.
There is no information on how it is started or spread. Usually when worms appear, they've already plowed through several million dollars worth of damage. Since a Mac worm would have to rely on a lot of planets aligning (ie, enough Macs running in the same subnet, configured similarly, and the worm being spawned by a user) it would be hard to imagine what kind of problems such a theoretical exploit would cause.
It is easier to understand the intent and propagation of a media worm, which infects all the IDG and CNET publications and spawns out FUD about how Macs have theoretical exploits that are generating more stories than the actual exploits available for Windows.
Given that the creator of the "worm framework" explicitly says in the article that he is getting paid to develop it to show "Apple Computers are just as susceptible to Malware as Windows based ones."
What is malware? Slashdot cites Inqtana and Leap as known Mac OS X malware, but InqTana was a proof on concept worm designed to spread between Macs with Bluetooth file sharing enabled. It only ever existed in a lab and its propagation method has since been patched. InqTana
Leap is a trojan for iChat that is unable to replicate. It is as dangerous as sending someone a chat request and telling them to pour water on their computer.
This new Bonjour exploit is as yet an unproven claim. We know there are over 10,000 live malware products for Windows. So it's not really true that Macs are just as susceptible (ie "likely or liable to be influenced or harmed by a particular thing") or there would be real problems for Mac users.
That doesn't mean there will never be Mac exploits or security problems and that users needn't bother to be concerned about security issues, but it does highlight the absurdity of a media willing to repeat the unproven claims of a nobody.
Of course, if you're worried about Bonjour worms, you shouldn't run unknown software, and you shouldn't join unknown wireless networks with your Mac. It's hard to imagine that this will cause any damage outside of the bloggers who repeat it without any criticism as proof that "Macs can have malware!"
Hopefully that will change sometime soon. I like to think there is a push coming that is going to make vendors think differently about software security.
But maybe that's just over-optimistic.
How we know is more important than what we know.
Researchers say that safes are not completely immune to attack. Some off-the-shelf "safes" can be cracked in less than 5 minutes! They advise that a cardboard box is a more cost-effective way to store valuables, as "people will get in anyway".
Languages aren't inherently fast -- implementations are efficient
That said, any hacker worth his salt doesn't piss around on shitty winboxen, they're off busting bsd and usurping unix. OSX users do think they're blessed by the magical fairies under a golden rainbow of glittering security pixiedust. It's comical people think they will ever be secure with any off the shelf prepackaged solution.
And does this company have security software they want to sell to OSX users? Pardon my skepticism, but for every announcement like this that I read, it seems that someone is riding the coattails with a security solution for the worm or virus or trojan just "discovered".
Tetris!
I frequently hear the old chestnut that the only reason Macs aren't infested with malware is their lack of market share. Whether true or not, it's a funny argument, especially if the person using it is defending their choice of Windows.
"I'm not going to use Mac because while it may be clean now, I could get covered in shit at any time!"
"But you're already covered in shit".
"Errr... yes. But I'm sorta used to it..."
i lold
do it for the lolz
10.4.10 isn`t on the affected systems list.
If it is, this might be patches relatively soon (allthough it might take a while before Apple approves and deploys the fix). It might also mean that more systems could be affected by this vulnerability. I know FreeBSD uses mDNSResponder (the laptop I'm typing this on is actively using it right now).
Anyone knows if this might provide a way to write a FreeBSD worm?
Free beer is never free as in speech. Free speech is always free as in beer.
What's with the flames? Wow, one LAN virus so far. The fact is that any OS will have flaws, but some are inherently more secure than others. Mac OS and Linux are *designed* more securely that Windows. That's not to say that they can't be broken, but the fact remains that the are more secure. It is pathetic to have to use 3rd party addons to give an OS some semblance of security.
Take ActiveX as one of the main examples: it enables you to do some tricks easily because you can run executable code from a browser, but the security for it sucks (as evidenced by the number of patches/security updates that were always being released for it a few years ago). A proper developer would try to design a system that was first of all secure, and then build the cool features from that solid base, rather than design a system that lets you do whatever you want, then try to tack on security as an afterthought. It's sickening how much MS is getting away with. I'm not saying that you're wrong to bash mac fanboi's (I like Macs, have done since I used them as a kid in the 80s, but most of the fanbois have only been around since the iMac/iPod I guess), but I have no doubt that OSX is more secure than Windows - how could it not be? Maybe a silly attitude since I don't know much about BSD, or what Apple changed to make the OS more user friendly (maybe they added in something equivalent to ActiveX that gives nice fancy features but poor security?), but I find it hard to believe that any recent OS could be worse than the mess that is Windows. And I hope there never will be..
which is totally what she said
Take ActiveX as one of the main examples: it enables you to do some tricks easily because you can run executable code from a browser, but the security for it sucks (as evidenced by the number of patches/security updates that were always being released for it a few years ago).
Erm, what do you think browser plugins using NSAPI do?
I have no doubt that OSX is more secure than Windows - how could it not be? Maybe a silly attitude since I don't know much about BSD, or what Apple changed to make the OS more user friendly (maybe they added in something equivalent to ActiveX that gives nice fancy features but poor security?), but I find it hard to believe that any recent OS could be worse than the mess that is Windows. And I hope there never will be.
OS X probably is more secure, at least than XP if not Vista, because of obscurity. On a technical level, browser plug-ins are technically similar to Active X, in that they give nice features, but allow foreign code to execute it the browser process (ie the plug-in code), so if there's a bug in that code, a malicious website can potentially take advantage of it to hijack the browser process, and then do anything that process can do (which on OS X is, I think, anything the owning user can do -- Vista runs at least IE processes with more restricted security, so hijacking the browser process is of limited value).
How many times does this have to happen before someone gets the message?
CLOSED-SOURCE SOFTWARE IS THE BEGINNING AND END OF THE MALWARE PROBLEM.
Open up the source code. Let the bad guys read it. Because at least that way, the good guys get to read it too -- and there are more good guys than bad guys.
On a tangent, what's the betting that if Apple sold chastity belts, Steve Jobs would have a master key that fit them all? And that customers would claim to like it that way?
Je fume. Tu fumes. Nous fûmes!
That's funny. An Apple hater pretends to be an Apple fanboy. Some other Apple hater is so oblivious of reality, and thinks Mac users are sto stupid and will say absolutely anything, that he thinks person 1 actually is a fanboy (and seemingly even takes person 1 as a reason to increase his own hate).
I think this is how Apple hating usually works, actually. Since it's hard to actually find a real-life crazy Mac user who pretends that Mac OS X is completely secure and that every bad thing happening to Apple is actually good, you just have to make up such a person to justify your Apple hating.
The only people I always see spouting such crap are the people who claim to hate Apple fanboys. I've never seen an Apple fanboy make absurd claims like yours. This is like a fucking self-fullfilling prophecy. Every damn article about Apple is run over by stupid Anti-Apple trolls who write hundreds of comments laughing about imaginary Apple fanboys and the imaginary stupid things they say.
Here's an idea: Shut up, and let those who are interested in the article discuss it. Thanks.
I've never heard of NSAPI before tbh, and I have never heard of any executables built into websites that would use NSAPI. Plugins are a choice to download by the user though. IE also asks you if you want to download ActiveX components these days, I can't remember if it was always like that though. In OS X, you have to enter in your password for things that require root privileges. I also expect that people who write plugins for FireFox in their spare time probably have more programming competence than most folks at Microsoft (no offense to those coders, a lot of them are maybe quite good, but the practices at Microsoft, and I guess a lot of companies these days, suck - releasing products before they're actually ready for a commercial release). I know I tend to generalise, and like a lot of slashdotters I give my opinion on some subjects where I have limited knowledge - but the fact is that it isn't just security by obscurity. Sure, Linux and BSD etc will have holes, but they are more secure by design. We've yet to see how Vista stands up in widestream usage, and I hope we never will actually find out, but when basic functions such as copy/delete are screwed up, it really doesn't look very hopeful.
which is totally what she said
The "Internet Worm" targeted Sendmail. Which has proceeded to become notorious for security holes.
The biggest UNIX webserver security holes are due to PHP.
The biggest problem is not "closed" vs "open" source. It's design. Is the API secure (that is, if the implementation is perfect, would the resulting system be perfectly secure)? Does the API fail "open" or "closed"? Is there a mechanism to request trusted access from *outside* the trusted domain? If so, is that enabled by default?
If the answers are "yes", "closed", "no", and "no" then you may have built a secure system.
Surprise, surprise, there's a lot of open source software that isn't secure by that standard, including the much-lauded Firefox. Now don't get me wrong, the surface area Firefox's XPI and the XPI install mechanism exposes to attack is like the radar signature of a stealth fighter, where Internet Explorer's "insecurity" zones and ActiveX give it the radar signature of a flock of 747s, but it's not necessary for either exposure to exist at all.
Open Source doesn't create secure systems. It's a hell of a mitigating factor, yes, but the real source of long-lasting security holes (and we don't know if this is one or not, because the soi-disant "researcher" responsible isn't being open about the vulnerability he's found) is insecure design and a preference for patching particular attack vectors rather than fixing the insecure design. And that isn't limited to closed source systems.
Lets see...
<googles for "NSAPI exploit">
Results 1 - 10 of about 816 for nsapi exploit. (0.09 seconds)
<googles for "ActiveX exploit">
Results 1 - 10 of about 1,420,000 for ActiveX exploit. (0.10 seconds)
Erm, what do you think browser plugins using NSAPI do?
Erm, I would say not nearly as much damage as ActiveX plugins do. Name one exploit for OS X using NSAPI plugins. Just one. Anyone?
Anyone?
Bueller?
BUELLER?
<crickets chirping>
That's what I thought.
... worms that have to ask permission to do their thing.
"Are you sure you want to install this virus"?
- real hackers don't have sigs -
I think they already have
Michael
There is no cryptographic solution to the problem where the intended receiver and the attacker are the same entity.
"The fact that this particular security vulnerability exists does not mean that OS X is just as much a wide-open target as Windows is."
Correct! But it DOES mean that Mac market share is now on par with Windows, because we've heard for so long that if the Mac had market share like Windows does then it would have viruses too.
-- Boycott Shell
No one can tell if this affects all systems with mDNSResponder, there's just not enough information being released. What I want to know is: could this exploit Avahi as well?
and that's all there is to say.
-- Boycott Shell
Even assuming he hasn't made up that bit, I'm sure some of the real, ethical researchers looking at the mDNSresponder source code right now will figure out what he's hinting at.
Or if it is, the AOL trojan counts.
If this vulnerability and unreleased experimental software counts as a "major virus or worm" then the AOL trojan horse (which actually reached the wild) does as well.
Don't count your money yet.
From the things I read, Mac OS X is just as vulnerable and dangerous as Windows.
You need to read deeper.
OSX: No routed open ports by default. All services can be bound to localhost only. All IP-based services can be disabled. Conventional browser that requires applications to install extensions. Can be run securely with no firewall in place, the optional firewall is "defense in depth". It's not perfect, but the "surface area" exposed to remote attacks is small and can be eliminated.
Windows: Routed open ports by default, most services are promiscuous, and some listening services are required for normal operation of the OS. Browser built around embedded code, and the ability to run remotely provided embedded code can not be removed without disabling the browser and parts of required utilities. Firewall is enabled by default because it's required to close *most* direct remote attacks (but not all, and not attacks through the HTML control). Even with the firewall in place Windows has a larger surface area to exploits than any other OS in use, and you can't eliminate it without disabling basic OS functionality.
Well he did actually claim removing iTunes would remove the vulnerability. So *you* try reading it again and actually understanding his confusion.
Can I have some of whatever it is you're taking ??? please ???
You guys are right. My bad.
Security focus blog has a link to the now dead ISC diary page.
My bad. I guess one alleged but unproven lab only virus for Mac might be as bad as 0 to pwned in 20 minutes for pre-sp2 XP.
Help stamp out iliturcy.
Oh no, not again!
Please have the sophistication to refer to breaking into a computer as something other than Hacking. :)
http://en.wikipedia.org/wiki/Hacker
so every OS X system that Apple has sold is infected?
I'd still pick Mac OS X over ANY version of Windawg.
Do you honestly believe that releasing the source code of a program to the public is a model that "maximizes their ability to hide defects in their software?" You *do* know that bonjour is open-source, don't you?
Here are some potential alternative workarounds based on suggestions at Ars Technica:
The above is supposed to disable Bonjour entirely (at least until you reset the mode to 555 or, presumably, repair permissions). Another alternate workaround is supposed to temporarily disable Bonjour until you restart:
Remove the space from mDNSResponder. To enable Bonjour again without restarting, change "unload" to "load".
Please note that I haven't tested these. Use at your own risk.
Frankly, though, I wouldn't try any system hacks just yet, for a number of reasons. First and foremost, there's no exploit code known to be in the wild right now. Second, I think it's kind of funny that all this hype surrounds one anonymous blog post. What reason do we have to believe that Mr./Ms. Anonymous is telling the truth, anyway? Everyone's so ready to jump on a Mac virus story that they don't even care what the source is. Correct me if I'm wrong.
We're going to be discussing the alleged new worm on the Tech Pulse podcast tonight around 8 PM Pacific, if anyone wants to listen live at talkshoe.com, or you can subscribe to the podcast at techpulsepodcast.com.
the JoshMeister on Security
If you mean the RTM worm, it primarily targeted fingerd not sendmail.
:)
Since pretty much everyone with the source to sendmail had the source to fingerd as well, I'm kind of missing your point here.
FYI, root is disabled by default on OS X.
I call BULLSHIT.
No company is going to just stop looking for bugs simply because someone outside of the company found one that they didn't.
What, you think their feelings would be hurt? You think they would start expecting outside researchers to do their job for them?
I think not. Your viewpoint is really screwed-up.
(Mostly this is a criticism that Apple doesn't include a simple and transparent preference for disabling Bonjour.)
I agree, and the many well-popularized techniques for disabling Bonjour on public LANs are only a mitigating factor... it's not an excuse for Apple to have left this out of the preferences.
But that's why I wrote "no routed open ports by default". Bonjour/Rendezvous/Zeroconf only talks on link-local addresses. It *is* technically possible for those addresses to be routed, but it would take an unlikely level of misconfiguration for them to be routed beyond a local LAN, let alone even a couple of hops past your ISP's access point. Unless you're deliberately routing it over a tunnel (in which case you know you're doing it, or you're already owned) it really can't be attacked over the Internet like LAN Manager and SMS can.
The biggest exposure is in combination with insecure home WiFi, and if you've got that you're already skiing naked through a briar patch.
The biggest exposure is in combination with insecure home WiFi, and if you've got that you're already skiing naked through a briar patch.
I'd expect that an equal-or-bigger problem would be with notebooks, in situations like university campus wifi connections, which are relatively open and typically have large numbers of unadministered machines talking link-locally. A Bonjour virus could spread quickly in an environment link that (before admins caught on and started filtering), and then the movement of the machines themselves would carry it to other networks.
In such a situation, there is a certain irony in how the attack vector already is an efficient means of finding vulnerable machines.
BEST OFFER YOU ORDER INFORMATION : LAPTOPS PRICE LIST: SONY VAIO A217S-- 100GB-- 512MB RAM-- XP HOME-------------$570 SONY VAIO B1VP-- 40GB HD-- 512MB RAM-- XP PRO--------------$630 SONY VAIO T370P/L-- 60GB HD-- 512MB RAM-- XP----------------$500 Dell Inspiron 700m ===$1020 Dell Inspiron 700M for Home (Pentium M 1.70GHz, 512MB, 40GB)== $550 Dell Inspiron 2200 for Home (Celeron 1.50GHz, 256MB, 40GB)== $450 Alienware Area-51 5300 - P4 530J 3 GHz ===$690 Alienware DHS 5 (Athlon 64 1.8 GHz) ===$590 Alienware Aurora ALX SLI ==== $400 DIGITAL CAMERA PRICE LIST Acer cs-5530 digital camera=$250USD Canon ixus 700 digital camera= $350 Canon ixus 750digital camera =$300 Canon ixus i zoom digital camera (jet black)=$700 Canon ixus i zoom digital camera (Sahara)=$460 Canon power shot s80 digital camera = $200 Casio exilim ex-s500 digital camera (orange, )= $200 Digital blue qx5 digital microscope= $330 Fuji film finepix f10 digital camera =$450 Nikon d2x digital camera (body only)=$310 Olympus fe-100 digital camera =$400 IPOD PRICE LIST: Apple MA099LL/a 2GB iPod Nano - Black $100 Apple Computer iPod Nano 2GB White $110 Apple Computer iPod Video 30GB White $125 Apple iPod 20GB (Color Screen) $162 iPod Nano 2GB (Black) $120 Apple 60 GB iPod Video.150 USD PLASMA TC PRICES Samsung HP-R5052 50 Plasma TV AT JUST $900 Gateway 42" Plasma TV 16 : 9 AT JUST $750 Panasonic TH-37PWD8UK Plasma AT JUST $920 Dell W5001C 50-inch High AT JUST $700 Samsung SPN4235 Widescreen AT JUST $850 Pioneer Plasma 61" HDTV AT JUST $900 Pioneer PDP-5060HD Plasma tv AT JUST $650 Samsung SPN4235 Widescreen tv AT JUST $1000 Sony FWD-50PX1 50" Plasma AT JUST $1,200 Sony KDE-61XBR950 Plasma TV AT JUST $1,400 XBOX PRICE LIST: x_box 360.........$200 Xbox Video Game System Console $150 Xbox 360 Core System $100 Xbox Zenith 5' TFT LCD Screen $150 Xbox 360 Platinum System $120 Xbox 360 "Premium Gold Pack" Video Game System $130 Xbox 360 "Core Sports Bundle" Video Game System $195 NOKIA PRICE LIST: NOKIA 8600 AT JUST $250USD NOKIA 8800 AT JUST $140usd NOKIA 9300 AT JUST $160usd NOKIA E60 AT JUST $160USD NOKIA E61 AT JUST $180USD Nokia N70 At JUST $140usd NOKIA N80 AT JUST $180usd NOKIA N90 AT JUST $200usd NOKIA N91 AT JUST $220usd NOKIA N92 AT JUST $245usd NOKIA N93 AT JUST $300usd NOKIA N95 AT JUST $350usd NOKIA 8800 SIROCCO AT JUST $250usd SAMSUNG PRICE LIST: SAMSUNG SGH-S307 850/1900--US$110 SAMSUNG SGH-T500 Champagne-- US$100 SAMSUNG D500 AT JUST $160usd SAMSUNG D600 AT JUST $180usd MOTOROLA PRICE LIST: MOTOROLA MPX 220 AT JUST $120usd MOTOROLA MPX 300 AT JUST $160usd MOTOROLA V661 AT JUST $145USD MOTOROLA V3 RAZ JUST $200USD MOTOROLA RAZOR V3X AT JUST $145 MOTOROLA V3i AT JUST $140 MOTOROLA A1010 AT JUST $110 MOTOROLA A1000 AT JUST $100 MOTOROLA Rock1 AT JUST $120 MOTOROLA W220 AT JUST $160 MOTOROLA Q Verizon AT JUST $200 MOTOROLA Mpx 220 AT JUST $122 MOTOROLA Mpx 300 AT JUST $130 SONY ERICSSON P990....$210USD SONY ERICSSON W900....$190USD SONY ERICSSON Z500a...$180usd SONY ERICSSON Z520....$190USD SONY ERICSSON P910....$140USD SONY ERICSSON P800....$130USD SONY ERICSSON K750i...$110USD SONY ERICSSON W800i...$140usd SONY ERICSSON W900i...$220usd SONY ERICSSON S700i...$125usd NEXTEL 3 JUST FOR ...$154usd
NEXTEL 1930 JUST FOR...$120USD
NEXTEL i870at JUST FOR ..$140usd
NEXTEL i450 JUST FOR .100usd
NEXTEL i860 JUST FOR ..$110USD
NEXTEL i830 JUST FOR ..$100USD
SIDEKICK I AT JUST $110usd
SIDEKICK 2 JUST FOR ..$130USD
SIDEKICK 3 AT JUST $150USD
PAMTERO 600 AT JUST $120USD
PAMTERO 650 AT JUST $150USD
TomTom Mobile AT JUST AT JUST $290
TomTom GO Navigation System AT JUST $280
TomTom Bluetooth GPS AT JUST $270
TomTom Mobile Smartphones AT JUST $260
PLAY STATION 1 AT JUST $120USD
PLAY STATION 2 AT JUST $140USD
PLAY STATION 3 AT JUST $350USd
jordmobiles@hotmail.com
jordstore@hotmail.com
vodafonemobiles@aol.co.uk
taylormobiles@mail.md
+447031908628
+447045704664