Slashdot Mirror
Worm Claimed For Apple OS X
SkiifGeek writes "Controversy is slowly building over the development of a claimed new worm that targets OS X systems, dubbed by its inventor Rape.osx. Using a currently undisclosed vulnerability in mDNSResponder, the worm is said to give access to root as it spreads across the local network. As with a number of recent Apple-related security discoveries, the author, InfoSec Sellout, is delaying reporting the vulnerability to Apple until after completing full testing of the worm. While the worm has yet to leave a testing environment (with 1,500 OS X systems), it is bound to join the likes of Inqtana and Leap as known OS X malware."
exactly what vulnerability in mDNSResponder is it exploiting? Since mDNSResponder also runs on windows if you install bonjour for Windows, does that mean it can possibly be affected too?
It's a bug, it's a problem, but it's no Blaster by a long shot.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Doesn't mean you can't build them. Just means none are released in the wild, true to this date.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
So, not quite like the Internet-spanning, DDOS-producing Windows worms we've come to know and hate. I'm not too surprised the vulnerability was in MDNSResponder, though. Someone I work with found a few problems in the code when running it on Linux.
Sure, get infected on the school's lab LAN. Bring your iBook oops MacBook to the coffee shop and get everyone else there. They all go home and infect their room-mate's machines. Who go to a different lab and it gets loose on the LAN there.
Most laptops aren't isolated to a single LAN these days; they move around. If there really is a flaw in mDNSResponder, then such a worm does have a chance to propagate. Especially if it is subtle and doesn't crash or overload machines, or do insane amounts of network I/O, or any of the other things that cause people to think something's wrong.
Take the classic email based worm for example. Given that only about 4-8% of computers run OSX, how would an email worm spread on Macs? If you sent it to 100,000 email addresses you'd be lucky if 8,000 OSX users received the email. If 50% of those 8000 OSX users fell for it and executed the payload, the worm would have to find 25 new email addresses that belong to uninfected OSX users in order to maintain it's population. Otherwise he number of new infections would decrease exponentially until the worm became extinct.
The 50% infection rate and number of new email addresses required per infected host are both unrealistic IMO. More realistic numbers would only serve to further prove my point - that spreading malware to OSX computers is virtually impossible.
Network borne malware is a different story, but that's become an almost non-issue since Windows XP SP2 came out and enabled the firewall by default.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
The only way for a person to improve is to receive constructive criticism and to listen when others point out their failings. I personally listen when others point out my mistakes, and do my best to correct them, so I likewise believe that concealing information for the sole purpose of one's own advantage, without consideration for anyone who might be hurt because of one's actions, is immoral. Furthermore, I don't understand how you can consider the creation of malware a complex issue; in the long run, no matter how well intentioned the creator is, malware inevitably harms the population as a whole, and all in all, that sounds pretty simple to me.
And that's the problem. You want to look at it in simple terms instead of considering the whole issue.
Apple and other software vendors have chosen a development model that maximizes their ability to hide defects in their software. If people are morally obliged to report any of the defects they independently find in the software then the vendor has no incentive to ensure the defects are found before the product hits the market. To put it another way, time to market is much more important to them than making a product free of defects. The only thing that motivates them to ensure their products are defect free is malware. As such, creation of malware actually *helps* to make the vendor take more responsibility for the defects in their product.
How we know is more important than what we know.
Seriously, sit down with this guy. Put a suitcase full of large bills on the table, and tell him it's his if he can prove it works. And then, give the guy some incentive to continue to disclose his so-called "root causes". He is CLEARLY a total whore for cash, which means he is easily bought. You have pockets deep enough, you just sold a bojillion iphones, so buy this guy. If he's full of crap, make the fact that you wanted his "root cause" and he couldnt show you it publicly known, then he gets shamed into STFU and stops spreading FUD. If he does show the root cause, then great, put him on retainer and continue to have a fantastic OS. I know jobs likes to do things all secretive and on his own terms, but this is a public perception issue, it needs to be handled in the public eye. Get on the private jet and go see this guy in person, use the RDF to mess with him and get this shit cleared up. Microsoft got into the situation they're in now by ignoring things like this and pulling the secretive garbage, you don't wanna go down that road, otherwise this crap will get out of hand.
Your opinion? Is it the result of envy because a mac user spends more time using their system productively instead of configuring it? Those that spend all day configuring their system, installing software they'll never use and reinstalling stuff for "fun" are obviously envious of the productive mac users who spend their computer time creating content and not just playing with the content designed by others.
10.4.10 isn`t on the affected systems list.
The "Internet Worm" targeted Sendmail. Which has proceeded to become notorious for security holes.
The biggest UNIX webserver security holes are due to PHP.
The biggest problem is not "closed" vs "open" source. It's design. Is the API secure (that is, if the implementation is perfect, would the resulting system be perfectly secure)? Does the API fail "open" or "closed"? Is there a mechanism to request trusted access from *outside* the trusted domain? If so, is that enabled by default?
If the answers are "yes", "closed", "no", and "no" then you may have built a secure system.
Surprise, surprise, there's a lot of open source software that isn't secure by that standard, including the much-lauded Firefox. Now don't get me wrong, the surface area Firefox's XPI and the XPI install mechanism exposes to attack is like the radar signature of a stealth fighter, where Internet Explorer's "insecurity" zones and ActiveX give it the radar signature of a flock of 747s, but it's not necessary for either exposure to exist at all.
Open Source doesn't create secure systems. It's a hell of a mitigating factor, yes, but the real source of long-lasting security holes (and we don't know if this is one or not, because the soi-disant "researcher" responsible isn't being open about the vulnerability he's found) is insecure design and a preference for patching particular attack vectors rather than fixing the insecure design. And that isn't limited to closed source systems.