Warning; your Mac could get Raped!

Discussion in 'macOS' started by Scarlet Fever, Jul 18, 2007.

  1. Scarlet Fever macrumors 68040

    Scarlet Fever

    Joined:
    Jul 22, 2005
    Location:
    Bookshop!
    #1
    from here

    it's awesome how a POC gets media attention, while 114,000 viruses last year for PCs gets nothing :rolleyes:
     
  2. Nermal Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    New Zealand
  3. Scarlet Fever thread starter macrumors 68040

    Scarlet Fever

    Joined:
    Jul 22, 2005
    Location:
    Bookshop!
    #3
    Yeah, i noticed that as well. The preef rooder must have taken a day off :p (spelling mistakes intentional)
     
  4. Gymnut macrumors 68000

    Gymnut

    Joined:
    Apr 18, 2003
    #4
    That or he works out of a swamp-like environment.
     
  5. Queso macrumors G4

    Joined:
    Mar 4, 2006
    #5
    Interestingly enough the Security Focus page doesn't list 10.4.10 as being vulnerable. Could this already have been patched?
     
  6. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #6
    yes apple is relly quite good at patches for software holes.. i think 10.4.10 might have already fixed it :) GO APPLE!!!!!!!
     
  7. synth3tik macrumors 68040

    synth3tik

    Joined:
    Oct 11, 2006
    Location:
    Minneapolis, MN
    #7
    back into the bog.

    It is interesting though that a POC for mac is a huge crisis, but all the Windows based viruses go with out notice. Maybe PC viruses are like Paris Hilton, no one cares anymore, to much over-exposer.
     
  8. Killyp macrumors 68040

    Killyp

    Joined:
    Jun 14, 2006
    #8
    :D:D

    It's actually an example of how insecure PC users can be about the whole virus issue, to the extent that they feel the need to write a worm/virus for other platforms because they're annoyed with how smug the users of other platforms are.
     
  9. dmw007 macrumors G4

    dmw007

    Joined:
    May 26, 2005
    Location:
    Working for MI-6
    #9
    Hopefully Apple has already made a patch for this...
     
  10. Scarlet Fever thread starter macrumors 68040

    Scarlet Fever

    Joined:
    Jul 22, 2005
    Location:
    Bookshop!
    #10
    From here:
    looks like it either hasn't been tested in 10.4.10, or it's been patched
     
  11. epochblue macrumors 68000

    epochblue

    Joined:
    Aug 12, 2005
    Location:
    Nashville, TN
    #11
    My understanding is that the "researcher" hasn't proved the viability of the attack outside of his/her lab yet. Until he/she does, I'm inclined to think he/she's just blowing smoke.

    I'm all for an OS X worm, who knows, maybe it'll quiet all the "OS X IS INVINCIBLE!" types and all the haters can stop thinking that every Mac user is a smug SOB.
     
  12. Nightkrawler macrumors regular

    Joined:
    Sep 4, 2006
    Location:
    Vienna, Austria
    #12
    I dont know if 10.4.10 is still vulnerable, but it is possible to disable mdns (Bonjour) with the opensource app "lingon".

    http://lingon.sourceforge.net/

    Go to the tab "System Daemons" and disable "com.apple.mDNSResponder".
    Im not 100% sure if this fixes the hole, but the text says "Using a currently undisclosed vulnerability in mDNSResponder..." so this might be right.
    Bonjour related stuff (Printers, ichat, the adium bonjour plugin...) wont work when mdnsResponder is deactivated.
    Be careful, if you mess with other system daemons you might wreck your system, i cannot guarantee that it closes the hole since i have no samples of the worm.

    Maybe someone who has more Information about Bonjour could confirm this :eek:
     
  13. xUKHCx Administrator emeritus

    xUKHCx

    Joined:
    Jan 15, 2006
    Location:
    The Kop
    #13
    Well it has already been patched and it doesn't affect 10.3 downwards then this really is a non issue. However there might be useful information contained within it that apple could use to further lock down the system.
     
  14. Shadow macrumors 68000

    Shadow

    Joined:
    Feb 17, 2006
    Location:
    Keele, United Kingdom
    #14
    Interestingly, 10.3 and below and 10.4.10 are not listed in the "Not Vulerable" section.
     
  15. nbs2 macrumors 68030

    nbs2

    Joined:
    Mar 31, 2004
    Location:
    A geographical oddity
    #15
    Or more likely - most PC users are already using various virus protection programs while OS X users go around nekkid. 1000 new viruses pop-up for the PC and most machines will be pretty safe. 1 new virus pops-up for OS X and how many of us will go down in flames - I know that I will.

    What a POC does is remind people that there is a place for those protections on every system and the end-user needs to weigh the costs and benefits of running those apps.
     
  16. Rodimus Prime macrumors G4

    Rodimus Prime

    Joined:
    Oct 9, 2006
    #16
    of those 114,000 viruses how many where trogins (OSX is fairly easy to hit with a trojin since it uses user stupidity to get into the computer), how many where just variation of an older virus that been around for years.

    And I would like to point out that when MSBlaster hit the web it used a security hole that was patch months before hand. If you haven't noticed Microsoft no longer release what holes it has patch because people where taking that information and figuring out how to exploit the hole that would be in an unpatched system.
     
  17. Rodimus Prime macrumors G4

    Rodimus Prime

    Joined:
    Oct 9, 2006
    #17
    here is my question. why would you want them to test it outside of the lab. The lab is self contained and will not let the worm get out in the open world. Once it gets out in the open it will spread very quickly and be impossible to contain.
     
  18. AutumnSkyline macrumors regular

    AutumnSkyline

    Joined:
    Oct 5, 2006
    #18
    it says 10.4.10 is vulnerable...

    Vulnerable: Apple Mac OS X Server 10.4.10
    Apple Mac OS X Server 10.4.9
    Apple Mac OS X Server 10.4.8
    Apple Mac OS X Server 10.4.7
    Apple Mac OS X Server 10.4.6
    Apple Mac OS X Server 10.4.5
    Apple Mac OS X Server 10.4.4
    Apple Mac OS X Server 10.4.3
    Apple Mac OS X Server 10.4.2
    Apple Mac OS X Server 10.4.1
    Apple Mac OS X Server 10.4
    Apple Mac OS X 10.4.10
    Apple Mac OS X 10.4.9
    Apple Mac OS X 10.4.8
    Apple Mac OS X 10.4.7
    Apple Mac OS X 10.4.6
    Apple Mac OS X 10.4.5
    Apple Mac OS X 10.4.4
    Apple Mac OS X 10.4.3
    Apple Mac OS X 10.4.2
    Apple Mac OS X 10.4.1
    Apple Mac OS X 10.4

    http://www.securityfocus.com/bid/24924
     
  19. iToaster macrumors 68000

    iToaster

    Joined:
    May 3, 2007
    Location:
    In front of my MacBook Pro
    #19
    Wow, it's about time, but it's all for good cause, he's giving it to Apple so they can fix the system. As for that one Apple fan boy... he's way too extreme... and foolish... and uninformed.
     
  20. calculus Guest

    calculus

    Joined:
    Dec 12, 2005
    #20
    Well, that's where I get all my best ideas...
     
  21. damienvfx macrumors regular

    damienvfx

    Joined:
    Jul 28, 2006
    Location:
    Los Angeles, CA
  22. Stampyhead macrumors 68020

    Stampyhead

    Joined:
    Sep 3, 2004
    Location:
    London, UK
    #22
    Running currently existing virus protection programs on your Mac would be useless against this worm since it didn't exist when they were created.
     
  23. zero2dash macrumors 6502a

    zero2dash

    Joined:
    Jul 6, 2006
    Location:
    Fenton, MO
    #23
    Being insecure has nothing to do with it.
    Being sick of smug Mac users, absolutely. :p :D
     
  24. nbs2 macrumors 68030

    nbs2

    Joined:
    Mar 31, 2004
    Location:
    A geographical oddity
    #24
    You're right - but the point is that under the current distribution system, if there was a worm, we would need Apple to release a specific patch for it and wait for people to get it from software update - not the best method for fire control. I have software update set to run weekly, so I wouldn't get it anyway for quite a while. Virus protection systems should catch unknowns more easily as a result of dedicated distribution systems and their inherent design is to look for things that look suspicious.

    Am I saying that the worm would be stopped right away? No. Just that it might get caught, quarantined, and squashed a bit more quickly. Should people be running software from those companies? I say that the FUD they produce and performance hit outweighs the inherent security of OS X - so no. But, this POC is a reminder that we aren't invulnerable and we should at least remember that virus protection is out there.
     
  25. Scarlet Fever thread starter macrumors 68040

    Scarlet Fever

    Joined:
    Jul 22, 2005
    Location:
    Bookshop!
    #25
    i do sincerely apologise. Next time I make a thread warning people of the inevitable security holes Mac OS X has, I'll also put a picture of some nice fluffy kittens or a link to a flash game, so you can continue to live in ignorance.

    seriously mate, if you don't have anything remotely constructive to say, don't bother saying it. For a start, you could tell me why this is the most. boring. thread. ever.
     

Share This Page