Mac Worm Author Gets Death Threats

StonyandCher write(s) to spread news about the strange story of the reported Apple OS X worm, which is growing stranger by the day. The blog of the researcher who claimed to have created the malware reportedly received death threats. The blog was then hijacked, according to the researcher, who calls him/herself InfoSec Sellout. InfoSec blamed David Maynor for hacking the blog. For his part, Maynor apparently unmasked himself as "LMH" and InfoSec as Jon Ramsey. The post to the Fuzzing mailing list has not been independently confirmed.
Update: 07/19 13:48 GMT by KD : David Maynor wrote in and denies that he is LMH.

Note to self

Don't cross a mac fanboy....

Re:Note to self

Don't cross a mac fanboy....

Amen Brother - I would never do that ;-)

Re:Note to self

Amen Brother - I would never do that ;-)

Yeah... Once the Church of Apple declares you an SP, there is no escape for you since it is alright for them to "keep you down" and eliminate you. Of course, in the CoA, SP stands for 'Sensible Person' :)

P.S. Oh! my god! The zipper on my flamesuit is STUCK! I'm so getting burnt.

Cheers!

Re:Note to self

Perhaps Macs don't come with irony?

Brushed Aluminiummy or titaniummy is all Mac users get - not a hint of irony.

Re:Note to self

Does this mean I should end my genetic experiment to cross-pollinate a Mac fanboy with a Scientologist to produce the world's most pompous asshole?

Re:Note to self

Last year I saw the bravest man in America. He was walking down the street in broad daylight wearing a Dallas Cowboys jacket over a Yankees t-shirt. Random people were just walking up to him and punching him.

Re:Note to self

elrous0 (869638) * Alter Relationship on Thursday July 19, @09:29AM (#19913249)

Does this mean I should end my genetic experiment to cross-pollinate a Mac fanboy with a Scientologist to produce the world's most pompous asshole?
 

            Re:Note to self

            by canUbeleiveIT (787307) Alter Relationship on Thursday July 19, @10:50AM (#19914303)

            I wonder what you would get if we mixed a Linux fanboy and an atheist...oh, never mind it would be a slashdork living in his mother's basement.

            Now, let's see if this gets modded "Funny" like your post or "Flamebait."

Hey! Congratulations, elrous0. It worked!

Re:Note to self

...it would be a slashdork living in his mother's basement.

It's called the Painkeep, thank you very much!

Re:Note to self

> Don't cross a mac fanboy....

Actually you can, just stay outside of a 1 mile radius of all Starbucks and you'll be safe.

Re:Note to self

KDE vs. GNOME?! Graphical user environments?! Kids these days! Back in my day, all we had was the good ol' fashioned vi vs. emacs argument, which I would like to point out to you is still going. I tell you what, that baby has stamina. None of these high-falutin' graphics and acronyms of capitalized letters, no, our flamewars were all lower case, the way they should be. We were so busy arguing, we didn't have time for shifting cases.

And all this business about Windows versus MacOS versus Linux? What has this world come to? All we had to argue over was OS/400 versus VMS. And the computers weren't even ours. We had to steal time on them from the neighbors, in the middle of the night when they weren't looking. And we had to sneak our terminal cables through their open windows, standing on snowdrifts in our bare feet. We couldn't afford shoes, because we spent all our money on our one lone screen. And it wasn't even 132 columns...

Re:Note to self

Least you had night!!! In Alaska, we had to do it in broad daylight half the year!! And our nearest neighbor was a snowdrift away!! You ever see a snowdrift in Alaska? Size of Deleware they are!

Woohoo!!

It's been far too long since we had a nice bit of hacker drama! Now, where did I put my popcorn and my MOD vs LOD t-shirt...

That'll teach you

Artsy types get violent when they get mad.

Should have picked a softer target

He would have been better off picking a weaker target such Islam. You don't want to mess with those Mac zealots.

Re:Should have picked a softer target

Of course they're blowing up. They contracted their battery design out to Sony.

Re:Should have picked a softer target

showing MACs blowing up and Steve Jobs carrying them

It's early yet, and the coffee hasn't kicked in, so I'm feeling a bit snippy. Please grant pardon for this:
When posting among confirmed geeks, you should understand the difference between "Mac" as a shortened colloquialism for "Macintosh," a brand of computer system, and "MAC," an acronym for "Media Access Controller," a component of a network controller, as in "my MAC address is 0F:BA:29:C6:D5:18." If you want to refer to a Macintosh as MAC, go post over at PCWeek.

Now we know

Now we know the real reason there is less malware for the Macintosh.

Re:Now we know

I wish they would apply this technique to spammers.

Re:Now we know

Security by malware author assassination?

Hey, if it works... I'm buying a Mac.

Re:Now we know

Security by malware author assassination?

Hey, if it works... I'm buying a Mac.

There's MS's problem right there. They need to develop a chair that is fatal when thrown.

- RG>

Well That's one way ...

Well, that's one way to keep an OS safe, I guess. Just think how secure Windows would be if Bill Gates focused his vast resources on killing every malware author. Ballmer would probably do the dirty work cheap ... just for the thrill of it all.

Why, Bill might even have a few million bucks left over at the end of the day.

I can just imagine the news...

Police find suspected malware author Fucking Killed(TM) in his apartment

Dateline: Redmond, WA

Police today are baffled by the scene discovered in the home of Grigori Kuznetsov, a young programmer from the former Soviet Union. The unfortunate fellow had not only been apparently murdered via blunt trauma to the head, but his chest had been ripped open and the heart removed. The only clues left at the scene were the broken remains of a chair and an "impossibly large" pool of sweat.

When questioned, neighbors reported hearing some strange noises the night before. "It sounded almost like someone yelling 'developers! developers! developers! developers!'," Bob, who lives directly below Grigori, said. "My wife [Ms. Bob] also says she heard a weird scream, like "Yeeearrrgghhhh!" Another resident of the complex, a barber who identified himself by his nickname, "Clippy," reported seeing a bald, ape-like creature running away from the scene. "I think it was Sasquatch," Clippy said. "By the way, it looks like you're trying to investigate a murder. Can I help you with that?"

So far, police say there are no real leads. "From the evidence and testimony given by the witnesses," the detective in charge, Paul Allen, says, "it seems like some kind of supernatural vicious beast attacked the poor guy, beat him to death with a chair, and then ripped his heart out and ate it. But of course, that's impossible."

Readers with any information or leads should contact the Redmond police department.

Re:I can just imagine the news...

Hey! That's the perfect modern-day remake of The Murders in the Rue Morgue.

"...this hair is most unusual --this is no human hair."

Re:Well That's one way ...

Ballmer would probably do the dirty work cheap ... just for the thrill of it all.

It's all about the assassins, assassins, assassins, assassins, assassins, assassins, assassins... assassins, assassins, assassins...

Sounds familiar....

Wasn't there some stories about religious zealots threating professors who taught evolution recently? It all begins to make sense now...

So it seems like..

There WERE in fact Mac viruses written... but Jobs had death threats sent to the authors and they backed off on deploying them... Well, better MO than anti-viruses and firewalls :)) Good to know you have a mafia behind you if you have a Mac... but question is if they ever require you to do 'favors' for them?

Cheers!

Re:So it seems like..

The high pricetag of a Mac is enough protection money to last a lifetime.

Re:So it seems like..

Macs are equally or less expensive than an equivalent Dell. Why not give me your address and we'll talk this over? Can I have a picture of your children?

More likely it is another publicity stunt

More likely it is another publicity stunt, to make their work to look more "legitimate", to get more people to side with them (the "I may not agree with what you say, but would defend to death your right to say it" crowd), to generalize even more the feeling that Mac users are dangerous fanboys disconnected with the reality, etc.

The only thing easier than to make threats to people on the Internet is to fake threats to oneself on the Internet. We got plenty of these drama queens in the nineties, hopefully this is not a trend that will come back.

Re:More likely it is another publicity stunt

"None of the claims have been substantiated, neither the alleged worm itself, nor the alleged threats."

You mean like all of Maynor's other allegations?

I've posted to his blog a few times, especially the ones where he is claiming that he is being censored (??? I can't say what I'm saying on my own blog because they won't allow me to say what I'm now saying, but I'm saying it, but I'm really not because of a world conspiracy) -- but surprisingly, my comments never show. Only the comments where others are obviously blowing him get through. Of course, I'm not going to claim censorship -- thats bullshit -- only a government can censor, where as you have every right to disallow contrary thought in your own living room.

But everything about this man smacks of sensationalism. For instance:

"It was a great experiment to see how the industry could handle some honesty, which they can't. They are quick to attack the credibility of others in order to hide their own flaws."

What? Someone announces a flaw, but says they won't talk about it, hints that they will sell it to the highest bidder, and the company doesn't want to deal with you??? And then when they don't bite, claim that you were actually pre-compensated for writing this virus from someone else (now who would gain from this? Spammers? Scam Artists? Mafia? Microsoft? The only ones that would gain are the scum of the earth and he has no problem claiming to take money from them).

And finally:

"I made up the LMH identity for bashing Apple and appearing on the media while I was preparing for launching Errata Security with Robert. Since my credibility was severely damaged after the wireless driver exploit, I needed a sock puppet."

Admitting that he was manipulating the media, and has an ulterior motive to bash Apple, solely for bashing Apple. The guy lied in the first apple hack, he manipulated the media, worse yet -- academic dishonesty through his publication of the 'hack' at a conference with a setup that was guaranteed to work, even when they later claimed even if it did work, it would take a few hundred attempts to even crash a machine, and far more than that to weaponize it (i.e., nearly impossible).

AND HE ACTS SHOCKED THAT HIS CREDIBILITY IS DAMAGED AND BLAMES 'FANBOYS' WHO HE PREVIOUSLY STATED HE WANTED TO STICK CIGARETTES IN THE EYES OF AS THE REASON FOR HIS LACKING CRED.

What an idiot. I hate to give the man any more air time, but I hope this is the final straw. From what I understand, he use to be a pretty good security analyst...now its just all about the publicity and not actually doing any real work. I wish there was some real and credible persons working to find holes in OS X. I use it as my daily computer. I know one member of my team found one hole a few years ago and reported it to one of the developers and it was fixed quickly (and they were properly credited for it). I know there are holes in the system, like any system, and they need to be found. And unfortunately, the only ones working on finding anything are more interested in the sensationalism than anything else.

Re:More likely it is another publicity stunt

The problem here is that the death threats need to be translated from blog-speak to their real world equivalents.

Blog-speak: thats dumb
Translation: I respectfully disagree on that point.

Blog-speak: ur a fuckin loser noob go eat shit
Translation: I strongly disagree, and hold you in low esteem.

Blog-speak: im gonna come find ur house and chainsaw you into pieces and feed u 2 my dawg
Translation: I find your opinions reprehensible and I see no value in continuing this discussion.

I don't know if it is even possible to express a legitimate death threat in blog-speak. Perhaps with punctuation it could be done.

Unacceptable

It is as if the fanatics actually believed their OS was so secure it had no security holes.

fuzzing] The Truth

[fuzzing] The truth [linuxbox.org] Lance M. Havok:
>br> "Since the cover is becoming more difficult to maintain, I've decided to stop this. It simply can't stand anymore and I can't let this harm my company and its customers.
I am David Maynor. I made up the LMH identity for bashing Apple and appearing on the media while I was preparing for launching Errata Security with Robert. Since my credibility was severely damaged after the wireless driver exploit, I needed a sock puppet. The idea of LMH and the Month of Apple Bugs came a while after I resigned from SecureWorks."

don't write viruses/worms and brag about it

Hi

I'm ____, I wrote that worm that messed up your computer costing you tons of time an agravation. Here's my email if you want to thank me.
--------------
although in this case it more like "I may have written a worm the exploits a now patched problem".

Threats are inappropriate but seriously, what did he think would happen?

Allow me to say: WTF?

I really hate people sometimes. How can anyone be so stuck on themselves that they issue death threats because someone creates a virus for the operating system they use? In doing so, they are saying, "I'd rather you be dead than deal with the possibility that what you created would endanger my computing platform."

If you don't think that is sick, I'm not sure what is. This sort of fanaticism is extremely dangerous, and essentially a curse upon the Apple community.

Gives new meaning...

to the old Apple blog "As the Apple Turns"

no death threat

They just implied not to release the worm or he would be dealt with using their iphones like they did at duke

Wait...

Wait, so someone who claims, without providing proof, that they found/created a vulnerability in an operating system is now claiming to have received death threats and claiming that their blog was hacked? Again, without providing any real proof?

Uh, yeah. Count me skeptical.

Can anyone say "attention whore."

Cognitive dissonance

Cognitive dissonance is truly a funny thing. It's fascinating the lengths the human brain will go to in order to protect its version of reality.

The New Ad

PC: Hi, I'm a PC.

Mac: And I'm a Mac. PC, who are all those people smacking you in the head and rifling your pockets?

PC: [Sigh] Those are viruses and worms. Even though I scream "DENY! DENY!" as loudly as I can, they keep smacking me in the head and rifling my pockets. You know how it is.

Mac: Actually, I don't. You see, with a Mac...

[One of the worms moves sinisterly toward the Mac. A man in a black suit appears suddenly from the right and collars the worm, shaking it roughly.]

Man In Black Suit: Listen, woim. If you takes one more step taword da Mac kid, I'm gonna whack you and yer whole family, see?

Worm: Uh... uh... I'm just a proof of concept.

MIBS: Concept shmoncept. Not only will I whack you and yer family, I'm going to hack yer blog so bad it'll look like AintItCool.com.

Worm: [panics, runs away, screaming]

MIBS: [Claps hands as though rubbing dirt off. As he leaves to the right, Mac slips him a small paper sack.] Tanks, kid.

Mac: As I was saying, with a Mac, there are no viruses.

Unverified claims to support unverified claims

Sheesh.

Now we have unverified claims of death threats to add credibility to unverified claims of worms attacking a deep flaw in mDNSresponder... a flaw so subtle that Apple wouldn't be able to fix it without the help of said anonymous researcher who's allegedly received death threats over it.

Now this could all be true, but then SCO could really have thousands of lines of Linux code copied from UNIX they're still hiding so they can bring it out in a dramatic eleventh-hour release and snatch victory from the jaws of defeat.

I don't doubt that there's flaws in mDNSresponder. I don't doubt that you could write a worm to exploit them. I don't doubt that Apple is capable of fixing one symptom of a flaw rather than the cause... they've done it before. But there's nothing new here... schemes like Rendozvous/Bonjour/Zeroconf and the superficially similar "Universal Plug and Play" in Windows are a compelling target for potential attacks and have been criticized in the past. They're not needed for the normal operation of the system, and should be disabled unless you actually know you need them and are on a known secure LAN ... and recipes and utilities for disabling both have been around for years.

But there is no way that any legitimate security professional would proceed in the manner that the people alleged to be involved in have been behaving over the past several months. The whole presentation of this affair seems almost designed to discredit the security community in the public eye.

Notify Apple, then release the details. There's no other ethical course of action.

sad

This whole thing is getting a lot of coverage for what basically amounts to "random dude claims OSX vulnerability, produces no evidence to substantiate claim".

The responses are entertaining to read though. Hoards of morons attacking the Mac platform and users without any evidence that there is anything actually wrong. Lots of straw man arguments (nobody with half a brain ever said OSX was impervious to security issues), lots of hate... so much hate.

Like a bunch of catty middle school girls...

David Maynor != LMH

David Maynor just posted this to Full Disclosure; the post claiming to be from him and asserting that he's LMH was spoofed [blogspot.com]. Who'd a-thunk it, mail spoofing on a security list... DUH!

Jesus

Check this out: the first like 10 posts in this article are +5 Funny.

Slashdot: the place where death threats are funny!

Mac doesn't have enough of an audience..

..on the computer side to make anyone want to write a worm/virus. You wouldn't try and make a name for yourself in the snow shoe business in Miami, why would you write malicious code for a Mac?

As far as death threats go, that's believable, though the guy making the claims is probably just some attention whoring drama queen. You know the type, new illness every week, back trouble, relationship trouble, no one likes me, nobody wants to play with me, Timmy stole my fire engine, Bobby is teasing me.

Mac, we shoot people in the face!

This is the perfect antivirus strategy. You write a virus, we go to your house and shoot you in the face. No need for security patches any longer.

Where do i sign up?

I would like to be there to help out during the lynching.

Let me see if I have this straight...

Let me see if I have this straight:

-A guy anonymously says he found an exploitable hole in mDNSResponder (isn't this open source?) under MacOS X.
-He says he's still working on it and refuses to disclose himself or his findings
-A few idiot trolls post about busting a cap in his head or some such and now he's in hiding.

Jeez. You'd think he posted a pro-Microsoft or anti-Linux article on Slashdot or something.

I think it would be funny if he had the exloit on his website and all the Apple fanbois who posted from Safari were infected. I think he would have the last laugh.

Uh....I'd better check my box...

Dispatch Tuesday

Apple betters Microsoft once more.

Dispatch Tuesday is so much cooler than Patch Tuesday.

From the dictionary [thefreedictionary.com]
Dispatch == To put to death summarily.

So... author of a fake worm receives fake threats?

I find it hard to get concerned about a person who makes unsupported claims of authoring a Mac worm followed up by unsupported claims of death threats that I expect are meant to support his unsupported claims of authoring a Mac worm.

See where I'm going with this?

Silly, lunatics

I don't know where you rabid fanboys originated. As a mac user, I tend to think of myself and fellow Apple aficionados as pretty lay back and easy going. We haven't given up our chances of having sex just to install and use Linux nor are we as well used as the Microsofties are after being bent over again and again. We are happy bunch, but, I suppose a few lunatics got a little defensive when it appear that someone was actively looking to rain on our sunny world. Lunatics. You have nothing to fear. The worm is for a vulnerability that has probably been patched [apple.com]. Second, it is a local worm and not internet worm. Third, test worms like this give both Apple and us greater insight on how vulernabilities can be exploited. It gets us thinking about security which in my case is something that I have been laxed on lately. Please stop all this nonsense and take your meds.

It's a Matter of Scale

Don't blame apple fans. Look, if Windows had 95% of the market share you'd be reading about this kind of thing all the ti...

oh damn.

death threats to ms

hmmm if that works maybe we should start death threatening MS so they deliver a true OS experience...

You are crossing a maniacal Mac Fanboy..

Cancel or Allow?

How can you assume any of this is on the level?

Look, this bloke admits to being a crook: he claims he's expecting to be *paid* for finding vulnerabilities, whether by Apple or by some unknown sponsor. He's made exceptional claims about he nature of the flaw he's unearthed, implying that there's a deep flaw in mDNSresponder that Apple will not fix, but he refuses to notify Apple until some payment he's expecting is completed.

Either he's a crook *and* he's undermining his sponsor, or it's a hoax. Even if the alleged death threats aren't part of the hoax, there's no reason to assume they're not from the the guy he claims paid for the research and farm of 1500 Macs to test it on.

Threatening death is silly

For anybody writing viruses, the punishment should be just enough torture each day to keep them in a life of constant and excruciating pain for the rest of their natural life :-/ Especially if they're trying to bring the whole, bullshit, windows-rampant virus/antivirus economy to my beloved platform :-( That just totally sucks.

Cant get a hint

I guess people cant get it through their head that there is no software or OS that is 100% secure and bug free.

Hahaha!

This is worth at least 57 "lols."

Re:Well,

The Spanish Inquisition?

Re:So this "security researcher" cannot even keep

You're assuming he hosts his own blog and you know what they say about assuming. Beyond that, why is his message less credible? if he can prove the worm works, the message is still the same, even if his blog is hacked. Perhaps the person responsible for hacking his blog is simply a much better hacker? There are so many variables to consider that your comment seems ridiculous when you even begin to look at even a tiny fraction of them.

Re:So this "security researcher" cannot even keep

In your world do all CCIEs know how to manage web servers because a cisco device can have a web interface? Who hosts it, who owns the server, who wrote the code, and please tell me you aren't part of the crowd that believes anyone in the field of security somehow should be expected to know everything about all possible aspects of it? There is simply too much to know, and typically researcher types are going to be even more specialized than the generic "Hi, I R here to sekure ure network!" Security Analyst or whatever.

Re:So this "security researcher" cannot even keep

His blog was on blogspot so it's not exactly like he had much control of it's security.

He had no control over where he runs his blog?

Re:Scared of Apple fanbois?

re:"Please. I'd curb stomp any Apple fanboi who'd even dare to look at to me"

Clever. Making death threats on a death-threat thread (say it fast while drunk! s'fun!). Only in America I guess. Which is doubly confusing considering that we're heavily armed as societies go.