“The anonymous blogger who claimed to have a Mac OS X worm has vanished, claiming his blog was hacked,” Robert McMillan reports for IDG News Service.
“Just days after claiming to have written a worm that could be used to attack Mac OS X systems, the anonymous blogger known as Infosecsellout has gone quiet,” McMillan reports.
“His (or her or their) blog as been renamed. Old posts have been removed, the blog has been renamed ‘Security Information,’ and Infosecsellout says the blog is finished. Mysteriously, however, there are two new posts on the blog, one of which provides a link to information on the alleged worm,” McMillan reports.
“But they are fake posts, according to Infosecsellout, who said the blog was hacked on Tuesday night and will not be revived,” McMillan reports.
“‘Infosecsellout is now dead,’ the anonymous blogger said in an e-mail message. ‘It was a great experiment to see how the industry could handle some honesty, which they can’t. They are quick to attack the credibility of others in order to hide their own flaws,'” McMillan reports. “Though Infosecsellout provided nothing to back up his claim, the story was widely reported and security researchers began to investigate who may have been behind the blog.”
Full article here.
Greg Keizer reports for Computerworld, “The hubbub started earlier this week, when a researcher responsible for the Information Security Sell Out (InfoSec) blog announced a proof-of-concept worm that exploited a Mac OS X vulnerability which Apple missed in a May round of patches. The vulnerability exploited by the worm was in mDNSResponder, a component of Apple’s Bonjour automatic network configuring service, InfoSec said then.”
“Criticism from Mac users and other security researchers was almost immediate, with the former focusing on crude insults and the latter concentrating on InfoSec’s refusal to identify himself or herself, or prove that the worm existed,” Keizer reports.
“Tuesday night, the InfoSec blog’s title changed to ‘Security Information…’ and all former postings, which began in January, had been deleted. When asked via e-mail Wednesday to explain the changes, InfoSec answered: ‘Blog was hijacked somehow. Also the blog stating I am associated with PHC on another Blog is false and a myth created by Dave Maynor who is involved in the hijacking of the Blog,'” Keizer reports.
“Dave Maynor, a researcher who last year was involved in a very public spat with Apple over a wireless hack demonstration he and a colleague gave at the Black Hat security conference, refused to be drawn into the argument with InfoSec. ‘I am not even going to comment on that stupidity,’ Maynor wrote in an e-mail responding to an offer to rebut or comment on InfoSec’s allegations,” Keizer reports.
Full article here.
MacDailyNews Take: As the worm turns.