14 DAY TRIAL // Mac security threats have come to follow a very precise and highly dysfunctional pattern. Security researchers and firms keep warning that the platform is not secure and that users need to start taking security seriously or face impending doom. Then somebody comes up with a proof of concept exploit that is about as dangerous as powdered milk which everybody in the media jumps on and regurgitates with the mandatory embellishments, until everybody knows about the new serious Mac security threat. At this point, Mac users ask for the dirt, demanding to see proof of this real life exploit that could actually pose a threat to anybody beyond the creator's local network. Invariably, the so-called security threat turns out to be nothing but a proof of concept and there is a backlash from the security experts that go back to saying that Mac users don't take security seriously.
Such is the case of the latest security threat and it mimics others before it. The so-called worm is said to exploit a vulnerability in mDNSResponder, a component of Apple's Bonjour automatic network configuring service, but it turned out to be nothing. Not only was the so-called worm non threatening, but the maker did not even bother to actually produce it. To top things off, InfoSec's blog, where the worm was announced has recently undergone a metamorphosis and has been renamed to 'Security Information...' a process in which it also lost all previous posts. Computerworld reports the contents of the reply they received: "Blog was hijacked somehow. Also the blog stating I am associated with PHC on another Blog is false and a myth created by Dave Maynor who is involved in the hijacking of the Blog."
Incredibly enough, the security blog was hijacked by hackers and none other than the infamous David Maynor, who is well known for his Mac WiFi exploit that actually involved a third party wireless card and drivers when all Macs come with built-in wireless from Apple. So it looks like this security threat, just like all the others before it have turned out to be no more than smoke and powdered milk. Considering that this is not the first time that non-issues have been turned into serious security threats, how can Mac users actually take security seriously? There have even been cases where the software designed to eliminate the so-called worm actually ended up doing far more damage than the worm ever did, because of false positives.
Do security companies think that Mac users are stupid? Does the media truly have nothing better to do than call bomb scares every time they hear a clock on the Apple campus? How can Mac users be expected to actually take warning seriously if a true threat does come up, considering the track record so far? Computer security is an important matter, but the people responsible for it have turned it into a joke and Mac users are just not laughing.