Any info on how this "worm" wold be able to spread?

Another theory and more FUD! What does it prove? Absolutely NOTHING.

"Part of his stated goal is to dispel notions that Mac OS X is somehow more secure than Windows."

Well if he could "somehow" create a website that I could visit, and just by going there I become part of a botnet, maybe THEN he can start dispelling notions. Until then this is just more FUD piled on to the mountain of FUD already created.

Next headline for macnn?

Microsoft stock to reach $1,000,000 per share? gskibum3 sells one of his Ferraris?

What is with these headlines ending in question marks?

Isn't that inane?

???

..what you wish for.

actually no 'worm' here at all, just a hack to create a 'root' user, all one would need to do is have the OSX firewall turned 'on' and the mac would not respond to the 'dnsresponder' request at all... duh

what's wrong been running your mac again sans firewall?? don't ware seatbealts?? running with siccors again??

if your so conserned about security I'd think you would at least turn on the firewall... which sits on the mackernel and setup a non-admin user to surf the net with if your paranoid... keep your cash under the mattress and keep your front door unlocked and you too will find the milkman in bed with your teenager daughter... ugly thought

...who's the brilliant hacker this time??

can you say 'looser' in french??

Where to start?

First - don't berate others for not using a firewall when you don't know enough to use a spell-checker if your spelling sucks.

The firewall does *not* sit on the Mach Kernel. It is a separate process, and most folks will not enable it, because Macs are "more secure".

mDNSResponder is a key and low-level part of the OS - it is what enables Bonjour discovery of services. Read http://developer.apple.com/networking/bonjour/faq.html for more. It is unlikely that your average user will know how to set up the firewall to block it. I'm fairly certain you don't.

It is unclear to me whether this worm would be limited to local networks, as bonjour and mDNSResponder is - it has the ability to do Unicast over the internet but I'm not certain that's enough for a worm to propagate. Even if it can, I'm not certain how it would create a root user for those who have not enabled it. If both of these are true, then this is a serious and huge vulnerability. In any case, it's definitely something worth taking seriously until disproven.

And it's 'loser', not 'looser'. In French it's roughly translated as 'hokizpokis est un cretin'.

While I believe my Mac is much more secure than Windows, I also understand that it's not invulnerable. Some of these coders who are bound and determined to expose security flaws in OS X claim to be part of professional services groups. If that's really the case, then they'll work with Apple to close any holes before they can be exposed in the wild.

"Part of his stated goal is to dispel notions that Mac OS X is somehow more secure than Windows, an aim shared with many current security commentators."

Even if this were true, here is the score.

Mac OS X = 1 Window = 110,000+

Yep, looks pretty close to me, I guess the Mac is just as unsecure as Windows!

And why doesn't apple turn the firewall on by default, anyways?