Software // Enterprise Applications
News
11/28/2007
06:21 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
Repost This

Mac Hack Attack Exposed As A PR Stunt

Defaced versions of AppleMatters.com and iPhoneMatters.com were hoaxes, but real Mac-specific hacks are widely expected as Apple gains market share.

A McAfee security researcher Tuesday warned that a self-proclaimed Mac user had hacked and defaced two Mac fan sites for... excessive fandom.

A screen shot of the hack reads, "This site has been flagged for excessive Apple fanboism, and has been taken down for 24 hours." The image depicts a green Apple riddled with worms.

Take that, AppleMatters.com and iPhoneMatters.com.

"This is possibly the first time a hacker is targeting Mac-related Web sites," said McAfee security researcher Harish Garg in a blog post on Tuesday. "This is an interesting month for the Mac user base, with multiple Trojans/malware appearing, along with a horde of security updates from Apple itself. Things are definitely heating up in Mac Land!"

In fact, they are. Sunbelt Software Wednesday warned about a new version of TrojanDNSChanger that can affect either Windows or Mac users. And as Macs continue to gain market share, more Mac-specific hacks are widely expected.

But the AppleMatters.com hack turned out to be nothing of the sort and before Tuesday came to a close, founder, publisher, and editor-in-chief Hadley Stern was doing his best to dispel the suggestion that EllisLab's ExpressionEngine software, used to publish AppleMatters.com, might be vulnerable to attack.

"When I was first approached about the hoax I thought it was a little harmless fun," Stern said in a blog post on Tuesday. "I am literally shaking right now because I did not fully understand the impact of this, so lesson learnt. Again, Apple Matters, running on ExpressionEngine, was in no way hacked. It was a joke publicity stunt that I thought would be funny to attract attention."

Stern published a second apology on Wednesday and again tried to make it clear that ExpressionEngine isn't full of holes. "Too often in the Mac community we take ourselves way too seriously and the idea of participating in something other sites were already participating in seemed harmless," he said. "I wasn't doing it for traffic, or fame, just for fun. Of course, in the process I let down the readers of this site, and the Web hosting provider, and the maker of the excellent CMS the site uses."

Stern did not respond to a request for comment.

An apology posted by John Casasanta, who runs the MacHeist site, which was involved with the "hack," also stressed that AppleMatters.com's Web host and CMS software were in no way deficient. "We really hope that the people behind the 'hacked' sites, their hosting compaines, and the companies that create their content management systems aren't looked upon negatively by you all," he said in a forum post. "The intent of everyone wasn't malicious but just to have some fun."

Craig Schmugar, threat researcher at McAfee, noted that while security professionals wouldn't necessarily see a Web site defacement as a sign of shoddy software -- it might be the result of inept configuration -- a significant number of people might jump to that conclusion.

Asked whether the Mac community responds to news of security flaws differently from the PC community, Schmugar paused to consider his words carefully, perhaps pondering a deluge of angry e-mail. "There is a group of extreme Mac enthusiasts who are quick to be on the defensive," he said.

Mac users might benefit from a more defensive posture, now that malware authors are showing more interest in Apple's software and hardware. Pointing to the TrojanDNSChanger, Schmugar said, "The group that writes some of the most prevalent malware for PCs is now doing the same for Macs."

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.