Digg

Discover the best of the web!
Learn more about Digg by taking the tour.

Write a virus for OSX and earn $500

wilshipley.com — Wil Shipley, independent Apple software developer, has offered a $500 bounty for anyone who can exploit a base OSX install with the latest security patches. It's time to put up or shut up.

Bury

mdweezer 2 years 328 days ago, made popular 2 years 328 days ago

866 diggs
digg it

102 Comments
Who Dugg It?
Blog It
Email It

bigred, on 10/12/2007, -1/+1Will $500 cover bail these days?
mdweezer, on 10/12/2007, -1/+0Exploits are written and released every day.... Hop on a security focus mailing list and you'll get them daily. Writing a proof of concept for something like this is pretty common and won't result in a jail sentence.
BugMeNot2, on 10/12/2007, -1/+0So many people are going to write viruses and find exploits that he'll go broke.
mdweezer, on 10/12/2007, -1/+0RTFA - It says "to the first person".

Aka get moving
blixel, on 10/12/2007, -0/+4Headline for this digg submission is misleading.

This guy is basically saying he'll pay $500 to anyone that can prove an exploit has already happened. But he's not willing to pay someone $500 if they discover a new vulnerability and exploit it?

From his blog: "I will only offer this bounty once, and as you can see, the deadline for the viruses to have done their dirty work is in the past. So, if you're planning to write a new virus just to win the challenge, well... that won't work unless you also make a time machine."

That doesn't instill much faith in the product. He's just banking on the hope that nobody has bothered writing an exploit up to this point.

Don't get me wrong - I don't have anything against OSX. (I own an iBook. Though I prefer using my PC with Gentoo for all my normal stuff. The iBook is a nice piece of portable computing hardware though.) But I think his challenge is kind of flawed.
berean, on 10/12/2007, -4/+0Who needs a virus when it crashes by itself anyway.
anagami, on 07/02/2008, -1/+0I agree, it should be a new virus.
mdweezer, on 10/12/2007, -4/+0You did see it said "OSX" and not "Windows" correct? Not only myself but many others would say that OSX has incredible stability and the only reboots I've done are for security patches.
sq377, on 10/12/2007, -2/+1Hmm... Can i write something to install an emulated windows?
MorpheoZ, on 10/12/2007, -2/+0LOL @ Can i write something to install an emulated windows?

that would be a nasty virus...
neocitron, on 10/12/2007, -2/+0i would like to see someone actually produce a virus and mass spread it.. infecting many OS X users... i believe that will almost never happen... but prove me wrong someone.
don't just find an exploit... EXPLOIT IT!
7of7, on 10/12/2007, -3/+1Need to up the award a little bit. All the loser idiots who write them for Windows get paid big bucks by dirtbag spammers. No spammer would hit OS X because it's such a small audience. Same with Linux. There's no point in trying to adbot an OS that's only used by neurotic tinkerers.
jediboytj, on 10/12/2007, -1/+2berean... I think you have this topic confused with Windows.

anyway, Its not necessarly flawed, he just wants someone to show him a Mac OS X virus that replicates itself, and gets down into the os x base system to wreck havoc, all without the user knowing what happened, or knowing how it happened. He just wants to prove a point about how people call OSX "MOSTLY virus free", when it is (depending on the results of this investigation), basically fully virus free. now, he is not saying that someone CANT write a virus, he just wants to prove that no one HAS written a virus for the mac. simple as that
OreosRgood4me, on 10/12/2007, -3/+2Hehe, a G5 crashed on me today in the Apple store.

I had a good laugh.
Lionhart, on 10/12/2007, -4/+1apple fanboys annoy the hell out of me
CaptSnuffy, on 10/12/2007, -2/+0Well i'm all for some good ol fashioned mac hating, but that's going too far. Why spoil something that has been good so far? Is it to shut up the mac fanboys? I just don't think exposing vulnerabilities (without notifying apple to fix them) will get us anywhere. If someone wants to shut them up, fix what problems windows has, and then you've fixed the problem entirely.
cwoolf34, on 10/12/2007, -4/+0i love apple computer!!!! yeaaaaa.... yeaaaaa.... i got mail!!!!
nauthiz, on 10/12/2007, -4/+0windows fanboys annoy the hell out of me
adamcurtis, on 10/12/2007, -1/+1I had my iBook a little less than a year and I never turned it off and it never crashed once. But there are exploits happening all over the place for OS X, they are just not as widely used as those for Windows.
berean, on 10/12/2007, -2/+1No, I'm not confusing this with Windows. If you think Mac is stable, you're kidding yourself. I'm not a fan of Windows, but I'm not going to run to another unstable OS just because it's not Gatesware.
mdweezer, on 10/12/2007, -3/+0After a quick review of the comments...

Intelligent comments - People who have contributed to digg

Immature comments - People with 0 stories contributed

Too many lurkers on this site looking to flame stories when they should be finding good content and contributing.

Berean - Find me some good resources documenting OSX as a unstable OS?
a_greer, on 10/12/2007, -1/+1I am sure the pricks that run the antivirus companies would gladly pay 100 times that for a working mac virus and 1000 times that for a self propagating worm.
TheNik, on 10/12/2007, -1/+0If I can write a virus for Nix, can someone give me money?
Rndm_Tngnt, on 10/12/2007, -1/+1Why is that funny, Oreos? Computers crash all the time.
salweem, on 10/12/2007, -2/+0Good point mdweezer.
rtphokie, on 10/12/2007, -1/+0$500 whole dollars? Wow how generous.
manfesto, on 10/12/2007, -2/+0Wow, that actually is a good point mdweezer.
wastern, on 10/12/2007, -1/+0there was already a place that offered $25,000 and no one came through. what makes him think $500 will produce a better pool of writers

there was also $50,000 offered on the BSD operating system (what OS X is based in), and again there was nothing that came of it
mdweezer, on 10/12/2007, -3/+0I think there should be a system setup where you're not able to Digg until you've contributed a certain amount of stories, or you have to Digg X number of stories before being able to submit stories (to help sort out the crap that is submitted).

I also think people who have stories on the page should give the story a better chance of getting on the front page sooner.

Lots and lots of ideas for Digg.
gab00n, on 10/12/2007, -3/+0You ***** retard why did you post this? The due date has already passed. Read the article in full before you post dumbass.
djcoolmax, on 10/12/2007, -4/+0just opened a can of w*****a55.
ryancurtis, on 10/12/2007, -0/+1whoever submitted this kinda distorted what it REALLY is...it is not WRITING a virus...it is proving someone has had one.
mdweezer, on 10/12/2007, -1/+1Gab00n: "The challenge ends at 23:59:00, October 16, 2005"

RTFA.

Thanks.
tonyellard, on 10/12/2007, -1/+0The last time someone did something like this, Apple wrote them a cease and desist notice within 24 hours...

The whole thing is a bunch of crap anyway, I think we all can agree that there is no such thing as a perfect OS...and while Windows is full of holes, the reason it's targeted all the time is that they still have over 75% market share and everyone hates the company, blah blah blah, thank you, come again.
gaius_baltar, on 10/12/2007, -1/+0Finally!! I want to see if it can be done and if I should put up my Mac OS X firewall! ;)
gab00n, on 10/12/2007, -1/+0My bad, the software has to be updated as recently as Sept 20, i thought that was the due date for all submissions. So i guess october is the due date, his poor grammar threw me off into a wild rampage. I still think everyone is a ***** retard though,including me. :)
gareth, on 10/12/2007, -1/+0People who write viruses use computers. What do all hackers need? More computers. Put up enough $$$$ to buy a nice PC and someone might consider hading over their exploit knowledge for your benefit.
PCGUY112887, on 10/12/2007, -1/+2Actually this is a good idea for any OS. Say Bill Gates offered $1000 to anyone who found a new hole in Windows, kept it secret and filled out the correct layout for reporting the exploit and turned it in. If it was reviewed and deemed as a real security issue, it could be fixed and Windows would be 1 step safer.
jasqwerty, on 10/12/2007, -2/+1As a general note on these kinds of stupid 'contests', there's a reason they never succeed.

-The people who do this don't usually put stuff out in public, 0-day all the way.
-The market share isn't there for anyone to care about non-windows at the moment.
-They also get payed THOUSANDS to exploit ***** for spammers and mafia types, and going public so it's patched sure as hell isn't going to happen. Might even be bad for you health. ;-)

Black hats outnumber white hates by ORDERS OF MAGNITUDE, and I've seen exploit techniques for OSX.

Another nitpick, what does he want exactly? Is it supposed to ***** up your HD? Spread itself? Keylog all your strokes back to someone? Run itself?

What kind of infection vectors does this guy want, and what does he want it to do. These are seldom answered
Essefgy, on 10/12/2007, -3/+0language...is a virus...(a-oo!)
Sixcolors, on 10/12/2007, -1/+0Biggest problem with holding a virus competition is in the testing. If it spreads and they find out who's responsible, $500 isn't going to cover your court fees. This guy's not even sure that he wants to pay up.

"So, here's my plan. I'm not putting it into effect yet, but I'm soliciting comments, and if nobody can prove it's a bone-headed idea, I'll go ahead with it."
Sounds like if he thinks that no one can prove there's been a truly problematic virus for OS 10, then he'll put money on the line. That's kind of like making sure the other horses are lame before betting on your first pick to win.
dcharti, on 10/12/2007, -3/+0What a pity, I used to respect this hole
Dropscience, on 10/12/2007, -5/+0Yall ma ***** cant do it...noobs been talkin *****, but yall cant do it, so shut the ***** up.
mdweezer, on 10/12/2007, -0/+1My guess the goal is to get a root shell.
dcharti, on 10/12/2007, -0/+2Too bad mdweezer didn't actually read Wil Shipley's post, which I actually just went and did. He isn't offering the $$ for someone who WRITES the virus; he's offering it if someone can prove that OS X's been infected, there's a difference. He isn't inciting some coder to start going at it, he's trying to find definitive proof that OS X (not say, Microsoft Crap™) has been infected.
h4lofourt33n, on 10/12/2007, -2/+0So now digg is a site hosting virus authoring contests. w00t. Regardless,it might be entertaning to see if anyone can actually do it. Kind of dangerous to see what happens if the wrong hands get ahold of it though. Oh well, way to perpetuate the downfall of IT security via tech news websites.
rauz, on 10/12/2007, -2/+0Someone's already done it:
http://www.microsoft.com/mac/products/virtualpc/virtualpc.aspx?pid=virtualpc
;)
No, I'm not a fanboy, per se.
macattacks10, on 10/12/2007, -1/+1I don't think it has to do with the audience totally. I am sure there are lots of people that want to stick it to Apple heads and show them they aren't invincible. While we aren't, no one has created anything, even with many proof of concepts, I am surprised one person hasn't jumped on one of those concepts and created anything. All the most serious holes are still very hard to spread around, even if everyone was a Mac user.
ORBIT, on 10/12/2007, -1/+0My 2 cents.
$500 dollars isn't worth it. If I had the time, and was malicous, I would write a virus for the most common install setup windows, making much more money reselling zombie computers and/or making money off ad flushing w/ the zombie net. If I had the time, and wasn't malicous, I would work on some software that people could reaccuringly pay me for.

Either way, it would be more then $500 dollars.
mdweezer, on 10/12/2007, -1/+0Alright, I clearly understood the article and I admit the title is a little off however the content is correct.

Exploit OSX as it stands and collect the bounty.

Technically you could interpret the title correctly, I didn't specificially say when you had to write it.
Show 51 - 92 of 92 discussions
Login or register to add a comment

Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.

Write a virus for OSX and earn $500

Login or register to add a comment