backtop


Print 31 comment(s) - last by Cheesew1z69.. on Jul 28 at 10:17 PM

Alcoholics Anonymous says the first step to recover is to admit you have a problem

Black Hat's sister conference DEF CON already scored an intriguing high-profile keynote speaker -- General Keith Alexander, head of the U.S. National Security Agency (NSA) and U.S. Cyber Command.  Now Black Hat has an equally surprising keynote of its own from the corporate sector -- a top executive from Apple, Inc. (AAPL).

Apple's talk will be given by Dallas De Atley, manager of Apple’s platform security team -- a team responsible for security both Apple's iOS (iPhone, iPad, iPod) and OS X operating systems.

For years, Apple enjoyed one of the positives of having a small market share and proprietary operating system -- general disinterest via cybercriminals.  But rather than take this safety for what it was  -- safety via obscurity -- Apple instead told customers that its machines were never hacked because their security was lightyears ahead of Microsoft Corp.'s (MSFT).

Security researchers called this a baldfaced lie.  In fact, some say Apple is 10 years behind Microsoft.  Indeed, while Apple security researchers have long reportedly lurked incognito at DEF CON and Black Hat, they did not venture to give a talk until 2008 -- ten years after Microsoft's first (1998) presentation at the conventions.

Black Hat
Apple's first Black Hat talk comes after marketing scuttled a 2008 keynote.
[Image Source: Cult of Mac]

And Apple's late arrival was quickly scuttled by Apple's marketing folks who feared a public relations disaster.  After all, they had been pitching for years that Macs were "magical" and immune to "PC viruses".

Lately, however, OS X has been besieged by malicious Trojans -- first with the fake anti-virus program MacDefender, then Flashback, a fake Flash player update that infected 600,000 Macs.  To make matters worse, a memo leaked from Apple public relations to store employees suggesting they lie to customers about the existence of MacDefender.

Trojan horse
Macs are increasingly the target of Trojans.  Malware writers love Apple's
sluggish pace of patching. [Image Source: Venitism]

The issue for Apple was that with 10 percent of the market and a demographic of relatively affluent users, Apple was starting to become a worthwhile target.  And it struggled with this new breed of OS X-centric malware.

Even Apple's marketing team was forced to reword their marketing amid a rash of infections, perhaps fearing user lawsuits.

Apple's reappearance at Black Hat is significant as it represents Apple marketing's silent acknowledgement that keeping customers in the dark about security threats is no longer a viable option.  With mass media frequently seizing on reports of new malware or security holes in iOS and OS X, Apple is back at Black Hat, much as Microsoft was in 1998 -- looking to turn over a new leaf.

Hopefully this year they won't get cold feet.

Sources: Black Hat, Bloomberg



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Welcome to the show...
By Ytsejamer1 on 7/25/2012 8:28:53 AM , Rating: 3
Well, Apple's platform is now in the big leagues and not some mere afterthought. I'll be curious to see how much energy they put into keeping their customer's systems safe.

I think Microsoft has done a pretty decent job considering the vast application and platform compatibility for Windows. Apple keeps a platform's life cycle pretty short and simply refuse to let older programs be installed or run on later versions of their OS. So in theory, it should be much easier for them to keep things up to date and secure.




RE: Welcome to the show...
By amanojaku on 7/25/2012 9:01:54 AM , Rating: 2
I'd like to point out that this presentation is about the "security features" of iOS. I can provide you with a summary: don't let people do anything without Apple's permission.

I would LOVE to see a presentation on OS X "security". Apple does not have the luxury of locking down the desktop just yet, although it's introducing the idea with the Mac App store. Apple gave up on servers, it's desktops now have proven vulnerabilities, and even iOS has been exploited... I'm very curious to hear the OPINIONS of a company that has no security experience.


RE: Welcome to the show...
By nafhan on 7/25/12, Rating: -1
RE: Welcome to the show...
By amanojaku on 7/25/2012 11:32:03 AM , Rating: 4
quote:
Don't forget, it's not just Apple working on security here. OSX's Unix underpinnings give them the ability to take advantage of decades of past, current, and future security research done by many others.
Not entirely true. UNIX is a framework, not an implementation. For example, the Single-UNIX Specification requires the existence of shells, utilities, and APIs. Apple must write a compliant version of sh, cp, or inetd, or obtain the code from someone.

The same is true for MS. The Windows kernel is unique, but Windows Sockets (and Trumpet before it) is based on Berkley Sockets from UNIX.
quote:
So, they're not going at it alone as much as MS is.
MS isn't going it alone. MS attends more security conferences than Apple. It's aware of the majority of security risks, and addresses them far sooner than Apple. Assuming Apple acknowledges the vulnerability at all.
quote:
At the same time, it's an interesting contrast with MS in that MS has done a pretty good job securing what's inherently a less secure system model, while Apple has done a somewhat poor job securing a system that had a pretty good security model to begin with. Different focus, I guess.
MS never had a choice. MS gets flack for anything that goes wrong with Windows, great or small. As a result, Windows has become fast, stable, and pretty secure.

In contrast, Apple claims nothing can go wrong with OS X, and threatens anyone who points out valid risks. It then copies the security features of other OSes, and rewrites history to say it was always the best. It's not a matter of focus, it's a matter of perception. Apple continues to promote the idea that anything from MS is insecure, while anything from Apple is perfectly secure. Makes you wonder why Apple pulled out of the server game, where security is a requirement...


RE: Welcome to the show...
By nafhan on 7/25/2012 12:54:39 PM , Rating: 2
If I was going to call Unix anything, I would call it a set of interoperability rules, but that's just semantics. My point wasn't that Apple is the same OS as, say RHEL or BSD, or that Windows is completely based on MS's work. It's that OSX is closely related to a number of similar OS's and improvements in those systems can often be directly integrated into other Unix OS's, and yes I do understand that Windows has some components that came from other projects, too. Generally speaking, though, MS avoids that when they can.
quote:
MS isn't going it alone.
I was speaking from an OS development perspective. Improvements in Linux or BSD or a number of other systems can make their way to OSX more easily than they could to Windows. I wasn't meaning that MS never goes to security conferences(???).
quote:
MS never had a choice. etc.
I think you're misunderstanding me. To clarify: I was praising the improvements and current state of MS's OS level security, while also noting that Apple - despite starting with an OS designed for secure, multi-user access - has kind of done a poor job on the security side of things.


RE: Welcome to the show...
By Motoman on 7/25/2012 10:04:43 AM , Rating: 2
Nah, it's still pretty much an afterthought. Worldwide installed base is still about ~5% of all personal computers. Still statistically insignificant - and almost certainly always will be.

It is highly entertaining though to see Apple have to go through this though, after years of their mindless propaganda and storytelling.


RE: Welcome to the show...
By Strunf on 7/25/2012 11:30:49 AM , Rating: 2
It may be 5% but it's a very nice 5%, on average Mac users are by far wealthier than windows users so even if the number of potential targets is smaller the rewards are much higher, not too mention that Apples cultivates the idea they are fireproof and hence their users may feel safer enough to store just about anything on their computers without even caring for security.


RE: Welcome to the show...
By Apone on 7/25/2012 12:22:03 PM , Rating: 2
quote:
Mac users are by far wealthier than windows users....


Agreed however I know many non-rich people who will starve, sell a kidney, or otherwise compromise their way of life just to get their hands on a $2000+ Macbook...


RE: Welcome to the show...
By momorere on 7/25/2012 1:14:36 PM , Rating: 2
Oh how I love the typical holier-than-thou Apple fanatic's view of the world. Not only are you "richer" but you are "smarter" and more "sophisticated" but you are also just "better people". All hail Apple and it's sheeple


RE: Welcome to the show...
By Mitch101 on 7/25/2012 2:57:39 PM , Rating: 2
Apple computers cost much more than a PC and would not be found in lower class societies where the education system would be lacking compared to the middle and upper class areas who would have higher income and a better education system.

Its not that Apple users are smarter its that Apples aren't affordable enough for lower income families.

Which makes comments of Apple users being richer and smarter just that of ignorance, arrogance, or future apple factory workers.


RE: Welcome to the show...
By momorere on 7/25/2012 3:35:15 PM , Rating: 2
Have you ever read any article about Apple posted on Yahoo ? I know this site's users have much more knowledge of technology but the average joe or jane only reads stuff posted by Yahoo and the such. Apparently not. Anytime that anyone says anything negative about or towards Apple, the #1 response is "do you hate Apple because you can't afford one ?" The that is followed up by how stupid Android users are then they start talking about how poor Android users are yet again. I would be homeless before I ever worked for Apple.

Their products aren't even allowed in my house. That's right my house that I paid 75% of it as a down payment. For some reason I paid payments for 1 year before deciding to go ahead and pay it off with a check that is far greater than most people make in a year. I also have 2 new cars I paid CASH for. It's fantastic having no monthly bills minus utilities. Not bad for a "poor and non-college graduate" Android user huh ? Oh yeah I this was accomplished before my 29th birthday.

So, have fun paying $600 for every "new" iPhone release while being in debt otherwise.


RE: Welcome to the show...
By testerguy on 7/26/2012 8:53:16 AM , Rating: 1
quote:
Anytime that anyone says anything negative about or towards Apple, the #1 response is "do you hate Apple because you can't afford one ?"


Honestly never seen that response on Yahoo.

If I did see such a response, I wouldn't be so mind-numbingly stupid to generalise about a whole companies market based on it, though.

quote:
I would be homeless before I ever worked for Apple.


Do you think insane and ridiculous irrationality lends any credence to your points?

quote:
Their products aren't even allowed in my house. That's right my house that I paid 75% of it as a down payment. For some reason I paid payments for 1 year before deciding to go ahead and pay it off with a check that is far greater than most people make in a year. I also have 2 new cars I paid CASH for. It's fantastic having no monthly bills minus utilities. Not bad for a "poor and non-college graduate" Android user huh ? Oh yeah I this was accomplished before my 29th birthday.


Despite the epic and transparent insecurity you demonstrate, why do you think that for you, there aren't thousands of better off, far more successful, younger people (such as myself), who own Apple products? I don't find anything particularly impressive in your claims, in fact if anything the fact you think that owning a house and cars sets you apart suggests to me a distinct lack of success and failed networking.

Of course, the overriding point is that you are a statistical irrelevance. Android users are, according to surveys, less educated and earn less money. That is a statistical fact, it's a proven correlation.

Whether or not there is causation or not is a matter for debate, but the correlation is not.


RE: Welcome to the show...
By momorere on 7/26/2012 11:12:26 AM , Rating: 2
Nice try Tony personae #2 but you yet fail again to prove anything besides your relentless love of Apple. I distinctively remember you in another thread stating how you aren't anti-Android but you only try to tell the "truth" to all. Yet, I have NEVER read anything from you remotely saying anything negative about Apple. It's actually really really sad that you had to create another personality to try and further your pathetic pro-Apple agenda.

i understand that this is the internet and everyone tries to one-up each other but my God, Apple fanatics are by far the worst ever. Of course, you being an Apple sheep, you would just so happen to be "younger and more successful" than me due to your superior linguistics, higher education, lavish lifestyle, and your overall just a better people than all others.

I'm not a hardcore Android user or ever intend to be due to the fact that the Nexus 7 is the first and last "smart" device I will ever own. It is a fantastic product but the whole tablet/phone genre is just much too underpowered for my tastes. Good luck to you in your future endeavors with the whole Apple thing as we all know this is just the beginning of the end of their "rule" of the mobile space. I really look forward to using all of my points to downgrade each and every one of your personae's comments in future articles regarding Apple.


RE: Welcome to the show...
By Cheesew1z69 on 7/28/2012 10:15:04 PM , Rating: 1
You really are a mental fucking nut case and this post proves it.

quote:
I wouldn't be so mind-numbingly stupid
The fact is... you are.

quote:
I don't find anything particularly impressive in your claims, in fact if anything the fact you think that owning a house and cars sets you apart suggests to me a distinct lack of success and failed networking.
Huh? He paid off his house with money he had available yet he isn't successful? And you come to this conclusion how? Oh, that's right, your brain is a fucking mental mesh of mush. My god you are a moron.


An Apple a day....
By inperfectdarkness on 7/25/2012 8:14:38 AM , Rating: 5
...doesn't keep the viruses away.




RE: An Apple a day....
By TSS on 7/25/2012 2:41:19 PM , Rating: 2
It's kind of funny when you think about it. I mean if you think back to those cartoons you saw as a kid, in every single one of them, if a Worm has an house it's in an Apple.


But....
By FITCamaro on 7/25/2012 12:15:19 PM , Rating: 2
I thought Microsoft had a monopoly...




RE: But....
By momorere on 7/25/2012 12:42:39 PM , Rating: 2
Apple is trying to become a monopoly with the help of all these bans on other company's products. To the average consumer, this monopoly will not hurt Apple's image, due to them only following governments/courts orders.


RE: But....
By Apone on 7/25/2012 1:41:01 PM , Rating: 2
Actually the only one true monopoly that I'm aware of is the De Beers diamond manufacturing company. No other location in the world has the diamond source mine, stockpile, or quality of De Beers, nor do any of its competitors can match or beat De Beers head-on because it controls the only considerable diamond source (South Africa) in the world.


LOLZ
By momorere on 7/25/2012 8:16:41 AM , Rating: 2
Hell, they can't even patch an exploit allowing the download of free apps from their "perfect and invulnerable" app store. I guess they isn't "an app for that" !!! LOL is all i can say but atleast they are starting to act like they care about security

http://www.tomsguide.com/us/Apple-iOS-6-App-Purcha...




lols
By NellyFromMA on 7/26/2012 9:46:15 AM , Rating: 2
quote:
Apple's talk will be given by Dallas De Atley, manager of Appleā€™s platform security team -- a team responsible for security both Apple's iOS (iPhone, iPad, iPod) and OS X operating systems.


That seems to be a rather broad scope of devices to ensure security on. Compare that to Microsoft's plethora of security specialists and I think it's easy to see who takes security more seriously.




By 325hhee on 7/26/2012 12:21:28 PM , Rating: 2
Anyone that claims to have one, is just using it wrong.




It's not that bad
By bug77 on 7/25/12, Rating: -1
RE: It's not that bad
By Rukkian on 7/25/2012 10:23:42 AM , Rating: 2
I am pretty sure I won't either, since I will not use their products.

As for windows and Android, I have not been infected with anything in 5+ years, and even then it was somebody else in my family. If you have a brain, and pay attention, nobody has issues.

When you tell people they are invulnerable enough, the gullible (most apple users?) easily fall for it.


RE: It's not that bad
By bug77 on 7/25/2012 11:18:26 AM , Rating: 2
It's not necessarily about being gullible. It's just that problems you don't understand, simply do not exist for you. Do you parents know the difference between a trojan and a worm? Mine don't. Hell, it took years to educate people Internet Explorer is not the Internet and there's a thing called a web browser. Now finally people have smartened up: now they know the web is the internet...
This is the basis of Apple's approach after all: if users don't know they have the right to do stuff on their computer, they won't mind if that right is taken away. Especially if you promise to take of security for them in exchange.


RE: It's not that bad
By Apone on 7/25/2012 12:18:21 PM , Rating: 2
quote:
It's not necessarily about being gullible.


But isn't that why people migrate to the Mac platform? Because it apparently makes computing idiot-free? Heaven forbid Mr./Ms. Average Joe computer user cannot be bothered to learn common sense computing precautions such as not automatically opening every email attachment they receive.

Also many Mac users are people who don't know (or don't care) about technology and just want to use a computer. If it's not that, it's bandwagon Mac customers jumping aboard the OS X train because their friends and family, etc. are all on it (social peer pressure?).

You actually bring up a good point between knowing the difference between worms and trojans. If the infection is on a Windows PC, Mac users always lump it into one big infection category and just assume Windows is inherently insecure. But if it's on a Mac, now there's a difference between worms and trojans?

Also when Mac users say "IT'S SOCIAL ENGINEERING, THE INFECTION REQUIRES USER INTERVENTION!". Isn't that exactly how a Windows computer gets infected? Unless there are airborne Windows viruses/malware/trojans that I don't know about?....


RE: It's not that bad
By bug77 on 7/25/2012 1:05:53 PM , Rating: 2
Well, computers are not an end-goal, they're just a means to an end. If you're a writer and only need to write your stuff or a photographer that only needs to launch Photoshop, should you also become a security expert and systems administrator? As an engineer, I would answer yes, but many people will disagree.
I wouldn't call anyone gullible just because they want to get their job done.
Of course, Apple's approach of "forget everything about security and it won't harm you - because we say so" isn't productive either. When you're using a tool you don't know much about, you should, at the very least, try to find out if it could cut your fingers if not used properly.


RE: It's not that bad
By testerguy on 7/26/2012 8:58:31 AM , Rating: 2
quote:
quote: It's not necessarily about being gullible. But isn't that why people migrate to the Mac platform?


How ironic.

You confuse people who don't seek unnecessary complications (the idea, at least, of Mac OS), with being gullible?

Do you not understand that you don't necessarily have to be gullible or lack anything to seek simplicity? In fact, it is the logical deduction given two systems, all else being equal, to seek the least complicated and least time consuming one to use. This is why the Google home page is essentially just a textbox and a button. Are you 'gullible' for using that instead of Yahoo? No, because complication isn't desirable in itself. Exactly the same can be applied to the Android vs iOS debate.

Of course, all else isn't equal - for me Mac OS is rubbish and of course the claims of being easier to use are just that - but your logic is completely flawed.


RE: It's not that bad
By Cheesew1z69 on 7/28/2012 10:17:22 PM , Rating: 2
quote:
your logic is completely flawed.
Everybody but you has flawed logic. Simply amazing.


RE: It's not that bad
By bupkus on 7/25/2012 2:43:12 PM , Rating: 2
Hot Dogs! Hot Dogs!

Vendor: Hey, how about a hot dog to go with your cool-aid?


RE: It's not that bad
By bug77 on 7/25/2012 6:13:41 PM , Rating: 2
Not sure if you got my drift, but I don't get Apple viruses because I don't own Apple hardware ;-)


"We shipped it on Saturday. Then on Sunday, we rested." -- Steve Jobs on the iPad launch














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki