backtop


Print 31 comment(s) - last by Cheesew1z69.. on Jul 28 at 10:17 PM

Alcoholics Anonymous says the first step to recover is to admit you have a problem

Black Hat's sister conference DEF CON already scored an intriguing high-profile keynote speaker -- General Keith Alexander, head of the U.S. National Security Agency (NSA) and U.S. Cyber Command.  Now Black Hat has an equally surprising keynote of its own from the corporate sector -- a top executive from Apple, Inc. (AAPL).

Apple's talk will be given by Dallas De Atley, manager of Apple’s platform security team -- a team responsible for security both Apple's iOS (iPhone, iPad, iPod) and OS X operating systems.

For years, Apple enjoyed one of the positives of having a small market share and proprietary operating system -- general disinterest via cybercriminals.  But rather than take this safety for what it was  -- safety via obscurity -- Apple instead told customers that its machines were never hacked because their security was lightyears ahead of Microsoft Corp.'s (MSFT).

Security researchers called this a baldfaced lie.  In fact, some say Apple is 10 years behind Microsoft.  Indeed, while Apple security researchers have long reportedly lurked incognito at DEF CON and Black Hat, they did not venture to give a talk until 2008 -- ten years after Microsoft's first (1998) presentation at the conventions.

Black Hat
Apple's first Black Hat talk comes after marketing scuttled a 2008 keynote.
[Image Source: Cult of Mac]

And Apple's late arrival was quickly scuttled by Apple's marketing folks who feared a public relations disaster.  After all, they had been pitching for years that Macs were "magical" and immune to "PC viruses".

Lately, however, OS X has been besieged by malicious Trojans -- first with the fake anti-virus program MacDefender, then Flashback, a fake Flash player update that infected 600,000 Macs.  To make matters worse, a memo leaked from Apple public relations to store employees suggesting they lie to customers about the existence of MacDefender.

Trojan horse
Macs are increasingly the target of Trojans.  Malware writers love Apple's
sluggish pace of patching. [Image Source: Venitism]

The issue for Apple was that with 10 percent of the market and a demographic of relatively affluent users, Apple was starting to become a worthwhile target.  And it struggled with this new breed of OS X-centric malware.

Even Apple's marketing team was forced to reword their marketing amid a rash of infections, perhaps fearing user lawsuits.

Apple's reappearance at Black Hat is significant as it represents Apple marketing's silent acknowledgement that keeping customers in the dark about security threats is no longer a viable option.  With mass media frequently seizing on reports of new malware or security holes in iOS and OS X, Apple is back at Black Hat, much as Microsoft was in 1998 -- looking to turn over a new leaf.

Hopefully this year they won't get cold feet.

Sources: Black Hat, Bloomberg



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Welcome to the show...
By amanojaku on 7/25/2012 9:01:54 AM , Rating: 2
I'd like to point out that this presentation is about the "security features" of iOS. I can provide you with a summary: don't let people do anything without Apple's permission.

I would LOVE to see a presentation on OS X "security". Apple does not have the luxury of locking down the desktop just yet, although it's introducing the idea with the Mac App store. Apple gave up on servers, it's desktops now have proven vulnerabilities, and even iOS has been exploited... I'm very curious to hear the OPINIONS of a company that has no security experience.


RE: Welcome to the show...
By nafhan on 7/25/12, Rating: -1
RE: Welcome to the show...
By amanojaku on 7/25/2012 11:32:03 AM , Rating: 4
quote:
Don't forget, it's not just Apple working on security here. OSX's Unix underpinnings give them the ability to take advantage of decades of past, current, and future security research done by many others.
Not entirely true. UNIX is a framework, not an implementation. For example, the Single-UNIX Specification requires the existence of shells, utilities, and APIs. Apple must write a compliant version of sh, cp, or inetd, or obtain the code from someone.

The same is true for MS. The Windows kernel is unique, but Windows Sockets (and Trumpet before it) is based on Berkley Sockets from UNIX.
quote:
So, they're not going at it alone as much as MS is.
MS isn't going it alone. MS attends more security conferences than Apple. It's aware of the majority of security risks, and addresses them far sooner than Apple. Assuming Apple acknowledges the vulnerability at all.
quote:
At the same time, it's an interesting contrast with MS in that MS has done a pretty good job securing what's inherently a less secure system model, while Apple has done a somewhat poor job securing a system that had a pretty good security model to begin with. Different focus, I guess.
MS never had a choice. MS gets flack for anything that goes wrong with Windows, great or small. As a result, Windows has become fast, stable, and pretty secure.

In contrast, Apple claims nothing can go wrong with OS X, and threatens anyone who points out valid risks. It then copies the security features of other OSes, and rewrites history to say it was always the best. It's not a matter of focus, it's a matter of perception. Apple continues to promote the idea that anything from MS is insecure, while anything from Apple is perfectly secure. Makes you wonder why Apple pulled out of the server game, where security is a requirement...


RE: Welcome to the show...
By nafhan on 7/25/2012 12:54:39 PM , Rating: 2
If I was going to call Unix anything, I would call it a set of interoperability rules, but that's just semantics. My point wasn't that Apple is the same OS as, say RHEL or BSD, or that Windows is completely based on MS's work. It's that OSX is closely related to a number of similar OS's and improvements in those systems can often be directly integrated into other Unix OS's, and yes I do understand that Windows has some components that came from other projects, too. Generally speaking, though, MS avoids that when they can.
quote:
MS isn't going it alone.
I was speaking from an OS development perspective. Improvements in Linux or BSD or a number of other systems can make their way to OSX more easily than they could to Windows. I wasn't meaning that MS never goes to security conferences(???).
quote:
MS never had a choice. etc.
I think you're misunderstanding me. To clarify: I was praising the improvements and current state of MS's OS level security, while also noting that Apple - despite starting with an OS designed for secure, multi-user access - has kind of done a poor job on the security side of things.


"If you look at the last five years, if you look at what major innovations have occurred in computing technology, every single one of them came from AMD. Not a single innovation came from Intel." -- AMD CEO Hector Ruiz in 2007














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki