backtop


Print 85 comment(s) - last by vol7ron.. on Dec 11 at 11:28 PM

Pickup should boost Apple's recently struggling security efforts

Malware authors, who are finally taking note of the company’s operating system amid rising market share, have of late victimized Apple, Inc. (AAPL).  Amid struggles with malware -- mostly Trojans (programs that imitate real software or are carried by seemingly innocent webpages and trick users into installation) like MacDefender and Flashback -- the company has been scrutinized by security firms who suggest it needs help, and a more proactive stance on plug-in patching.

The highly profitable computer and digital device maker made a key step in the right direction this week, though, hiring Kristin Paget (formerly Chris Paget), according to a report by Wired.

Ms. Paget seems a natural fit for Apple.

She has said in past interviews that she is a "total Unix head" (OS X is Unix-like) and dislikes Windows.  And she's expressed an interest in hardware security.  When she left Recursion Ventures, her security firm, in July she expressed a desire to move away from bug-finding.  

Thus she may see her talents first applied to Apple's efforts to lock firmware hackers like George "GeoHot" Hotz out of Apple's iOS firmware.  Since the launch of the iPhone, Apple has been largely unable to stop such hackers from defeating its digital rights management scheme (via jailbreaking) and its network locking (via unlocking).  Apple has hired hackers in the past (most notably "Comex") to try to shore up its firmware, but the efforts have oft fizzled.

The new recruit, though, could fare better as she brings a long history of eye-opening security exploits.  In 2010 at DefCon hacker conference she set up a cell-phone intercepting station, a low-cost homebrew hardware setup that tricked towers into routing calls -- even encrypted ones -- through it, allowing conversations to be snooped on.

Kristin Paget
Kristin (formerly Chris) Paget led the bug finding hunt that helped dramatically improve the security of Windows Vista. [Image Source: Jean-Philippe Martin]

But Ms. Paget's most prestigious honor was delaying Windows Vista and in the process greatly improving its security.  In 2006 she was hired by Microsoft Corp. (MSFT) to assist with the final development of Vista.  According to recent speeches, which she gave after her five-year non-disclosure agreement (NDA) with Microsoft expired in 2011; Microsoft had expected a clean bill of health when they brought her onboard.

Instead, she and her team found a wealth of bugs.  She recalls, "We prevented a lot of bugs from shipping on Vista.  I’m proud of the number of bugs we found and helped get fixed."

The bug hunt was so successful that it forced Microsoft to delay Windows Vista.  Ms. Paget and her team received honorary shirts from Microsoft Vice President of Windows Development Brian Valentine that read: “I delayed Windows Vista.”

Windows Vista is widely viewed as a turning point in Microsoft's security history, paving ground for later 

Source: Wired



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: OS X is not secure?
By DukeN on 12/7/2012 2:53:47 PM , Rating: 2
No, they have a patent to back that up (probably..)


RE: OS X is not secure?
By Gondor on 12/7/2012 4:40:45 PM , Rating: 2
Speaking of which, it's nice to see yet another bull$hit patent of theirs invalidated. I expect Mick's story any moment now ;-)


RE: OS X is not secure?
By spread on 12/8/2012 12:04:54 AM , Rating: 2
quote:
another bull$hit patent


Excuse me. Excuse me. Do you know how much work Apple puts into finding proper patents to steal? And then stealing them? Probably more work than the original inventors of said patents put into making them.


RE: OS X is not secure?
By arazok on 12/10/2012 9:00:37 AM , Rating: 2
The patent is a drawing of an apple beside a skull and crossbones with an X throug it. Anyone who makes a virus is infringing on it.


"We are going to continue to work with them to make sure they understand the reality of the Internet.  A lot of these people don't have Ph.Ds, and they don't have a degree in computer science." -- RIM co-CEO Michael Lazaridis














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki