backtop


Print 85 comment(s) - last by vol7ron.. on Dec 11 at 11:28 PM

Pickup should boost Apple's recently struggling security efforts

Malware authors, who are finally taking note of the company’s operating system amid rising market share, have of late victimized Apple, Inc. (AAPL).  Amid struggles with malware -- mostly Trojans (programs that imitate real software or are carried by seemingly innocent webpages and trick users into installation) like MacDefender and Flashback -- the company has been scrutinized by security firms who suggest it needs help, and a more proactive stance on plug-in patching.

The highly profitable computer and digital device maker made a key step in the right direction this week, though, hiring Kristin Paget (formerly Chris Paget), according to a report by Wired.

Ms. Paget seems a natural fit for Apple.

She has said in past interviews that she is a "total Unix head" (OS X is Unix-like) and dislikes Windows.  And she's expressed an interest in hardware security.  When she left Recursion Ventures, her security firm, in July she expressed a desire to move away from bug-finding.  

Thus she may see her talents first applied to Apple's efforts to lock firmware hackers like George "GeoHot" Hotz out of Apple's iOS firmware.  Since the launch of the iPhone, Apple has been largely unable to stop such hackers from defeating its digital rights management scheme (via jailbreaking) and its network locking (via unlocking).  Apple has hired hackers in the past (most notably "Comex") to try to shore up its firmware, but the efforts have oft fizzled.

The new recruit, though, could fare better as she brings a long history of eye-opening security exploits.  In 2010 at DefCon hacker conference she set up a cell-phone intercepting station, a low-cost homebrew hardware setup that tricked towers into routing calls -- even encrypted ones -- through it, allowing conversations to be snooped on.

Kristin Paget
Kristin (formerly Chris) Paget led the bug finding hunt that helped dramatically improve the security of Windows Vista. [Image Source: Jean-Philippe Martin]

But Ms. Paget's most prestigious honor was delaying Windows Vista and in the process greatly improving its security.  In 2006 she was hired by Microsoft Corp. (MSFT) to assist with the final development of Vista.  According to recent speeches, which she gave after her five-year non-disclosure agreement (NDA) with Microsoft expired in 2011; Microsoft had expected a clean bill of health when they brought her onboard.

Instead, she and her team found a wealth of bugs.  She recalls, "We prevented a lot of bugs from shipping on Vista.  I’m proud of the number of bugs we found and helped get fixed."

The bug hunt was so successful that it forced Microsoft to delay Windows Vista.  Ms. Paget and her team received honorary shirts from Microsoft Vice President of Windows Development Brian Valentine that read: “I delayed Windows Vista.”

Windows Vista is widely viewed as a turning point in Microsoft's security history, paving ground for later 

Source: Wired



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: OS X is not secure?
By superstition on 12/10/2012 2:14:42 PM , Rating: 2
OS X is a more secure design than DOS-based Windows.

When OS X came out, the consumer version of Windows was still DOS-based.

So, yes, they were right.

Plus, nearly all malware, if not all of it, has been via Java. It is a philosophical debate as to whether or not Java should be considered part of the core of OS X or not.

Marketing OS X as being impervious to malware, though, was not a good move for consumers, because no OS is impervious.


"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." -- Charlie Miller














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki