Slashdot Mirror
Apple Joins 'Em, With Black Hat Presentation on iOS Security Model
An anonymous reader writes with this excerpt from Network World: "For the first time, Apple will officially be in attendance at the annual Black Hat security conference which is scheduled to run through Thursday of this week. This is a notable development for two reasons. First, Apple has never formally attended the conference. Two, many of the more prominent stories to emerge out of previous Black Hat events have centered on Apple security. Representing Apple at the conference will be Apple platform security manager Dallas De Atley who is scheduled to deliver a speech on Thursday about the security technologies in iOS. Some have speculated that Apple's decision to attend the conference is rooted in their desire to make further inroads in the enterprise market while others believe it's a sign that Apple recognizes the growing importance of having a more open relationship with the hacker community at large."
"Some have speculated that Apple's decision to attend the conference is rooted in their desire to make further inroads in the enterprise market while others believe it's a sign that Apple recognizes the growing importance of having a more open relationship with the hacker community"
Or maybe it's to find out at first hand what the black hats are planning - the quid pro quo is to make some presentations.
"She's furniture with a pulse"
At least they pulled that claim from their website
No you get your house raided by the cops lol :') This is Apple people. It good to see that you apple-employees have some accounts here and some mod-points, but it won't make it go away. This isn't your app-store ;)
Actually, I think it's a damned good thing for any vendor to do.
BH has been a solid source of good old fashioned hacking knowledge (I daresay second only to 2600 back in that publication's heyday).
Most folks here know that the best way to make secure software (or at least improve what you've got) is to talk and interact with the hobbyists who love tearing it apart. But instead of lavishing time and attention on attention-whores like (IMHO) Charlie Miller, it's better to instead take the time and get in the effing trenches, away from the press and the bloggers.
The only negatives I can see is that it might just be lip service. If Apple is serious about this, it had damned well bring more to the table than marketing copy.
TBH, if Microsoft did this I'd applaud the move... not holding my breath on that one happening, though.
Quo usque tandem abutere, Nimbus, patientia nostra?
we all know what happens when you exploit in the wild, without first reporting to Apple's security team a bug, exploit or whatever
FTFY.
Perhaps someone did report it to Apple's security team, but Apple's security team didn't act in a responsible manner. This happened with another company whose devices use another operating system called iOS: when a hacker reported a security problem in the Wii system software to Nintendo, Nintendo demanded to speak to the hacker's employer.
A more open relationship with the hackers? LOL wt heck?
No you get your house raided by the cops lol :')
Okay, who got his house raided by the cops (LOL or not) after he found a bug in any of Apple's products?
Perhaps someone did report it to Apple's security team, but Apple's security team didn't act in a responsible manner. This happened with another company whose devices use another operating system called iOS: when a hacker reported a security problem in the Wii system software to Nintendo, Nintendo demanded to speak to the hacker's employer.
Do you have a link for more information? I couldn't find anything about this with a brief google search.
Anyway, there are several several examples of Apple crediting the discoverer in bug fixes, so I don't know why everybody here is jumping to the opposite conclusion.
Somehow I dont think that kind of speech flies super well @ BlackHat.
Hopefully good things come from this-- I think its absurd when people try to claim that Macs are immune to viruses, and certainly Apple has some blame for that perception; but Im not about to slam them for taking at least a token step towards being serious about security.
We've seen year to year in the Pwn2Own conferences that OSX certainly can be compromised, and I think by now it is clear that the only way to be "secure" is to invite the hacking community to form a relationship where they do the hard work of finding exploits and the vendor rewards their effort with financial rewards. Certainly if you go to the googlechromereleases.blogspot.com Chrome dev blog, you will see a couple of recurring faces in the "exploit disclosure and reward" section; Im sure Chrome's respectable security is due at least in part to this outsourced, commissions based model of checking for exploits. It doesnt really matter how brilliant your engineering team is, your software will have holes, and the more motivated eyes are on your security the better your product will become.
awaiting outside of the conference building just in case someone discovers a hack or hole in their operating system. Or maybe perhaps they feel guilty banning that guy that made them look a little bit like fools.
Nevertheless, it was true. iOS can get trojans -- any OS can. But Windows is (I should say "was"?) the only OS you could get infected just from viewing an email or a web page. Every other OS requires you to do something stupid to get infected.
Free Martian Whores!
Because now Apple is getting virii and they want to start expanding their recruitment to actually replace their "security through obscurity" model by implementing *real* security measures.
Up until less than a year ago, there was no security division that external parties could even contact to tell Apple about vulnerabilities.
The price is always right if someone else is paying.
"Weâ(TM)re Apple. We donâ(TM)t wear suits. We donâ(TM)t even own suits." - Steve
Non impediti ratione cogitationus.
Do you have a link for more information?
It involves Jodi Daugherty from Nintendo's anti-piracy department. (Yes, the same Jodi after whom the "Return of the Jodi" jailbreak is named.) Look at this page and this page and search them for "phone".
Wouldn't it be great if when the apple guys walked on stage, the whole crown stood as one and booed them?
It gripped her hand gently. 'Regret is for humans,' it said.
As apposed to backdoor sponsorship? Makes for a nice trap. Like when Goldfinger got all the mafia guys into one room and gassed 'em.
“He’s not deformed, he’s just drunk!”
No you get your house raided by the cops lol :')
Okay, who got his house raided by the cops (LOL or not) after he found a bug in any of Apple's products?
And santax suddenly went quiet.
Spoken like a true script kiddy.
Fanboy Status: Apache Flex, C#, Eclipse, KDE, Pirate Party, Ron Paul, Slackware, Windows 7