Slashdot Mirror
Apple Joins 'Em, With Black Hat Presentation on iOS Security Model
An anonymous reader writes with this excerpt from Network World: "For the first time, Apple will officially be in attendance at the annual Black Hat security conference which is scheduled to run through Thursday of this week. This is a notable development for two reasons. First, Apple has never formally attended the conference. Two, many of the more prominent stories to emerge out of previous Black Hat events have centered on Apple security. Representing Apple at the conference will be Apple platform security manager Dallas De Atley who is scheduled to deliver a speech on Thursday about the security technologies in iOS. Some have speculated that Apple's decision to attend the conference is rooted in their desire to make further inroads in the enterprise market while others believe it's a sign that Apple recognizes the growing importance of having a more open relationship with the hacker community at large."
"Some have speculated that Apple's decision to attend the conference is rooted in their desire to make further inroads in the enterprise market while others believe it's a sign that Apple recognizes the growing importance of having a more open relationship with the hacker community"
Or maybe it's to find out at first hand what the black hats are planning - the quid pro quo is to make some presentations.
"She's furniture with a pulse"
Actually, I think it's a damned good thing for any vendor to do.
BH has been a solid source of good old fashioned hacking knowledge (I daresay second only to 2600 back in that publication's heyday).
Most folks here know that the best way to make secure software (or at least improve what you've got) is to talk and interact with the hobbyists who love tearing it apart. But instead of lavishing time and attention on attention-whores like (IMHO) Charlie Miller, it's better to instead take the time and get in the effing trenches, away from the press and the bloggers.
The only negatives I can see is that it might just be lip service. If Apple is serious about this, it had damned well bring more to the table than marketing copy.
TBH, if Microsoft did this I'd applaud the move... not holding my breath on that one happening, though.
Quo usque tandem abutere, Nimbus, patientia nostra?
A more open relationship with the hackers? LOL wt heck?
Somehow I dont think that kind of speech flies super well @ BlackHat.
Hopefully good things come from this-- I think its absurd when people try to claim that Macs are immune to viruses, and certainly Apple has some blame for that perception; but Im not about to slam them for taking at least a token step towards being serious about security.
We've seen year to year in the Pwn2Own conferences that OSX certainly can be compromised, and I think by now it is clear that the only way to be "secure" is to invite the hacking community to form a relationship where they do the hard work of finding exploits and the vendor rewards their effort with financial rewards. Certainly if you go to the googlechromereleases.blogspot.com Chrome dev blog, you will see a couple of recurring faces in the "exploit disclosure and reward" section; Im sure Chrome's respectable security is due at least in part to this outsourced, commissions based model of checking for exploits. It doesnt really matter how brilliant your engineering team is, your software will have holes, and the more motivated eyes are on your security the better your product will become.