Apple Joins 'Em, With Black Hat Presentation on iOS Security Model 34
An anonymous reader writes with this excerpt from Network World: "For the first time, Apple will officially be in attendance at the annual Black Hat security conference which is scheduled to run through Thursday of this week. This is a notable development for two reasons. First, Apple has never formally attended the conference. Two, many of the more prominent stories to emerge out of previous Black Hat events have centered on Apple security. Representing Apple at the conference will be Apple platform security manager Dallas De Atley who is scheduled to deliver a speech on Thursday about the security technologies in iOS. Some have speculated that Apple's decision to attend the conference is rooted in their desire to make further inroads in the enterprise market while others believe it's a sign that Apple recognizes the growing importance of having a more open relationship with the hacker community at large."
Re: (Score:2)
Re: (Score:2)
At least they pulled that claim from their website
Re: (Score:2)
Nevertheless, it was true. iOS can get trojans -- any OS can. But Windows is (I should say "was"?) the only OS you could get infected just from viewing an email or a web page. Every other OS requires you to do something stupid to get infected.
Re:Neither (Score:4, Insightful)
Actually, I think it's a damned good thing for any vendor to do.
BH has been a solid source of good old fashioned hacking knowledge (I daresay second only to 2600 back in that publication's heyday).
Most folks here know that the best way to make secure software (or at least improve what you've got) is to talk and interact with the hobbyists who love tearing it apart. But instead of lavishing time and attention on attention-whores like (IMHO) Charlie Miller, it's better to instead take the time and get in the effing trenches, away from the press and the bloggers.
The only negatives I can see is that it might just be lip service. If Apple is serious about this, it had damned well bring more to the table than marketing copy.
TBH, if Microsoft did this I'd applaud the move... not holding my breath on that one happening, though.
Re: (Score:3)
Somehow I dont think that kind of speech flies super well @ BlackHat.
Hopefully good things come from this-- I think its absurd when people try to claim that Macs are immune to viruses, and certainly Apple has some blame for that perception; but Im not about to slam them for taking at least a token step towards being serious about security.
We've seen year to year in the Pwn2Own conferences that OSX certainly can be compromised, and I think by now it is clear that the only way to be "secure" is to invite the
Know your enemy? (Score:4, Insightful)
"Some have speculated that Apple's decision to attend the conference is rooted in their desire to make further inroads in the enterprise market while others believe it's a sign that Apple recognizes the growing importance of having a more open relationship with the hacker community"
Or maybe it's to find out at first hand what the black hats are planning - the quid pro quo is to make some presentations.
Re:Know your enemy? (Score:4, Interesting)
I don't know if BlackHat conference is the right place to find out what the black hats are planning, they should go to at least DefCon for that. I think it's the former - they're just trying to pretend that they do security by flashing their name in front of predominantly business audience that comprises BlackHat today. It's good for selling iPhones to executives.
Re: (Score:3)
I think you could be right - it's 'tick boxing', which is beloved of corporate IT departments.
Corporate IT: "Do you do ..."
Vendor: "Yes, we do"
C IT:"What about security?"
V: "Obvious - we attended BlackHat"
C IT: "OK, I'll take that as a given"
PHBs will stop there. Non corporate IT will want to know "But what about DefCon. And, what did you _actually_ do at BlackHat"
Re: (Score:2)
Apple's attended BH over the years. This is probably the FIRST time they're actually presenting though.
They've been to BH usually as "plainclothes employees" who don't idenify themselves as Apple employees (they only get recognized if you know them).
Nothing really new, and it's really just to present some iOS security architecture that they released a document on a few months ago.
Re: (Score:2, Funny)
Re: (Score:1)
No you get your house raided by the cops lol :')
Okay, who got his house raided by the cops (LOL or not) after he found a bug in any of Apple's products?
Re: (Score:2)
No you get your house raided by the cops lol :')
Okay, who got his house raided by the cops (LOL or not) after he found a bug in any of Apple's products?
And santax suddenly went quiet.
Re: (Score:2)
we all know what happens when you exploit in the wild, without first reporting to Apple's security team a bug, exploit or whatever
FTFY.
Perhaps someone did report it to Apple's security team, but Apple's security team didn't act in a responsible manner. This happened with another company whose devices use another operating system called iOS: when a hacker reported a security problem in the Wii system software to Nintendo, Nintendo demanded to speak to the hacker's employer.
Re: (Score:2)
Perhaps someone did report it to Apple's security team, but Apple's security team didn't act in a responsible manner. This happened with another company whose devices use another operating system called iOS: when a hacker reported a security problem in the Wii system software to Nintendo, Nintendo demanded to speak to the hacker's employer.
Do you have a link for more information? I couldn't find anything about this with a brief google search.
Anyway, there are several several [apple.com] examples [apple.com] of Apple crediting the discoverer in bug fixes, so I don't know why everybody here is jumping to the opposite conclusion.
Jodi (Score:2)
Do you have a link for more information?
It involves Jodi Daugherty from Nintendo's anti-piracy department. (Yes, the same Jodi after whom the "Return of the Jodi" jailbreak is named.) Look at this page [hackmii.com] and this page [hackmii.com] and search them for "phone".
Re: (Score:2)
"Weâ(TM)re Apple. We donâ(TM)t wear suits. We donâ(TM)t even own suits." - Steve [businessinsider.com]
LolZ (Score:2)
Maybe they have undercover cops (Score:2)
Possibly a simple reason... (Score:1)
Because now Apple is getting virii and they want to start expanding their recruitment to actually replace their "security through obscurity" model by implementing *real* security measures.
Up until less than a year ago, there was no security division that external parties could even contact to tell Apple about vulnerabilities.
Re: (Score:1)
Because now Apple is getting virii and they want to start expanding their recruitment to actually replace their "security through obscurity" model by implementing *real* security measures.
It's probably more about image damage-control after having a reasonable-sized botnet stroll in through the wide open door of complacency on one of their platforms.
Up until less than a year ago, there was no security division that external parties could even contact to tell Apple about vulnerabilities.
Apple's Product Security page [apple.com], complete with contact information for reporting security issues, has publicly existed in its current location since at least November 2001 [archive.org].
Fantasy (Score:1)
Wouldn't it be great if when the apple guys walked on stage, the whole crown stood as one and booed them?
Official and formal presence.. (Score:1)
As apposed to backdoor sponsorship? Makes for a nice trap. Like when Goldfinger got all the mafia guys into one room and gassed 'em.
Re: (Score:2)
As apposed to backdoor sponsorship? Makes for a nice trap. Like when Goldfinger got all the mafia guys into one room and gassed 'em.
In related news after Apple's earnings report, Apple in a conference call to investors this evening invited all of Slashdot's top posters to attend an all expenses Apple paid conference at the mogul retreat in Sun Valley, Idaho next Saturday.