Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Businesses Cloud Databases Desktops (Apple) Encryption Government IOS Iphone Network OS X Privacy Software United States Apple News Your Rights Online Build Hardware Politics Technology

Apple Hires Corporate Security Chief Amid Legal Battle With FBI (fortune.com) 61

An anonymous reader writes: Apple has hired a new security executive to oversee its corporate digital defenses as a result of the ongoing battle with the U.S. government over law enforcement's desire to crack into the San Bernardino shooter's iPhone 5c. George Stathakopoulos, former vice president of information security at Amazon.com and before that Microsoft's general manager of product security, is the new appointee designated to be the vice president of corporate information security. Stathakopoulos will be responsible for protecting corporate assets, such as the computers used to design products and develop software, as well as data about customers. The new hire is a sign of increased focus on security issues at Apple.
This discussion has been archived. No new comments can be posted.

Apple Hires Corporate Security Chief Amid Legal Battle With FBI

Comments Filter:
  • Comment removed (Score:4, Insightful)

    by account_deleted ( 4530225 ) on Saturday March 19, 2016 @06:45PM (#51734267)
    Comment removed based on user account deletion
    • by Anonymous Coward

      This. Obama is a DINO so everything he does is the fault of Republicans.

    • by AHuxley ( 892839 )
      PRISM worked well and never had any internal problems.
      The end result will be a court ready master key, conscripted from any US brand or a rediscovery of strong crypto.
    • Re:Good move (Score:5, Insightful)

      by frovingslosh ( 582462 ) on Saturday March 19, 2016 @10:34PM (#51735059)

      before that Microsoft's general manager of product security

      I wonder if he was in charge of Microsoft product security when they turned over the source code for most of the computers used in the U.S. to the Chinese government.

      • Even going back to the 90s, the major customers had the source, including India.

        Writing drivers was a PITA, major device vendors had the source.

        It isn't secret, only proprietary and not available for general distribution.

  • by ameline ( 771895 ) <ian.ameline@gma i l .com> on Saturday March 19, 2016 @06:50PM (#51734293) Homepage Journal

    If I were them I'd be pretty careful about who I hired and what I had them do. I'm pretty sure their security/crypto engineers are long-time employees who have demonstrated their trustworthiness over the years.

    I certainly wouldn't put it past the NSA/FBI/CSIS/GCHQ/FSB etc to try to get people on the inside.

     

    • by Noah Haders ( 3621429 ) on Saturday March 19, 2016 @06:52PM (#51734303)

      this is why it's so dangerous to create a "one-time unlock key", even if it stays in apple's possession rather than going to the FBI. Once exists, it will become the hottest industrial espionage target. NOMORESECRETS

      • So Apple just has to "un-exist" it when they are done. Develop and use it in a clean room, then destroy the contents of the room once they hand over the pin to the FBI, if it turns out that the FBI has a constitutional right to demand Apples assistance. You are worrying about the wrong things, this has never been a technical issue, it is a matter of law which has yet to be settled through due process.
        • by Shawn Willden ( 2914343 ) on Saturday March 19, 2016 @09:08PM (#51734759)

          So Apple just has to "un-exist" it when they are done. Develop and use it in a clean room, then destroy the contents of the room once they hand over the pin to the FBI, if it turns out that the FBI has a constitutional right to demand Apples assistance.

          Oh, and then re-create it for each of the next 200 phones the FBI wants into... making sure that no copies every leak, each time.

          This case isn't about Farook's phone. Everyone knows there's nothing of use on it anyway... anything of value would have been on one of his burner phones, which the FBI knows he had and knows he destroyed, not on the phone that he knew was being backed up to iCloud under an employer-owned account. This is all about the precedent. The FBI picked this phone because "terrorist!", but even they don't care about this one. It's all about the rest.

          • Oh, and then re-create it for each of the next 200 phones the FBI wants into... making sure that no copies every leak, each time.

            One possibility would be to unlock the phone, send an appropriate bill (some major six digit number), and see if they really want the next phone unlocked at that cost.

            • Oh, and then re-create it for each of the next 200 phones the FBI wants into... making sure that no copies every leak, each time.

              One possibility would be to unlock the phone, send an appropriate bill (some major six digit number), and see if they really want the next phone unlocked at that cost.

              The FBI would just argue in court that Apple can't substantiate that cost, and get the court to find that they don't have to pay, or only have to pay a reduced amount. Especially for the nth device.

              Slippery slope arguments are generally fallacious, but not always, and this case really is a slippery slope.

              • The FBI would just argue in court that Apple can't substantiate that cost, and get the court to find that they don't have to pay, or only have to pay a reduced amount. Especially for the nth device.

                Apple would then argue in court that since the FBI refuses to pay Apple's cost, this constitutes an unacceptable burden.

              • by Agripa ( 139780 )

                Why wouldn't Apple be able to substantiate the cost? They would know how much time and effort went into creating the program earlier.

                Or are you suggesting that the court would penalize them for destroying something they had no reason to preserve?

        • The matter of law IS settled. The FBI is trying to go around the law. There are limits to what the government can do, the FBI just reached it. Either they back off or they are going to continue to get egg on their face. Crypto is here and its not going anywhere. They picked a fight they cant win.
          • by Anonymous Coward

            > Crypto is here and its not going anywhere. They picked a fight they cant win.

            You said it!

            If you use crypto but give someone else a key, you have no control over your data. You have zero security.

            The idea that we can "balance" the need for individual security with national security by weakening encryption is a dog that won't hunt.

    • Re: (Score:3, Funny)

      by Anonymous Coward

      But he once worked for Microsoft, the industry example of security.

    • All they have to do is compromise an existing staff member, same goes for any other foreign state or non-state group. Therefore what Apple needs to do is be very careful that they don't have any key employees with habits or secrets that could be used to black mail them. In fact that risk has always existed and your comment is pretty much redundant.
      • you think 'staff members' have full *important* code access?

        ha!

        the more important the code is, the higher up you have to have authorization to even KNOW about. at least any real company does that. you can't even see some dirs unless you are authorized.

      • by swb ( 14022 )

        You would think that really important stuff like the signing keys would be stored in a special room more akin to a bank vault than anything else. Probably with 365/24 armed security and probably something that requires two people to go in at the same time so that no one person is alone with the equipment and a completely audit trail of the computer inside.

    • The main thing the FBI needs is the signing certificate. Undoubtedly this is something that Apple keeps tight control over, but at the end of the day it is just a file on disk somewhere.

      • by ameline ( 771895 )

        The signing keys are almost certainly on secure signing modules. These will not allow the key to leave the module -- they will only sign blobs with it. They can be configured to require n of m access tokens -- passwords, biometrics, & physical tokens. So to sign a new SIF, it would require 3 or 4 employees all entering their passwords, fingerprints and secure tokens (usually USB dongles of some sort) This module itself will be in a very secure room -- behind several locked doors. It will not be connecte

  • Why don't (Score:4, Insightful)

    by rossdee ( 243626 ) on Saturday March 19, 2016 @09:25PM (#51734821)

    why don't they just buy the entire FBI
    I am sure President Donald will give them a good deal...

  • Apple needs to renew the insertion of Map Trap equivalents in their sources.

    https://www.gislounge.com/map-... [gislounge.com]

    Done correctly they are an easy way to watermark your code and
    sets of them can be searched for from time to time.

    your_ardvark(Ants_in_Pants_timer_knob) /*about 15 seconds this is 15 year old code */

    Let's see how long it takes for google to find the one above.

  • Encryption: it's like a gun for your info. 128-bit, 256-bit. It's as big of gun as you want it to be!

  • The guy's last name alone is an unbreakable password.

Do molecular biologists wear designer genes?

Working...