Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,194
30,136



Bloomberg reports that Apple is taking an interesting step into security research publicity, agreeing to present at this week's Black Hat conference in Las Vegas for the first time in the conference's 15-year history.
While many major technology vendors have overcome their reluctance to making a public showing at the conference, Apple, now the world's most valuable company, has had no problem snubbing a community whose aim is to unearth its vulnerabilities.

That will change Thursday when Dallas De Atley, manager of Apple's platform security team, is scheduled to give a presentation on key security technologies within iOS, the operating system for iPhones and iPads.
black_hat_usa_2012_logo.jpg



The report notes that Apple's security researchers have attended the conference in past years, but the company has kept a low profile with its presence. Apple researchers were reportedly scheduled to give a panel presentation back in 2008, but the session was canceled once Apple's marketing team learned of the plans.
"Bottom line -- no one at Apple speaks without marketing approval," [Black Hat general manager Trey] Ford wrote in an e-mail. "Apple will be at Black Hat 2012, and marketing is on board."
The annual Black Hat conference has been a popular venue for security researchers to release their findings on vulnerabilities in OS X, iOS and other platforms. Apple has sometimes moved very quickly to patch holes disclosed at the conference, such as in 2009 when Apple released iPhone OS 3.0.1 to address an SMS security vulnerability revealed at the conference just one day earlier, although the researchers had previously been in contact with Apple about the issue.

Article Link: Apple to Present at Black Hat Security Conference for First Time
 

lifeinhd

macrumors 65816
Mar 26, 2008
1,428
58
127.0.0.1
Maybe we'll finally see some timely security updates and a little transparency? Or perhaps they're finally recognizing that OS X isn't as secure as they thought :rolleyes:
 
Last edited:

KnightWRX

macrumors Pentium
Jan 28, 2009
15,046
4
Quebec, Canada
Perhaps they're finally recognizing that OS X isn't as secure as they thought :rolleyes:

They've always pretty much known the security level of OS X. How they chose to spin this in their marketing material as no bearing on their level of knowledge of the actual system.
 

DisMyMac

macrumors 65816
Sep 30, 2009
1,087
11
BH = intelligence shills for the military-industrial complex. Watch Apple turn into the world's biggest defense contractor...
 

Kaibelf

Suspended
Apr 29, 2009
2,445
7,444
Silicon Valley, CA
Maybe we'll finally see some timely security updates and a little transparency? Or perhaps they're finally recognizing that OS X isn't as secure as they thought :rolleyes:

Frankly, they are pretty timely with their updates and do a good job addressing problems quickly. I would rather have them working on fixes than stroking a bunch of whiners who cry about "transparency" all the time. Their focus SHOULD be on the products at all times, not making you feel fuzzy with a series of empty "we apologize for the inconvenience" statements.
 

dru`

macrumors regular
Jul 25, 2004
108
0
USA
Maybe we'll finally see some timely security updates and a little transparency? Or perhaps they're finally recognizing that OS X isn't as secure as they thought :rolleyes:

In your enthusiasm to attack Apple, did you miss that the presentation is on iOS, not OS X? Yes, yes you did.
 

lifeinhd

macrumors 65816
Mar 26, 2008
1,428
58
127.0.0.1
Frankly, they are pretty timely with their updates and do a good job addressing problems quickly. I would rather have them working on fixes than stroking a bunch of whiners who cry about "transparency" all the time. Their focus SHOULD be on the products at all times, not making you feel fuzzy with a series of empty "we apologize for the inconvenience" statements.

That's not the problem. They have been known to just stay silent in the past and take their time putting out fixes, or not actually address problems at all, which is unacceptable esp. when it comes to security.

Besides, do you really think having a spokesperson say "a fix will be out in x days" somehow affects the ability of an engineer to address problems quickly? :rolleyes:

----------

In your enthusiasm to attack Apple, did you miss that the presentation is on iOS, not OS X? Yes, yes you did.

Yes, the presentation is about iOS. But in your enthusiasm to flame me, did you miss...

The annual Black Hat conference has been a popular venue for security researchers to release their findings on vulnerabilities in OS X, iOS and other platforms.

And if they're going to be present, others can use the opportunity to alert them to security issues irregardless of platform.
 

samcraig

macrumors P6
Jun 22, 2009
16,779
41,982
USA
The move is definitely marketing/pr. Given the past year of hoopla (whether you agree with it or not) around iOS and OSX and various security issues - it's a chance for Apple to "clear the air" and talk about all the amazing things they are doing which is revolutionary and how no other company is going to such extremes to make sure the OS and data is "safe."
 

chrmjenkins

macrumors 603
Oct 29, 2007
5,325
158
MD
Maybe we'll finally see some timely security updates and a little transparency? Or perhaps they're finally recognizing that OS X isn't as secure as they thought :rolleyes:

As they advertised. Apple doesn't employ dummies. They've known they weren't bulletproof.
 

commander.data

macrumors 65816
Nov 10, 2006
1,056
183
I can sometimes understand Apple being slow to patch vulnerabilities, particularly if it's low risk or isn't being actively exploited, if it's because they want to fully investigate the vulnerability and the impact of the fix before pushing it to customers. However, while they are working to fix things, they shouldn't be denying that there is a vulnerability. They should acknowledge it and provide mitigation steps (like disable x or avoid y, etc.) until the fix is out. That would go a long way toward assuring everyone, consumers and security professionals, that Apple is on top of security.
 

RalfTheDog

macrumors 68020
Feb 23, 2010
2,115
1,869
Lagrange Point
I can sometimes understand Apple being slow to patch vulnerabilities, particularly if it's low risk or isn't being actively exploited, if it's because they want to fully investigate the vulnerability and the impact of the fix before pushing it to customers. However, while they are working to fix things, they shouldn't be denying that there is a vulnerability. They should acknowledge it and provide mitigation steps (like disable x or avoid y, etc.) until the fix is out. That would go a long way toward assuring everyone, consumers and security professionals, that Apple is on top of security.

Hey hackers, Free exploit here, get it while it is hot!
 

Mattie Num Nums

macrumors 68030
Mar 5, 2009
2,834
0
USA
I am sure they operate on a pretty good road map, just not a public one or one they are going to share with a client.

Exactly my point. Not giving a client a roadmap makes planning and budgeting difficult. Another issue is Apple's constant changes without notice. Large companies and Defense contractors don't like things like that.
 

RalfTheDog

macrumors 68020
Feb 23, 2010
2,115
1,869
Lagrange Point
OS X/iOS exploits always go public anyways, so what's your point?

OS X/iOS exploits THAT YOU KNOW ABOUT, always go public anyways.

How many exploit fixes are quietly bundled into updates? Even if the exploit is eventually found, it would be borderline criminal for Apple to put it to the public, one day before it is published. Even if it is known by a small number of black hats, publicizing it will increase the number of people trying to exploit it.

Never publicly announce an unknown exploit for any company, unless, it is your goal to destroy them and their users.
 

Stridder44

macrumors 68040
Mar 24, 2003
3,973
198
California
Maybe we'll finally see some timely security updates and a little transparency? Or perhaps they're finally recognizing that OS X isn't as secure as they thought :rolleyes:


Crap like this is the reason we need a down-vote button.

Anyway, this is good to hear. Marketing or not, it's good to see Apple step up its game in this area
 

gnasher729

Suspended
Nov 25, 2005
17,980
5,565
I can sometimes understand Apple being slow to patch vulnerabilities, particularly if it's low risk or isn't being actively exploited, if it's because they want to fully investigate the vulnerability and the impact of the fix before pushing it to customers. However, while they are working to fix things, they shouldn't be denying that there is a vulnerability. They should acknowledge it and provide mitigation steps (like disable x or avoid y, etc.) until the fix is out. That would go a long way toward assuring everyone, consumers and security professionals, that Apple is on top of security.

How many percent of all users would read this information? Very low.
How many percent of malicious hackers would read this information? Close to 100%.

Assuring people may give them a warm and fuzzy feeling, but assuring them this way actually makes them a lot less secure.
 

blackburn

macrumors 6502a
Feb 16, 2010
974
0
Where Judas lost it's boots.
How many percent of all users would read this information? Very low.
How many percent of malicious hackers would read this information? Close to 100%.

Assuring people may give them a warm and fuzzy feeling, but assuring them this way actually makes them a lot less secure.

Security through obscurity? Very bad idea. Hackers don't give a rats ass if you go to black hat or not. Most people don't even patch their systems properly so yeah you do have a point, bit still there are underground networks of hackers that already are very well informed, this only invites script kiddies to try and do the same.
 
Last edited:

gotluck

macrumors 603
Dec 8, 2011
5,712
1,204
East Central Florida
BH = intelligence shills for the military-industrial complex. Watch Apple turn into the world's biggest defense contractor...

Apple has made it quite clear that they cater to consumers with a one size fits all philosophy. Good luck getting defense contractors on board - go read posts about the Mac Pro on here to get a vibe on how prosumers are feeling now (neglected).
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.