Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
66,051
34,888



Bloomberg reports that Apple is taking an interesting step into security research publicity, agreeing to present at this week's Black Hat conference in Las Vegas for the first time in the conference's 15-year history.
While many major technology vendors have overcome their reluctance to making a public showing at the conference, Apple, now the world's most valuable company, has had no problem snubbing a community whose aim is to unearth its vulnerabilities.

That will change Thursday when Dallas De Atley, manager of Apple's platform security team, is scheduled to give a presentation on key security technologies within iOS, the operating system for iPhones and iPads.
black_hat_usa_2012_logo.jpg



The report notes that Apple's security researchers have attended the conference in past years, but the company has kept a low profile with its presence. Apple researchers were reportedly scheduled to give a panel presentation back in 2008, but the session was canceled once Apple's marketing team learned of the plans.
"Bottom line -- no one at Apple speaks without marketing approval," [Black Hat general manager Trey] Ford wrote in an e-mail. "Apple will be at Black Hat 2012, and marketing is on board."
The annual Black Hat conference has been a popular venue for security researchers to release their findings on vulnerabilities in OS X, iOS and other platforms. Apple has sometimes moved very quickly to patch holes disclosed at the conference, such as in 2009 when Apple released iPhone OS 3.0.1 to address an SMS security vulnerability revealed at the conference just one day earlier, although the researchers had previously been in contact with Apple about the issue.

Article Link: Apple to Present at Black Hat Security Conference for First Time
 
Maybe we'll finally see some timely security updates and a little transparency? Or perhaps they're finally recognizing that OS X isn't as secure as they thought :rolleyes:
 
Last edited:
Perhaps they're finally recognizing that OS X isn't as secure as they thought :rolleyes:

They've always pretty much known the security level of OS X. How they chose to spin this in their marketing material as no bearing on their level of knowledge of the actual system.
 
BH = intelligence shills for the military-industrial complex. Watch Apple turn into the world's biggest defense contractor...
 
Maybe we'll finally see some timely security updates and a little transparency? Or perhaps they're finally recognizing that OS X isn't as secure as they thought :rolleyes:

Frankly, they are pretty timely with their updates and do a good job addressing problems quickly. I would rather have them working on fixes than stroking a bunch of whiners who cry about "transparency" all the time. Their focus SHOULD be on the products at all times, not making you feel fuzzy with a series of empty "we apologize for the inconvenience" statements.
 
Maybe we'll finally see some timely security updates and a little transparency? Or perhaps they're finally recognizing that OS X isn't as secure as they thought :rolleyes:

In your enthusiasm to attack Apple, did you miss that the presentation is on iOS, not OS X? Yes, yes you did.
 
Frankly, they are pretty timely with their updates and do a good job addressing problems quickly. I would rather have them working on fixes than stroking a bunch of whiners who cry about "transparency" all the time. Their focus SHOULD be on the products at all times, not making you feel fuzzy with a series of empty "we apologize for the inconvenience" statements.

That's not the problem. They have been known to just stay silent in the past and take their time putting out fixes, or not actually address problems at all, which is unacceptable esp. when it comes to security.

Besides, do you really think having a spokesperson say "a fix will be out in x days" somehow affects the ability of an engineer to address problems quickly? :rolleyes:

----------

In your enthusiasm to attack Apple, did you miss that the presentation is on iOS, not OS X? Yes, yes you did.

Yes, the presentation is about iOS. But in your enthusiasm to flame me, did you miss...

The annual Black Hat conference has been a popular venue for security researchers to release their findings on vulnerabilities in OS X, iOS and other platforms.

And if they're going to be present, others can use the opportunity to alert them to security issues irregardless of platform.
 
The move is definitely marketing/pr. Given the past year of hoopla (whether you agree with it or not) around iOS and OSX and various security issues - it's a chance for Apple to "clear the air" and talk about all the amazing things they are doing which is revolutionary and how no other company is going to such extremes to make sure the OS and data is "safe."
 
Maybe we'll finally see some timely security updates and a little transparency? Or perhaps they're finally recognizing that OS X isn't as secure as they thought :rolleyes:

As they advertised. Apple doesn't employ dummies. They've known they weren't bulletproof.
 
I can sometimes understand Apple being slow to patch vulnerabilities, particularly if it's low risk or isn't being actively exploited, if it's because they want to fully investigate the vulnerability and the impact of the fix before pushing it to customers. However, while they are working to fix things, they shouldn't be denying that there is a vulnerability. They should acknowledge it and provide mitigation steps (like disable x or avoid y, etc.) until the fix is out. That would go a long way toward assuring everyone, consumers and security professionals, that Apple is on top of security.
 
I can sometimes understand Apple being slow to patch vulnerabilities, particularly if it's low risk or isn't being actively exploited, if it's because they want to fully investigate the vulnerability and the impact of the fix before pushing it to customers. However, while they are working to fix things, they shouldn't be denying that there is a vulnerability. They should acknowledge it and provide mitigation steps (like disable x or avoid y, etc.) until the fix is out. That would go a long way toward assuring everyone, consumers and security professionals, that Apple is on top of security.

Hey hackers, Free exploit here, get it while it is hot!
 
I am sure they operate on a pretty good road map, just not a public one or one they are going to share with a client.

Exactly my point. Not giving a client a roadmap makes planning and budgeting difficult. Another issue is Apple's constant changes without notice. Large companies and Defense contractors don't like things like that.
 
OS X/iOS exploits always go public anyways, so what's your point?

OS X/iOS exploits THAT YOU KNOW ABOUT, always go public anyways.

How many exploit fixes are quietly bundled into updates? Even if the exploit is eventually found, it would be borderline criminal for Apple to put it to the public, one day before it is published. Even if it is known by a small number of black hats, publicizing it will increase the number of people trying to exploit it.

Never publicly announce an unknown exploit for any company, unless, it is your goal to destroy them and their users.
 
Maybe we'll finally see some timely security updates and a little transparency? Or perhaps they're finally recognizing that OS X isn't as secure as they thought :rolleyes:


Crap like this is the reason we need a down-vote button.

Anyway, this is good to hear. Marketing or not, it's good to see Apple step up its game in this area
 
I can sometimes understand Apple being slow to patch vulnerabilities, particularly if it's low risk or isn't being actively exploited, if it's because they want to fully investigate the vulnerability and the impact of the fix before pushing it to customers. However, while they are working to fix things, they shouldn't be denying that there is a vulnerability. They should acknowledge it and provide mitigation steps (like disable x or avoid y, etc.) until the fix is out. That would go a long way toward assuring everyone, consumers and security professionals, that Apple is on top of security.

How many percent of all users would read this information? Very low.
How many percent of malicious hackers would read this information? Close to 100%.

Assuring people may give them a warm and fuzzy feeling, but assuring them this way actually makes them a lot less secure.
 
How many percent of all users would read this information? Very low.
How many percent of malicious hackers would read this information? Close to 100%.

Assuring people may give them a warm and fuzzy feeling, but assuring them this way actually makes them a lot less secure.

Security through obscurity? Very bad idea. Hackers don't give a rats ass if you go to black hat or not. Most people don't even patch their systems properly so yeah you do have a point, bit still there are underground networks of hackers that already are very well informed, this only invites script kiddies to try and do the same.
 
Last edited:
BH = intelligence shills for the military-industrial complex. Watch Apple turn into the world's biggest defense contractor...

Apple has made it quite clear that they cater to consumers with a one size fits all philosophy. Good luck getting defense contractors on board - go read posts about the Mac Pro on here to get a vibe on how prosumers are feeling now (neglected).
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.