Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple to Present at Black Hat Security Conference for First Time
- Thread starter MacRumors
- Start date
- Sort by reaction score
Maybe we'll finally see some timely security updates and a little transparency? Or perhaps they're finally recognizing that OS X isn't as secure as they thought
Despite it being on iOS (which I presume you read), have you at all seen Mountain Lion? Gatekeeper isn't enough to assuage your ire? Jesus Christ; I can't imagine anything much more secure.
Maybe we'll finally see some timely security updates and a little transparency? Or perhaps they're finally recognizing that OS X isn't as secure as they thought
As the genius that you are, you know that when a vulnerability appears that the first thing is to NOT tell everybody that it exists and cause panic.
We have the media for that and to blow things out of proportion.
Then one needs to analyze what the issue is , discuss measures to fix it and try these out.
Once everything checks out security updates get published.
As for transparency, do you want to be notified personally what they are doing? Or, advertise it, so the virus and malware people get an idea how to circumvent it sooner?
It is not exactly deep thinking to assume that Apple doesn't care about security issues, risking it's business and won't fix them as fast as they can.
Never had one security issue on any of my multiple Macs with any Apple OS since 1984!
Last edited:
True. Although I was thinking more about the vulnerabilities that have already been publicly disclosed such as those revealed in security/hacker conferences/competitions, those documented and already patched on other platforms, or those starting to proliferate. Apple in the past has been slow to acknowledge those vulnerabilities even though information about them is already in the wild. Here timely acknowledgement and information on mitigation steps would be useful until a patch can be released. Obviously those vulnerabilities that Apple finds internally or are directly/privately reported to them by third-parties don't need to be disclosed to the public until a patch is ready or unless it's being actively exploited.
Who decides what slow is? And, who decides that these issues need to be acknowledged?
Quite the opposite should happen. Quietly fix one hole after another , which they are and have been doing.
A hacker spends whatever time to create a virus or malware and Apple or for that matter any manufacturer of any OS is supposed to pull an immediate antidote out of their hats?
Probably 99% of all consumers don't ever hear about this and will just install the updates when they appear on the screen.
And, that only because they want that window to disappear, not because they are worried about hackers.
This. Security through obscurity is regarded as a terrible idea in computer science. Trying to hide exploits only serves to weaken the community, and promotes bad security protocols. If this is honestly Apple's version of security, they deserve to be laughed out of black hat.
Exploits should be promptly and publicly noted, and patches should be made. Honestly, the only people who security through obscurity helps are the big corporations (until they lose big time when their plans are exposed).
If there's an exploit out there that Apple finds, you can be pretty sure that out of the much more populous (and arguably more experienced) hackers out there (of all hats) will find it in relatively quick fashion (if not before).
Actually these days things get fixed faster when they are reported to the mass media. IE, Apple would have never fixed that JAVA issue had it not been turned into a $h!t storm.
Don't agree about never. As I wrote before bad business to not fix ANY security issue asap.
That is for all manufacturers, not just Apple.
In the case of the recent Java exploit, when they take months to patch a vulnerability that has already been patched on other platforms, such that hackers are able to take advantage of it widely, do you really consider that a fast response? When it's already being exploited in the wild, was not acknowledging the problem until the fix is ready the right course of action?
Yes, if the first you hear of a vulnerability is the day it starts spreading in the wild there's a limit to how fast you can respond and put out a fix. However, if you've known about a vulnerability for weeks/months and take so long to patch it that despite the weeks/months of lead-time, it's being actively exploited before you put out a fix, I think that is slow.
I'm sure they'll share it with a client as well, as long as that client is big enough and prepared to sign a Non Disclosure in blood.
Ha... you are correct. Most big contracts who work with the DOD will no disclose unless there is some clearance and documents signed.
I don't think so. Marketing is basically responsible for the 'voice' of the company, any company not just Apple, so anytime you have a person speaking publicly on behalf of the company (such as on a panel discussion) marketing/PR will be involved to make sure the person speaking knows the boundaries of what they can say.
I've worked with a number of interviews with engineers or developers from big gaming or tech companies and 99/100 there is a marketing/PR person off camera making sure the person being interviewed doesn't say anything they shouldn't.
Apple ignores these things until its made a big deal.
Examples:
JAVA
"You're holding it wrong"
Tracking on iPhone
etc. etc. etc.
Marketing is Apple's lifeblood. Most of its success has come from excellently done marketing campaigns, as well as being able to portray their computers' features to their customers (for most people, CPU, RAM, and SSD are all part of a foreign language).
As much as I hate marketing, it's how Apple sells as much product as they do. From their customer service to their "simple" feel, Apple can easily be seen as one of the best examples of good marketing.
What you mean to say is public roadmap.
If you actually believe Apple operates without any sort of roadmap, I have a bridge to sell you.
Apple does have a roadmap. They simply do not publish it to the general public and it is not completely static/rigid.
Roadmaps are bull poop anyway and only serve to give warm and fuzzy feelings to some corporate types.
If you have a publicly published roadmap then you are constrained in your ability to be innovative or you give your competition advanced notice of your future product lines.
Microsoft has a "roadmap" and it constrains them from taking risks for innovation.
If Apple was a defense contractor, they could publish it to their defense clients in a vague enough way as to limit damage if it were ever leaked accidentally by their clients.
exactly why would the DOD choose apple for their needs?
What is it that a customized linux or unix based solution can't give them?
Flexibility? Reliability? High performance? Low cost?
And what about all the software they have already developed for other platforms they have to take the extra effort and cost to port them to OS X?
Not sure if I understood correctly what some of you are suggesting so I may be wrong. But I can't see a standard OS X installation run in places like the DOD, it has nothing to offer.
Well still doesn't solve an exploit issue but it will protect stupid users from doing stupid things.
I disagree with the "anything much more secure" part
What is it that a customized linux or unix based solution can't give them?
Flexibility? Reliability? High performance? Low cost?
And what about all the software they have already developed for other platforms they have to take the extra effort and cost to port them to OS X?
Not sure if I understood correctly what some of you are suggesting so I may be wrong. But I can't see a standard OS X installation run in places like the DOD, it has nothing to offer.
Well still doesn't solve an exploit issue but it will protect stupid users from doing stupid things.
I disagree with the "anything much more secure" part
Last edited:
exactly why would the DOD choose apple for their needs?
What is it that a customized linux or unix based solution can't give them?
Flexibility? Reliability? High performance? Low cost?
And what about all the software they have already developed for other platforms they have to take the extra effort and cost to port them to OS X?
Not sure if I understood correctly what some of you are suggesting so I may be wrong. But I can't see a standard OS X installation run in places like the DOD, it has nothing to offer.
Well still doesn't solve an exploit issue but it will protect stupid users from doing stupid things.
I disagree with the "anything much more secure" part
This. I'd honestly hope that the DOD would take their time in creating a Linux or Unix system from the ground up to prevent all possible security bugs, rather than relying on a corporation to do it for them.
Bull. Apple doesn't publish anything no matter what. We buy millions of dollars in Apple equipment every quarter and we've asked and they have actually given us "bogus" roadmaps. When we were launching JAMF Casper Apple told us not to, instead to use the Golden Triangle and to buy hundreds of thousands of dollars in xserves. Thank god we waited a month because the xserve was axed a month after that BS preso they gave us.
I'm trying to parse what you said has anything to do with what I said. I was talking about how roadmaps constrain the ability of a company to quickly adjust course and innovate to match changing market conditions. I also mentioned that roadmaps only exist to placate corporate types with their list of checkboxes to mark off and really give not actual specific details on the future products other than telling you that there will be new ones but at the same time, they prevent a company from being able to quickly pivot around the competition as they are expected to deliver on all of the products mentioned in the roadmap.
What exactly did you contribute to the conversation?
I was not disputing that they are entrenched on the corporate desktop but they have missed the boat on tablets and phones.
That would not happen because for one thing, the military-industrial complex don't **** around.
The minute the military gives Apple a contract, they demand accountability and transparency. Apple cannot afford to act like a coy little girls playing games. They have to run like clockwork and be 100% with the military upfront.
The second they **** with the military, they get dropped.
The point was that a roadmap is necessary for Corporate and Professional entities to commit to an OS / Tech on any substantial basis.
You gave me the impression that a roadmap is a negative. "Quickly pivoting around the competition" also leads to dropping support for relatively new computers (ie. ML drops support for certain C2D's (my C2D is still just fine on W7 & W8 - even for AAA game titles). Apple is a consumer company, their neglect concerning the mac pro is more than enough evidence.
They drop support for their products at the drop of a hat and in some cases without warning.
Last edited: