Apple's politburo has put the kibosh on a presentation scheduled for the Black Hat security conference that was to give an inside look at the ultra-secretive company's security response team. Black Hat officials had already given the Apple team the go-ahead when people inside Apple's marketing department vetoed the talk, which …
Strong acknowledgement by Apple that they depend on "security by obscurity"
I'm no expert and I'm not putting this across as fact, google wasn't terribly forthcoming (so please correct rather than flame me) but wasn't there a telnet flaw found in osx recently? In which case surely Macs should not ship with the telnet and/or ftp daemons enabled by default?
They've probably changed it since if that was the case. Still, if the marketing people don't even want the issue of security in OSX discussed, that's to me an acknowledgement that they don't want any awkward questions from experts on other parts of OSX that are a bit "open."
Basically most security experts discuss things in terms of "hardened" systems - which doesn't always sit well with something that you're trying to ship to customers as easy to set up. This is why it amazed me that Ubuntu did so well in that mac/linux/windows security competition they had recently, it's not a hardened distro designed for serious commercial use and has all kinds of stuff installed and enabled that could be vulnerable.
is Apple run by its marketing department?
Mine's the one with the flame-proof lining.
Simple solution. _BAN_ all those hip apple folks (and include ipod-customers, iphone-customers and macintosh loosers in this category. Along with anyone running apple software) from _ANY_ secure network and _ANY_ security conference. If Apple wants only spindoctor-sanctioned security, let them have it. But secure our networks by REMOVING all the apple customers from them until Apple does something with their attitude.
The lyrics "Everyday I love you less and less" spring to mind.
Another day, another reason to hate Apple.
no real surprises there
Apple are bunch of jumped up gimmick merchants. What did you expect?
To be fair, none of the systems were compromised until it got to the "assume a user has just browsed to your website, with flash enabled" stage of the competition, and all of the machines were vulnerable to the flash exploit.
Although this is just another way of saying ubuntu is quite secure; unlike XP (and possibly the mac), ubuntu doesn't ship with a firewall on, which can wallpaper over vulnerabilities (a firewall only protects you up until you need to actually _allow_ anonymous access to a service)
At least they admit it
So Apple's marketing department have admitted that they dare not let anyone know what the problems in Apple security are?
The deductions from that are obvious.
I just looked up Vow of Silence on Wikipedia and found it said:
"Sorry we don't have an article on Vow of Silence. You may like to search for Apple Security Center instead!"
What it does and doesn't have on by default
Firewall - off by default in Leopard (was on in Tiger), click to enable
ssh - off by default, click to enable
telnet - off by default, no straighforward way to switch it on
and it looks like one or two of you need to wipe the spittle off your monitors...
Yes. 'cos a bloke at Black Hat said it was marketing that stepped in so it MUST be true.
A quick Google looking for OS X security issues...
I found reports of just one Mac compromised.
A similar search for Vista reviled "58,000 PCs running Vista were compromised"
Granted, my search was far from scientific but I do seem to be having problems finding real world example of OS X security breaches. Maybe someone more Google literate than me can provide more. Until there are more "in the wild" reports Apple will just go on behaving as it does now.
The obscurity argument is not playing as well as it used to either, with Vista's market share in the US at 18% and Mac OS X 7.94%
Just to be really anal about it, here are the sources...
Pick your preferred type of security statements
Microsoft: "Vista is the most secure Microsoft OS ever."
Linux: About 600 messages per day on the main linux kernel mailing list.
Microsoft: "It really is secure - honest."
Linux: There are other mailing lists dealing with specific parts of the kernel
Microsoft: "Of course it is secure - you can trust us."
Linux: There are also mailing lists for the applications and libraries.
Microsoft: "Look at the figures: the XP kernel has fewer remote exploits than the combined flaws of all types for linux plus a full set of applications multiplied by the number of distributors."
Linux: Each distributor has their own system for alerting users to security flaws. They compete with each other to get their patches out first.
Microsoft: "When blackhats run their own servers, they choose Linux, so it must be full of exploits."
Linux: If you want to check security flaws, go ahead: the source code is available, so you can see how and when things got fixed.
Security in general
Isn't an issue for most people.
Security should be a major issue for big businsesses - I do not understand why they continue to run windows. Oh yes I do - the army of sales people that tell them its the best thing since sliced bread and there are no problems. (Mgrs bury head in sand)
I really hope a major corp gets ruined by a ten year old script kiddie because of a windows vunrability that has existed for years but MS dont acknolwedge.
Corp gets a several bn dollar fine - then hits MS for it.
Oh dear Oh dear...
Here is a bucket of sand, go stick your head in it....
The reason there is so much spam, phising attacks and bot nets out there is due to HOME users and not large stupid & evil coprs.
Most large companies have rock solid firewalls & policies that stop most of this crap from coming in as well as going out.
Oh and the reason people use Windows, it's on the whole user friendly....
Did you know that...
Chris Moyles, shit DJ and self-styled ‘Saviour of Radio 1’ is a Mac user?
Do you feel dirty now?
All bow down to the mighty power of Marketing!
And you thought we were just a bunch of blond girls that produced colourful ppt presentaitons! Muuuhhahhahhahaahaha
Of course Apple is run by marketing, you don't honestly think that techies would focus on sexy looking design and all of those sleek white curves at the expense of performance do you? That big apple logo is right up there on the lid for a reason you know.
If it was left up to the techies you'd have a device with enough GHz and Ram to roast a heard of oxen just by it's mere presence, but it'd be ugly as sin!
In my experience you can't let techies out - they'll go and tell everyone what is technically possible, then we marketing people have to go and explain why we chose not to offer it even though it is technically possible. You know - because it wouldn't fit inside the sleek case, or we're planning on charging for that in a later upgrade etc.
It's not just security...
... a few months back all the apple devs mysteriously vanished overnight from all participation in public GCC development and the related mailing lists. This may or may not have been a marketing dictat, it could be their legal department insisting they don't risk 'contaminating' their clean minds with any GPLv3-related thoughts, but between them the two stories paint an image of Apple retreating into its bunker and cutting off from all contact with the outside world.
See the thread "Darwin long double issue (PR25477): any news or plans?" at
BTW, there's a story on CNET.com today (yeh, ok, well it aint quite as bad as citing wikipedia...) denying that the talk ever had the go-ahead. Time for an update?
BTW2, why is this in the "Hardware" category rather than "Security"? It took me *ages* to (re-)find this story to comment on - I thought maybe Apple had got to you and made you pull it!
Shouldn't this be under security rather than hardware?