Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Apple Joins 'Em, With Black Hat Presentation on iOS Security Model

timothy posted more than 2 years ago | from the without-the-groucho-glasses-at-least dept.

Security 34

An anonymous reader writes with this excerpt from Network World: "For the first time, Apple will officially be in attendance at the annual Black Hat security conference which is scheduled to run through Thursday of this week. This is a notable development for two reasons. First, Apple has never formally attended the conference. Two, many of the more prominent stories to emerge out of previous Black Hat events have centered on Apple security. Representing Apple at the conference will be Apple platform security manager Dallas De Atley who is scheduled to deliver a speech on Thursday about the security technologies in iOS. Some have speculated that Apple's decision to attend the conference is rooted in their desire to make further inroads in the enterprise market while others believe it's a sign that Apple recognizes the growing importance of having a more open relationship with the hacker community at large."

Sorry! There are no comments related to the filter you selected.

LOL (-1)

Anonymous Coward | more than 2 years ago | (#40751339)

Don't hook your iFag device to the network. You'll be pwned so fast it's not even funny.

Re:LOL (1)

drkstr1 (2072368) | more than 2 years ago | (#40761355)

Spoken like a true script kiddy.

Neither (0, Funny)

Anonymous Coward | more than 2 years ago | (#40751349)

It's so that they get a bully pulpit to reproclaim how much nicer iOS is because, "It doesn't get Windows viruses."

It was said at Black Hat, therefore it is true!

Re:Neither (1)

SJHillman (1966756) | more than 2 years ago | (#40751675)

At least they pulled that claim from their website

Re:Neither (1)

mcgrew (92797) | more than 2 years ago | (#40752701)

Nevertheless, it was true. iOS can get trojans -- any OS can. But Windows is (I should say "was"?) the only OS you could get infected just from viewing an email or a web page. Every other OS requires you to do something stupid to get infected.

Re:Neither (0)

Anonymous Coward | more than 2 years ago | (#40753627)

I don't know about that... I jailbroke my first iPod touch by going to a website and clicking a link that said "Jailbreak Me". It used a buffer overflow in libpng to jailbreak and reboot my phone without any further interaction on my part. Hands down the easiest "rooting" i've ever done. I guess Apple really does make things easy...

Re:Neither (0)

Anonymous Coward | more than 2 years ago | (#40756453)

Nevertheless, it was true. iOS can get trojans -- any OS can. But Windows is (I should say "was"?) the only OS you could get infected just from viewing an email or a web page. Every other OS requires you to do something stupid to get infected.

Just say Windows popularized it, because nothing is that absolute. It very well may have been possible on other platforms but unnoticed or patched before anyone cared to exploit it. A short stroll down the CERT vulnerability list will find many once-open attack vectors and you can ponder from there what could have been.

Also, "something stupid" is entirely subjective. Opening email from strangers was once "stupid" but the right answer is fixing the software, not blaming the user. Executable/installer signing might be the right answer to "don't run software from untrusted sources".

Re:Neither (3, Insightful)

Penguinisto (415985) | more than 2 years ago | (#40752099)

Actually, I think it's a damned good thing for any vendor to do.

BH has been a solid source of good old fashioned hacking knowledge (I daresay second only to 2600 back in that publication's heyday).

Most folks here know that the best way to make secure software (or at least improve what you've got) is to talk and interact with the hobbyists who love tearing it apart. But instead of lavishing time and attention on attention-whores like (IMHO) Charlie Miller, it's better to instead take the time and get in the effing trenches, away from the press and the bloggers.

The only negatives I can see is that it might just be lip service. If Apple is serious about this, it had damned well bring more to the table than marketing copy.

TBH, if Microsoft did this I'd applaud the move... not holding my breath on that one happening, though.

Re:Neither (2)

LordLimecat (1103839) | more than 2 years ago | (#40752659)

Somehow I dont think that kind of speech flies super well @ BlackHat.

Hopefully good things come from this-- I think its absurd when people try to claim that Macs are immune to viruses, and certainly Apple has some blame for that perception; but Im not about to slam them for taking at least a token step towards being serious about security.

We've seen year to year in the Pwn2Own conferences that OSX certainly can be compromised, and I think by now it is clear that the only way to be "secure" is to invite the hacking community to form a relationship where they do the hard work of finding exploits and the vendor rewards their effort with financial rewards. Certainly if you go to the googlechromereleases.blogspot.com Chrome dev blog, you will see a couple of recurring faces in the "exploit disclosure and reward" section; Im sure Chrome's respectable security is due at least in part to this outsourced, commissions based model of checking for exploits. It doesnt really matter how brilliant your engineering team is, your software will have holes, and the more motivated eyes are on your security the better your product will become.

Re:Neither (0)

Anonymous Coward | more than 2 years ago | (#40755071)

It was an accurate claim and not about iOS. You're just an empty headed troll.

Know your enemy? (3, Insightful)

BeerCat (685972) | more than 2 years ago | (#40751389)

"Some have speculated that Apple's decision to attend the conference is rooted in their desire to make further inroads in the enterprise market while others believe it's a sign that Apple recognizes the growing importance of having a more open relationship with the hacker community"

Or maybe it's to find out at first hand what the black hats are planning - the quid pro quo is to make some presentations.

Re:Know your enemy? (3, Interesting)

wiedzmin (1269816) | more than 2 years ago | (#40751497)

I don't know if BlackHat conference is the right place to find out what the black hats are planning, they should go to at least DefCon for that. I think it's the former - they're just trying to pretend that they do security by flashing their name in front of predominantly business audience that comprises BlackHat today. It's good for selling iPhones to executives.

Re:Know your enemy? (2)

BeerCat (685972) | more than 2 years ago | (#40751867)

I think you could be right - it's 'tick boxing', which is beloved of corporate IT departments.

Corporate IT: "Do you do ..."
Vendor: "Yes, we do"

C IT:"What about security?"
V: "Obvious - we attended BlackHat"
C IT: "OK, I'll take that as a given"

PHBs will stop there. Non corporate IT will want to know "But what about DefCon. And, what did you _actually_ do at BlackHat"

Re:Know your enemy? (0)

Anonymous Coward | more than 2 years ago | (#40754053)

Apple's had people at the conference in the past, they just haven't presented.

Re:Know your enemy? (1)

tlhIngan (30335) | more than 2 years ago | (#40754253)

Apple's attended BH over the years. This is probably the FIRST time they're actually presenting though.

They've been to BH usually as "plainclothes employees" who don't idenify themselves as Apple employees (they only get recognized if you know them).

Nothing really new, and it's really just to present some iOS security architecture that they released a document on a few months ago.

Re:Know your enemy? (0)

Anonymous Coward | more than 2 years ago | (#40755629)

Or maybe it's to find out at first hand what the black hats are planning - the quid pro quo is to make some presentations.

that or they're gonna find out how people are exploiting ios/osx, patent the methods, then sue the crap out of the black hats

Lol, no... (0, Troll)

santax (1541065) | more than 2 years ago | (#40751461)

"while others believe it's a sign that Apple recognizes the growing importance of having a more open relationship with the hacker community at large." Lol, no... Apple is run by the people who are described perfectly and in great detail in the book 'snakes in suits'. Psychopaths that is... They do not want to have an open relationship. They need something from you. Probably an add will come on later: 'we work closely with the hacker community to make our stuff more secure" but we all know what happens when you find a bug, exploit or whatever on their devices and store. You get banned and sued right into oblivion.

Re:Lol, no... (-1, Flamebait)

carou (88501) | more than 2 years ago | (#40751981)

we all know what happens when you exploit in the wild, without first reporting to Apple's security team a bug, exploit or whatever on their devices and store. You get banned and sued right into oblivion.

FTFY.

We all know what happens when you find and report a bug, exploit or whatever on their devices and store. You get credited with discovering the vulnerability when they fix it.

Re:Lol, no... (1, Funny)

santax (1541065) | more than 2 years ago | (#40752087)

No you get your house raided by the cops lol :') This is Apple people. It good to see that you apple-employees have some accounts here and some mod-points, but it won't make it go away. This isn't your app-store ;)

Re:Lol, no... (2)

Grudge2012 (2662391) | more than 2 years ago | (#40752435)

No you get your house raided by the cops lol :')

Okay, who got his house raided by the cops (LOL or not) after he found a bug in any of Apple's products?

Re:Lol, no... (1)

carou (88501) | more than 2 years ago | (#40758705)

No you get your house raided by the cops lol :')

Okay, who got his house raided by the cops (LOL or not) after he found a bug in any of Apple's products?

And santax suddenly went quiet.

Re:Lol, no... (1)

tepples (727027) | more than 2 years ago | (#40752373)

we all know what happens when you exploit in the wild, without first reporting to Apple's security team a bug, exploit or whatever

FTFY.

Perhaps someone did report it to Apple's security team, but Apple's security team didn't act in a responsible manner. This happened with another company whose devices use another operating system called iOS: when a hacker reported a security problem in the Wii system software to Nintendo, Nintendo demanded to speak to the hacker's employer.

Re:Lol, no... (1)

carou (88501) | more than 2 years ago | (#40752591)

Perhaps someone did report it to Apple's security team, but Apple's security team didn't act in a responsible manner. This happened with another company whose devices use another operating system called iOS: when a hacker reported a security problem in the Wii system software to Nintendo, Nintendo demanded to speak to the hacker's employer.

Do you have a link for more information? I couldn't find anything about this with a brief google search.

Anyway, there are several several [apple.com] examples [apple.com] of Apple crediting the discoverer in bug fixes, so I don't know why everybody here is jumping to the opposite conclusion.

Jodi (1)

tepples (727027) | more than 2 years ago | (#40755835)

Do you have a link for more information?

It involves Jodi Daugherty from Nintendo's anti-piracy department. (Yes, the same Jodi after whom the "Return of the Jodi" jailbreak is named.) Look at this page [hackmii.com] and this page [hackmii.com] and search them for "phone".

LolZ (2)

SNAPPLEX (2691525) | more than 2 years ago | (#40752411)

A more open relationship with the hackers? LOL wt heck?

Maybe they have undercover cops (1)

Cutting_Crew (708624) | more than 2 years ago | (#40752671)

awaiting outside of the conference building just in case someone discovers a hack or hole in their operating system. Or maybe perhaps they feel guilty banning that guy that made them look a little bit like fools.

Possibly a simple reason... (1)

HerculesMO (693085) | more than 2 years ago | (#40753105)

Because now Apple is getting virii and they want to start expanding their recruitment to actually replace their "security through obscurity" model by implementing *real* security measures.

Up until less than a year ago, there was no security division that external parties could even contact to tell Apple about vulnerabilities.

Re:Possibly a simple reason... (1)

Greguar (1225686) | more than 2 years ago | (#40755649)

Because now Apple is getting virii and they want to start expanding their recruitment to actually replace their "security through obscurity" model by implementing *real* security measures.

It's probably more about image damage-control after having a reasonable-sized botnet stroll in through the wide open door of complacency on one of their platforms.

Up until less than a year ago, there was no security division that external parties could even contact to tell Apple about vulnerabilities.

Apple's Product Security page [apple.com] , complete with contact information for reporting security issues, has publicly existed in its current location since at least November 2001 [archive.org] .

Fantasy (1)

Flere Imsaho (786612) | more than 2 years ago | (#40758091)

Wouldn't it be great if when the apple guys walked on stage, the whole crown stood as one and booed them?

Official and formal presence.. (1)

fustakrakich (1673220) | more than 2 years ago | (#40758203)

As apposed to backdoor sponsorship? Makes for a nice trap. Like when Goldfinger got all the mafia guys into one room and gassed 'em.

Re:Official and formal presence.. (1)

4phun (822581) | more than 2 years ago | (#40759931)

As apposed to backdoor sponsorship? Makes for a nice trap. Like when Goldfinger got all the mafia guys into one room and gassed 'em.

In related news after Apple's earnings report, Apple in a conference call to investors this evening invited all of Slashdot's top posters to attend an all expenses Apple paid conference at the mogul retreat in Sun Valley, Idaho next Saturday.

Apple? (0)

Anonymous Coward | more than 2 years ago | (#40758777)

Was Apple attending or giving the presentation? Because everytime someone puts "Apple" and "security" in the same sentence, the world starts laughing.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?