Apple snags ex-OLPC security chief
[ http://blogs.zdnet.com/security/?p=3358 ]
May 13, 2006
Former director of security architecture at One Laptop per Child (OLPC) Ivan Krstic
has joined Apple to help thwart hacker attacks against the Mac operating system.
Krstic, a well-respected innovator who designed the Bitfrost security specification
for the OLPC initiative, joined Cupertino this week and will work on core OS security.
His hiring comes at a crucial time for a company that ties security to its marketing
campaigns despite public knowledge that it’s rather trivial to launch exploits against
the Mac.
[PJ: That is the very opposite of "public knowledge, by the way. The US military
has said publicly it sometimes uses Macs, for enhanced security.] - ZDNet
Apple snags ex-OLPC security chief
By Anonymous [ http://tinyurl.com/pg9s2w ]
May 14 2009
More detailed stories at AppleInsider,
http://www.appleinsider.com/articles/09/05/13/
see also Krstic's own blog
http://radian.org/notebook/
PJ, I don't quite get your aside on Mac security. The US military may well use Macs
for "enhanced" security, better than Windows, especially for non-computer-savvy
users who are trained, disciplined and follow the rules. Recent events have demonstrated
that social engineering trojans are quite successful against Mac users. While MacOS
10.5 introduced signed code, it is not mandatory. Unsigned code can still be happily
run.
The 10.5.7 update this week fixed 67 CVE notified vulnerabilities, plus one unnotified.
The breakdown of those 67 includes:
Apache 3
Bind 1
enscript 4
Flash Player 3
IPSec 2
Kerberos 4
libxml 1
Net-SNMP 1
Open SSL 1
PHP 8
ruby 6
X11 6
That's 37, over half in third party, open source products. I'm not putting any blame
on open source, in fact the opposite holds, that Apple have dug themselves a hole
by using a mixed system of open and closed source code, where all the open source
patches must be tested against their closed system before releasing to customers.
While the testing happens is a window of opportunity for bad guys.
5:51 PM EDT
Apple snags ex-OLPC security chief
By PJ [ http://tinyurl.com/pskh7f ]
May 14 2009
social engineering points not to the OS but primarily to the user
pretending that Apple products are as vulnerable as MS stuff is part of the FUD
that makes me throw up, because it is nonsense
how do I know? I've used them both
09:18 PM EDT
Copyright 2009 http://www.groklaw.net/