• On ZDNet: The Windows 7 upgrade survival guide
August 4, 2008 8:07 AM PDT

Apple's security through obscurity policy at Black Hat

by Matt Asay
  • Font size
  • Print
  • 3 comments

Apple makes beautiful products, but don't try looking under the hood to see how secure they are. I'm a huge Apple fan, but I found this news that two presentations on Apple's security were pulled from the annual Black Hat conference.

One was a presentation by Apple employees on the company's security policies. On that one, it's shocking that the employees were planning to speak at all, as Apple is very tight-lipped about anyone within the company speaking publicly.

But the other, as the Slashdot commentary highlights, was to discuss problems with Apple's FileVault encryption system. This sort of public discussion is critical to helping to resolve security issues, especially with Apple recently found to have the most security vulnerabilities by an IBM research team. Security through obscurity doesn't work.

As Apple (thankfully) becomes a bigger force in the market, it needs to ensure its security is top-notch. Its architecture and Unix underpinnings already give it a headstart, but working through potential security problems in a transparent manner would help further.

Yes, Apple is skittish about any public disclosure. But security is one area that it can't afford to keep its cards too close to its vest.

Click here for full coverage of Black Hat 2008.

Matt Asay brings a decade of in-the-trenches open-source business and legal experience to The Open Road, with an emphasis on emerging open-source business strategies and opportunities. Matt is vice president of business development at Alfresco, a company that develops open-source software for content management. He is a member of the CNET Blog Network and is not an employee of CNET. Disclosure. You can follow Matt on Twitter @mjasay.
Topics:

Apple,

Industry news

Tags:

Apple,

security,

Black Hat

Share:
Digg
Del.icio.us
Reddit
Recent posts from The Open Road
Cloud to suck money out of market, report says
When open source isn't (open enough)
SAP wants an open Java process (pot, meet kettle)
Google shifts software value to operations, away from IP
Mobile: Still waiting to see what sticks
Google privacy controls: Most people won't care
Amazon's move mocks EU's fear of Oracle
Skype to open-source far too little
Related
New BlackBerry software will make your phone cooler
Be prepared for Black Friday tech deals
US-CERT warns about free BlackBerry spyware app
Apple releases OS X 10.6.2 and Security Update 2009-006
Apple Remote: Troubleshooting tips
RIM BlackBerry Bold 9700 announced; T-Mobile and AT&T bound
Music industry bows to point-and-shoot cameras
Windows 7 born from Vista's frustrations
Add a Comment (Log in or register) (3 Comments)
  • prev
  • 1
  • next
by The_Decider August 4, 2008 10:47 AM PDT
Well, if FileVault has exploitable issues than attackers will be more than happy to find it and exploit it.

As MS has proved time and time again, black box "security" is no security at all.
Reply to this comment
by Seaspray0 August 4, 2008 11:48 AM PDT
Apple rhetoric has always been "don't acknowledge any security flaws and then they won't exist. Only the other guys have security flaws." Yea, right... "especially with Apple recently found to have the most security vulnerabilities by an IBM research team." Decider will be happy to deny any kind of security vulnerability. So, are you going to listen to the fanboys or are you going to take the steps needed to protect your computer? The truth: there is no such thing as a totaly secure operating system.
Reply to this comment
by The_Decider August 4, 2008 12:53 PM PDT
Show us the last OSX exploit that traveled around outside a lab.

Like usual, you misunderstand. No one denies that OSX has had vulnerabilities(only idiots like you say we do), it is the very simple fact that OSX is almost 10 years old and has never had an in the wild exploit that spreads around.

Not one.

I know you won't understand this either, but there ya go.
(3 Comments)
  • prev
  • 1
  • next
advertisement

As alternative energy grows, NIMBY greens

With more renewable energy projects trying to come online, the country grapples with the balance between local land use and a national push for clean energy.

Google to remake programming with Go

A Unix co-creator is among those behind a language Google hopes will speed computers and programming. Today, Go becomes open-source software.

advertisement

About The Open Road

Matt Asay brings a decade of in-the-trenches open-source business and legal experience to the Open Road, with an emphasis on emerging open-source business strategies and opportunities. Matt is general manager of the Americas division and vice president of business development at Alfresco, a company that develops open-source software for content management. He is a member of the CNET Blog Network and is not an employee of CNET. Disclosure.

Add this feed to your online news reader

The Open Road topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET