Two Black Hat Talks On Apple Security Cancelled 125
An anonymous reader writes "Two separate Apple security talks have been nixed at the last minute from next week's Black Hat security conference in Las Vegas. The Washington Post's Security Fix blog reports that Apple researcher Charles Edge was to present on flaws in Apple's FileVault encryption plan, but asked Black Hat to cancel the talk, citing confidentiality agreements with Apple. Then on Friday, Apple pulled its security engineering team out of a planned public discussion on the company's security practices — which would have been a first for Apple. 'Marketing got wind of it, and nobody at Apple is ever allowed to speak publicly about anything without marketing approval,' a Black Hat spokesman said."
Steve is not impressed (Score:5, Interesting)
I think Steve J.'s brand of evil is about the same as MS's, but because they are perceived as underdogs, people don't care as much.
Apple Marketing is the "best". (Score:3, Interesting)
Apple's marketing is genius.
A few years back, they were talking up how FileVault (home folder encryption) uses AES-128 encryption, implying that it would take longer to crack than the age of the universe.
http://www.apple.com/sg/macosx/features/filevault/
Meanwhile, the password could often be found in plain text on the hard drive in swap files. This was back before encrypting swap was an option.
It's also funny how a company that sells itself as secure has root privilege escalation without a password as a feature out of the box.
http://www.apple.com/sg/macosx/features/security/
I guess the default account having root access is sort of an industry standard given Windows. Phrases like "wise architectural decisions" are relative, so not strictly false. I won't touch "intelligent design".
But saying, and I quote, "The Mac OS X administrator account, unlike the Windows admin account, disables access to the core functions of the operating system." is an outright lie (see above "root privilege escalation feature").
Re:Marketing? (Score:5, Interesting)
Just to make sure i'm
Just because my PC doesn't explode when hit from the rear, doesn't mean the shortcomings are any less valid. While of course marketing does not want anyone to know anything bad could ever happen with a Mac, it would be better for the company and its clients to have a more open dialog. Pretending there are no holes does not fill them.
Re:Steve is not impressed (Score:2, Interesting)
Why? I didn't read anywhere in this article that stated Mac OS X is less secure than Windows... as it would be just plain silly.
"I think Steve J.'s brand of evil is about the same as MS's, but because they are perceived as underdogs, people don't care as much."
You may be right. But it doesn't change the fact that more and more consumers are simply realizing that Apple sucks less than Microsoft in almost every area. But, I can only assume that's what you meant would be the benefit of people "perceiving" Apple as underdogs, as you also didn't state this. Suggesting that being perceived as underdogs would increase sales is, well... also very silly.
It just doesn't surprise me... (Score:1, Interesting)
I doesn't surprise me Apple's marketing team doesn't allow comment on practices, fixes or developments... they don't even get back to the people finding issues like Jon Longoria on the Spaces theoretical vulnerability. I emailed him to see if he had gotten comment and was told noone would talk with him to discuss the problem or attempt a fix. RE: http://thereformed.org/2008/05/03/theory-apple-osx-spaces-vulnerable/ . I don't really get wtf is wrong with Apple, I think they're locking up under the strain of their evolving popularity. Apple, you've actually broken into the real industry and not the hobbyist, its time to put your pants on and get open about your problems and what you're doing to fix them!
Re:Steve is not impressed (Score:4, Interesting)
I do think that a lot of people are turned off by the size of MS more than the quality of its products. A lot of people want something different to express themselves. Even when Apple truly sucked (and it did), a fair number of people stuck with them presumably to distance themselves from the giant and evil MS.
Not Surprised (Score:2, Interesting)
I'm not surprised really to see a corporation sponsored "Hacker" conference have talks canceled due to confidentiality agreements.
I've yet to hear a real hacker conference have their talks canceled due to something like that. Normally cancellations involve the speaker being escorted out in handcuffs.
But honestly there are far better, and more hacker-centric conferences out there than Black Hat. Conferences that come to mind are Chaos Communications Camp (or Chaos Communications Congress in the winter), Defcon, and even H.O.P.E. are far better choices than Black Hat.
There are more conferences out there that have the same "hacker spirit" but aren't as hard-core like NotaCon which has more of a social atmosphere to it.
But I digress, plan to see more of these types of cancellations at Black Hat in the future since the corporations just are looking for another excuse to line their pockets with more money. The fees for this Conference are astronomical, anywhere between $1300.00 to $5000.00 PER TALK compared to The Last H.O.P.E. where the price was ~$80.00 total as in you pay $80.00 and you get to go to EVERYTHING.
-VK
Re:definately MS's doing (Score:2, Interesting)
Well, of course! Apple is the underdog. Never mind the fact that is has the number one selling music player, and the market share is increasing, and that iTunes is extremely popular, and people are killing others for a iPhone...
Oh wait. Maybe Apple ISN'T the underdog. Maybe its practices are just the same as any other large company that wants to make a profit. It's no different from any others in that respect, in fact, it may be worse, as people excuse Apple for a lot, as they still think of it as the underdog.
Here's a serious flaw with FileVault (Score:4, Interesting)
1. Create two accounts on your mac. One is a throaway with fileVault turned on.
2. Log in to both and switch to your non FileVault account.
3. Copy a large enough chunk of data to the drop box of the FileVault user so that you will ALMOST fill up the boot drive.
4. Duplicate that data to another folder on your boot drive.
5. Wait till the hard drive fills up and you have 0 K on the drive.
6. Launch Safari and load a few web pages with lots of rotating ads. This is to guarantee that more data is being brought onto the hard drive.
At some point, the FileVault account becomes corrupted. You can't log in to it, you can't recover it. It's gone.
Re:Steve is not impressed (Score:3, Interesting)
Re:Marketing? (Score:4, Interesting)
I'd say it's more likely that legal got wind of it, not marketing.
Quote out-of-context (Score:3, Interesting)