Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Businesses Apple

Two Black Hat Talks On Apple Security Cancelled 125

Posted by kdawson from the can't-say-that dept.
An anonymous reader writes "Two separate Apple security talks have been nixed at the last minute from next week's Black Hat security conference in Las Vegas. The Washington Post's Security Fix blog reports that Apple researcher Charles Edge was to present on flaws in Apple's FileVault encryption plan, but asked Black Hat to cancel the talk, citing confidentiality agreements with Apple. Then on Friday, Apple pulled its security engineering team out of a planned public discussion on the company's security practices — which would have been a first for Apple. 'Marketing got wind of it, and nobody at Apple is ever allowed to speak publicly about anything without marketing approval,' a Black Hat spokesman said."
This discussion has been archived. No new comments can be posted.

Two Black Hat Talks On Apple Security Cancelled More

Two Black Hat Talks On Apple Security Cancelled

Comments Filter:

  • Steve is not impressed (Score:5, Interesting)

    by bxwatso ( 1059160 ) on Sunday August 03, 2008 @09:40AM (#24455641)
    This must be bitter sweet for Steve B., since Apple likes to tout that it's software is more secure than Vista. I wonder if Walt Mossberg is taking note of this.

    I think Steve J.'s brand of evil is about the same as MS's, but because they are perceived as underdogs, people don't care as much.

  • Apple Marketing is the "best". (Score:3, Interesting)

    by Anonymous Coward on Sunday August 03, 2008 @09:55AM (#24455703)

    Apple's marketing is genius.

    A few years back, they were talking up how FileVault (home folder encryption) uses AES-128 encryption, implying that it would take longer to crack than the age of the universe.
    http://www.apple.com/sg/macosx/features/filevault/

    Meanwhile, the password could often be found in plain text on the hard drive in swap files. This was back before encrypting swap was an option.

    It's also funny how a company that sells itself as secure has root privilege escalation without a password as a feature out of the box.
    http://www.apple.com/sg/macosx/features/security/

    I guess the default account having root access is sort of an industry standard given Windows. Phrases like "wise architectural decisions" are relative, so not strictly false. I won't touch "intelligent design".

    But saying, and I quote, "The Mac OS X administrator account, unlike the Windows admin account, disables access to the core functions of the operating system." is an outright lie (see above "root privilege escalation feature").

  • Re:Marketing? (Score:5, Interesting)

    by fortyonejb ( 1116789 ) on Sunday August 03, 2008 @10:18AM (#24455823)
    It's somewhat of a sad fact that this has been considered as fair and normal practice in the industry. Maybe because no real "safety" issues can be dragged into the mess, people who are not in the know simply do not care.

    Just to make sure i'm /. approved, lets use the highly venerated auto industry. When product issues come up, auto makers must make their shortcomings public, and even issue recalls to fix said problems.

    Just because my PC doesn't explode when hit from the rear, doesn't mean the shortcomings are any less valid. While of course marketing does not want anyone to know anything bad could ever happen with a Mac, it would be better for the company and its clients to have a more open dialog. Pretending there are no holes does not fill them.

  • Re:Steve is not impressed (Score:2, Interesting)

    by eclectic4 ( 665330 ) on Sunday August 03, 2008 @10:51AM (#24456051)
    "This must be bitter sweet for Steve B., since Apple likes to tout that it's software is more secure than Vista. I wonder if Walt Mossberg is taking note of this."

    Why? I didn't read anywhere in this article that stated Mac OS X is less secure than Windows... as it would be just plain silly.

    "I think Steve J.'s brand of evil is about the same as MS's, but because they are perceived as underdogs, people don't care as much."

    You may be right. But it doesn't change the fact that more and more consumers are simply realizing that Apple sucks less than Microsoft in almost every area. But, I can only assume that's what you meant would be the benefit of people "perceiving" Apple as underdogs, as you also didn't state this. Suggesting that being perceived as underdogs would increase sales is, well... also very silly.

  • It just doesn't surprise me... (Score:1, Interesting)

    by Anonymous Coward on Sunday August 03, 2008 @10:55AM (#24456083)

    I doesn't surprise me Apple's marketing team doesn't allow comment on practices, fixes or developments... they don't even get back to the people finding issues like Jon Longoria on the Spaces theoretical vulnerability. I emailed him to see if he had gotten comment and was told noone would talk with him to discuss the problem or attempt a fix. RE: http://thereformed.org/2008/05/03/theory-apple-osx-spaces-vulnerable/ . I don't really get wtf is wrong with Apple, I think they're locking up under the strain of their evolving popularity. Apple, you've actually broken into the real industry and not the hobbyist, its time to put your pants on and get open about your problems and what you're doing to fix them!

  • Re:Steve is not impressed (Score:4, Interesting)

    by bxwatso ( 1059160 ) on Sunday August 03, 2008 @11:19AM (#24456261)
    My points were that if Apple is really more secure than Vista, Apple would welcome a thorough investigation of its OS. In that regard, MS is more proactive. Personally, I find both OS's acceptable regarding security.

    I do think that a lot of people are turned off by the size of MS more than the quality of its products. A lot of people want something different to express themselves. Even when Apple truly sucked (and it did), a fair number of people stuck with them presumably to distance themselves from the giant and evil MS.

  • Not Surprised (Score:2, Interesting)

    by Anonymous Coward on Sunday August 03, 2008 @11:32AM (#24456371)

    I'm not surprised really to see a corporation sponsored "Hacker" conference have talks canceled due to confidentiality agreements.

    I've yet to hear a real hacker conference have their talks canceled due to something like that. Normally cancellations involve the speaker being escorted out in handcuffs.

    But honestly there are far better, and more hacker-centric conferences out there than Black Hat. Conferences that come to mind are Chaos Communications Camp (or Chaos Communications Congress in the winter), Defcon, and even H.O.P.E. are far better choices than Black Hat.

    There are more conferences out there that have the same "hacker spirit" but aren't as hard-core like NotaCon which has more of a social atmosphere to it.

    But I digress, plan to see more of these types of cancellations at Black Hat in the future since the corporations just are looking for another excuse to line their pockets with more money. The fees for this Conference are astronomical, anywhere between $1300.00 to $5000.00 PER TALK compared to The Last H.O.P.E. where the price was ~$80.00 total as in you pay $80.00 and you get to go to EVERYTHING.

    -VK

  • Re:definately MS's doing (Score:2, Interesting)

    by Tom90deg ( 1190691 ) <Tom90deg@yahoo.com> on Sunday August 03, 2008 @11:34AM (#24456385) Homepage

    Well, of course! Apple is the underdog. Never mind the fact that is has the number one selling music player, and the market share is increasing, and that iTunes is extremely popular, and people are killing others for a iPhone...

    Oh wait. Maybe Apple ISN'T the underdog. Maybe its practices are just the same as any other large company that wants to make a profit. It's no different from any others in that respect, in fact, it may be worse, as people excuse Apple for a lot, as they still think of it as the underdog.

  • Here's a serious flaw with FileVault (Score:4, Interesting)

    by azav ( 469988 ) on Sunday August 03, 2008 @11:39AM (#24456433) Homepage Journal

    1. Create two accounts on your mac. One is a throaway with fileVault turned on.
    2. Log in to both and switch to your non FileVault account.
    3. Copy a large enough chunk of data to the drop box of the FileVault user so that you will ALMOST fill up the boot drive.
    4. Duplicate that data to another folder on your boot drive.
    5. Wait till the hard drive fills up and you have 0 K on the drive.
    6. Launch Safari and load a few web pages with lots of rotating ads. This is to guarantee that more data is being brought onto the hard drive.

    At some point, the FileVault account becomes corrupted. You can't log in to it, you can't recover it. It's gone.

  • Re:Steve is not impressed (Score:3, Interesting)

    by porcupine8 ( 816071 ) on Sunday August 03, 2008 @07:55PM (#24460669) Journal
    Not necessarily - if they are more secure than Vista, but less secure than the current public perception, then why would they want to bring public perception of their security down, even if it's still higher than Vista?

  • Re:Marketing? (Score:4, Interesting)

    by ScrewMaster ( 602015 ) on Monday August 04, 2008 @04:05AM (#24463479)
    'Marketing got wind of it, and nobody at Apple is ever allowed to speak publicly about anything without marketing approval,' a Black Hat spokesman said."

    I'd say it's more likely that legal got wind of it, not marketing.

  • Quote out-of-context (Score:3, Interesting)

    by stewbacca ( 1033764 ) on Monday August 04, 2008 @01:16PM (#24469271)
    The "marketing got wind of it" quote from the summary is attributed to the Blackhat organizer, not Apple's marketing department. There's you daily dose of slashdot bias for ya.

Slashdot Top Deals

Software production is assumed to be a line function, but it is run like a staff function. -- Paul Licker

Close