Apple hires former Windows security hacker to strengthen OS X

Posted:
in General Discussion edited January 2014
It was discovered on Thursday that famed hacker and former Microsoft employee Kristin Paget is now working for Apple as a core operating system security researcher, suggesting the Cupertino company is beefing up OS X safeguards amid recent Mac-directed malware attacks.

Kristin Paget
New Apple hire Kristin Paget. | Source: Jean-Philippe Martin via Wired


When employed by Microsoft, Paget worked alongside a small team of hackers tasked to find security holes in Windows Vista before the OS was released to the public in 2007, reports Wired. The group apparently found so many flaws that Vista's launch date was pushed back while fixes were put in place.

According to her LinkedIn profile, as of September Paget is listed as being a "Core OS Security Researcher at Apple" based out of Cupertino. Previously, she held the position of chief hacker at security firm Recursion Ventures, but said in June that she wanted to find a job building "security-focused hardware."

Paget, formerly known as Chris Paget, gained notoriety for a number of hacker feats of strength, including a cellphone call-intercepting station at the Defcon hacker conference and a long-range RFID identifier duplication device.

While the hacker's responsibilites at Apple remain unknown, it can be speculated that she will be working to thwart future attacks like the Flashback trojan that affected an estimated 600,000 Macs in April. Most recently, a piece of Mac-targeted malware similar to Flashback was found embedded in a webpage dedicated to the Dalai Lama.
«1

Comments

  • Reply 1 of 37
    I'm sure she/he/it (?) will make a good addition to apple.

    Edit: OK I'm a jerk. But that picture was a little jarring. Sorry :)
  • Reply 2 of 37
    tulkastulkas Posts: 3,757member
    I was thinking she looked awfully manly, then read about the name change. Makes perfect sense.

    Also good to see Apple making moved to improve security.
  • Reply 3 of 37
    She needs to go work at Oracle if she is going to fix Java bugs.
  • Reply 4 of 37
    Great! I am really glad Apple is not blind and still thinking they can't be touched.

    I just hope that some day soon, the virus protection will be built in to the I/O controller so that all data in and out of the box is checked independently of the OS. This is a nice job for an Ax chip that checks every packet and every byte coming into the memory. This way, you can't hack it as easily as you can when it is dependent on the OS.

    Yes, it will cost more, but for the protection of the Apple image, it will be worth it.

  • Reply 5 of 37
    quadra 610quadra 610 Posts: 6,757member

    Quote:

    Originally Posted by Richard Getz View Post



    Great! I am really glad Apple is not blind and still thinking they can't be touched.


     


    Touched by what, exactly?


     


    We're up to how many trojans now?  6?


     


    We get one (at most, two) every year. 


     


    That's negligible. And not especially interesting either way, in light of the proliferation of iOS. 

  • Reply 6 of 37


    Originally Posted by Richard Getz View Post

    I am really glad Apple is not blind and still thinking they can't be touched.


     


    They never thought that.

  • Reply 7 of 37


    I hope they are putting more effort in than just hiring one person. They need to employ 100+ people to turn around a real lack of investment in OS X security.

  • Reply 8 of 37
    @quadra 610, never said there was a large outbreak, or even a small one. But you can't rest on the fact that you are invincible. Having better security is always a great thing.

    @tallest skil, the overall air about Apple is that they are invincible and security is far behind design. Sure, having a UNIX core really helps. Taking it to the next level as Apple always does, is the right thing to do.
  • Reply 9 of 37
    hill60hill60 Posts: 6,992member

    Quote:

    Originally Posted by Richard Getz View Post



    @quadra 610, never said there was a large outbreak, or even a small one. But you can't rest on the fact that you are invincible. Having better security is always a great thing.

    @tallest skil, the overall air about Apple is that they are invincible and security is far behind design. Sure, having a UNIX core really helps. Taking it to the next level as Apple always does, is the right thing to do.


     


    Nothing with a network connection and wetware is invincible, nothing.


     


    Apple knows this, the majority of apple users know this.


     


    Why do people continue to indulge this fantasy?

  • Reply 10 of 37


    Originally Posted by Richard Getz View Post

    @tallest skil, the overall air about Apple is that they are invincible…


     


    You're putting on that air yourself. They have never said this.

  • Reply 11 of 37

    Quote:

    Originally Posted by Richard Getz View Post



    @quadra 610, never said there was a large outbreak, or even a small one. But you can't rest on the fact that you are invincible. Having better security is always a great thing.



    @tallest skil, the overall air about Apple is that they are invincible and security is far behind design. Sure, having a UNIX core really helps. Taking it to the next level as Apple always does, is the right thing to do.


     


    Richard, why dose UNIX have better security? (Forgive my ignorance, newbie to all things A}

  • Reply 12 of 37
    solipsismxsolipsismx Posts: 19,566member
    kennybouy wrote: »
    Richard, why dose UNIX have better security? (Forgive my ignorance, newbie to all things A}

    That's a great question. I know it's true but I wasn't able to rattle off a dozen things instantly as to why UNIX is inherently more secure than Windows. Because knowing and proving are not the same thing I will look for a more concrete answer other than "because."

    edit: OK, a couple things are now coming to mind. UNIX was with multi-user operating system. Windows started out with the user was an Administrator. I'm not sure if that holds true today post WinXP with consumer versions being based on WinNT. Then there is way permissions are delegated but I wonder if MS has also adjusted that with Windows. I'd still say Windows is less secure of an OS but without a valid argument to defend it we can't rule out that is no longer the case, even if we say that used to be the case.
  • Reply 13 of 37


    UNIX is also ancient (a good thing!) and so incredibly optimised and stable, with many potential security holes plugged a long time ago.

  • Reply 14 of 37
    nagrommenagromme Posts: 2,834member


    One person is great, but Apple needs a full-time staff dedicated to the problem of how to disable Java.


     


    (Interesting that the article didn’t mention Java, the source of all the problems mentioned.)

  • Reply 15 of 37


    no jailbreak?

  • Reply 16 of 37
    asciiascii Posts: 5,936member
    I think she's a pretty convincing girl. I don't think OS X really needs much more in the way of security features, it already has sandboxing, GateKeeper as well as the standard Unix-y permissions.

    It just needs people in the know to mosy around the code base, looking for problems. Maybe the Xcode static analysis could be enhanced to point out security issues?
  • Reply 17 of 37
    @tallest skill: I have screen caps of the apple website. They have pretty much said this, even if they probably don't anymore.
  • Reply 18 of 37
    19831983 Posts: 1,225member
    Trans-gender, the original engineer behind the ARM architecture was also thus. Just a bit of trivia, glad to see Apple paying such attention to security issues.
  • Reply 19 of 37


    I wonder... One thing that could fix any future problem is the mac app store.


     


    Why don't we see more known Apps (especially free ones) on it? Chrome, firefox, onyx, dropbox, Skype, plugins like flash and silverlight, paid Apps like office (question of pride, eh?), autocad, etc.


     


    Besides dropbox, all my apps (besides HL orange box from steam, and portal2) come from the MAS. I find it amazingly convenient, especially with updates, etc. And my sure that if Firefox was on it instead of chrome (for example), more people would use it as the 2nd browser.


     


    Then you have Opera, when  you instal it it says that you must download the website version for complete support lol.

  • Reply 20 of 37
    Yet again, Apple is having someone from other companies to help them on their outdated OS. just as how they hire ex-Google employee. at the end, they'll just end up violating terms and agreement of work policies from Microsoft.... Another lawsuit is awaiting in the corner for Apple.
    http://www.iphonbuzz.com/apple-hires-hacker-to-resolve-security-flaws-in-their-os.html
Sign In or Register to comment.