Apple hires former Windows security hacker to strengthen OS X
It was discovered on Thursday that famed hacker and former Microsoft employee Kristin Paget is now working for Apple as a core operating system security researcher, suggesting the Cupertino company is beefing up OS X safeguards amid recent Mac-directed malware attacks.
New Apple hire Kristin Paget. | Source: Jean-Philippe Martin via Wired
When employed by Microsoft, Paget worked alongside a small team of hackers tasked to find security holes in Windows Vista before the OS was released to the public in 2007, reports Wired. The group apparently found so many flaws that Vista's launch date was pushed back while fixes were put in place.
According to her LinkedIn profile, as of September Paget is listed as being a "Core OS Security Researcher at Apple" based out of Cupertino. Previously, she held the position of chief hacker at security firm Recursion Ventures, but said in June that she wanted to find a job building "security-focused hardware."
Paget, formerly known as Chris Paget, gained notoriety for a number of hacker feats of strength, including a cellphone call-intercepting station at the Defcon hacker conference and a long-range RFID identifier duplication device.
While the hacker's responsibilites at Apple remain unknown, it can be speculated that she will be working to thwart future attacks like the Flashback trojan that affected an estimated 600,000 Macs in April. Most recently, a piece of Mac-targeted malware similar to Flashback was found embedded in a webpage dedicated to the Dalai Lama.
New Apple hire Kristin Paget. | Source: Jean-Philippe Martin via Wired
When employed by Microsoft, Paget worked alongside a small team of hackers tasked to find security holes in Windows Vista before the OS was released to the public in 2007, reports Wired. The group apparently found so many flaws that Vista's launch date was pushed back while fixes were put in place.
According to her LinkedIn profile, as of September Paget is listed as being a "Core OS Security Researcher at Apple" based out of Cupertino. Previously, she held the position of chief hacker at security firm Recursion Ventures, but said in June that she wanted to find a job building "security-focused hardware."
Paget, formerly known as Chris Paget, gained notoriety for a number of hacker feats of strength, including a cellphone call-intercepting station at the Defcon hacker conference and a long-range RFID identifier duplication device.
While the hacker's responsibilites at Apple remain unknown, it can be speculated that she will be working to thwart future attacks like the Flashback trojan that affected an estimated 600,000 Macs in April. Most recently, a piece of Mac-targeted malware similar to Flashback was found embedded in a webpage dedicated to the Dalai Lama.
Comments
Edit: OK I'm a jerk. But that picture was a little jarring. Sorry
Also good to see Apple making moved to improve security.
I just hope that some day soon, the virus protection will be built in to the I/O controller so that all data in and out of the box is checked independently of the OS. This is a nice job for an Ax chip that checks every packet and every byte coming into the memory. This way, you can't hack it as easily as you can when it is dependent on the OS.
Yes, it will cost more, but for the protection of the Apple image, it will be worth it.
Quote:
Originally Posted by Richard Getz
Great! I am really glad Apple is not blind and still thinking they can't be touched.
Touched by what, exactly?
We're up to how many trojans now? 6?
We get one (at most, two) every year.
That's negligible. And not especially interesting either way, in light of the proliferation of iOS.
Originally Posted by Richard Getz
I am really glad Apple is not blind and still thinking they can't be touched.
They never thought that.
I hope they are putting more effort in than just hiring one person. They need to employ 100+ people to turn around a real lack of investment in OS X security.
@tallest skil, the overall air about Apple is that they are invincible and security is far behind design. Sure, having a UNIX core really helps. Taking it to the next level as Apple always does, is the right thing to do.
Quote:
Originally Posted by Richard Getz
@quadra 610, never said there was a large outbreak, or even a small one. But you can't rest on the fact that you are invincible. Having better security is always a great thing.
@tallest skil, the overall air about Apple is that they are invincible and security is far behind design. Sure, having a UNIX core really helps. Taking it to the next level as Apple always does, is the right thing to do.
Nothing with a network connection and wetware is invincible, nothing.
Apple knows this, the majority of apple users know this.
Why do people continue to indulge this fantasy?
Originally Posted by Richard Getz
@tallest skil, the overall air about Apple is that they are invincible…
You're putting on that air yourself. They have never said this.
Quote:
Originally Posted by Richard Getz
@quadra 610, never said there was a large outbreak, or even a small one. But you can't rest on the fact that you are invincible. Having better security is always a great thing.
@tallest skil, the overall air about Apple is that they are invincible and security is far behind design. Sure, having a UNIX core really helps. Taking it to the next level as Apple always does, is the right thing to do.
Richard, why dose UNIX have better security? (Forgive my ignorance, newbie to all things A}
That's a great question. I know it's true but I wasn't able to rattle off a dozen things instantly as to why UNIX is inherently more secure than Windows. Because knowing and proving are not the same thing I will look for a more concrete answer other than "because."
edit: OK, a couple things are now coming to mind. UNIX was with multi-user operating system. Windows started out with the user was an Administrator. I'm not sure if that holds true today post WinXP with consumer versions being based on WinNT. Then there is way permissions are delegated but I wonder if MS has also adjusted that with Windows. I'd still say Windows is less secure of an OS but without a valid argument to defend it we can't rule out that is no longer the case, even if we say that used to be the case.
UNIX is also ancient (a good thing!) and so incredibly optimised and stable, with many potential security holes plugged a long time ago.
One person is great, but Apple needs a full-time staff dedicated to the problem of how to disable Java.
(Interesting that the article didn’t mention Java, the source of all the problems mentioned.)
no jailbreak?
It just needs people in the know to mosy around the code base, looking for problems. Maybe the Xcode static analysis could be enhanced to point out security issues?
I wonder... One thing that could fix any future problem is the mac app store.
Why don't we see more known Apps (especially free ones) on it? Chrome, firefox, onyx, dropbox, Skype, plugins like flash and silverlight, paid Apps like office (question of pride, eh?), autocad, etc.
Besides dropbox, all my apps (besides HL orange box from steam, and portal2) come from the MAS. I find it amazingly convenient, especially with updates, etc. And my sure that if Firefox was on it instead of chrome (for example), more people would use it as the 2nd browser.
Then you have Opera, when you instal it it says that you must download the website version for complete support lol.
http://www.iphonbuzz.com/apple-hires-hacker-to-resolve-security-flaws-in-their-os.html