Analysis: Apple Security Team's Oh-So-Brief Black Hat Appearance


In April this year, when researchers from Russian antivirus vendor Dr. Web notified Apple about its discovery of the Flashback botnet, Apple ignored them. Later, Apple tried to have one of Dr. Web's test servers shut down, apparently mistaking it as part of the botnet.

Andrew Plato, president of Anitian Enterprise Security, a Beaverton, Ore.-based security consultancy, says Apple eventually will have to embrace the research community, at least at some level.

"Apple would be wise to find a way to do some smaller, more intimate discussions where they can field serious questions and engage the community in a proactive manner," Plato told CRN.

So what exactly did Apple hope to gain by taking part in Black Hat this year? If Apple thought that showing up and giving a Powerpoint presentation of previously released material was going to impress researchers, it was wrong. Sniffing out subterfuge is what many Black Hat attendees do for a living, which is why audible sighs -- and even a few exasperated groans -- were heard as De Atley gave his talk.

Apple has made progress in security and continues to build for the future by hiring top security talent. Other decisions, such as adding automatic updates to OS X and giving up control over Java updates to Oracle, show that Apple is able to adjust to the realities of the security marketplace.

Michael Oh, founder and president of Boston-based Apple reseller Tech Superpowers, believes these moves, and Apple's participation at Black Hat, are part of Apple's goal is to show businesses that it is serious about security.

"Apple is never going to map out future product time lines for corporate customers, but when it comes to security, they know they have to be more open to be taken seriously in the enterprise," Oh told CRN.

Apple is currently in broadcast-only mode with the security research community, and we'll have to wait until next year's Black Hat to see if it is also ready to start listening.

PUBLISHED JULY 31, 2012