Amid growing criticism of a lassiez-faire approach to security issues, Apple has canceled participation in a public discussion of its security practices at the Black Hat security conference scheduled this week in Las Vegas. Black Hat Director Jeff Moss told reporters in an interview Friday that unnamed members of Apple’s engineering team had agreed in early July to participate in a panel discussion on computer security issues, which would have been a first for the notoriously secretive company. “It was [going to be] them talking about security engineering and how they take security seriously,” Moss said, but “marketing got wind of it, and nobody at Apple is ever allowed to speak publicly about anything without marketing approval.”
In a separate security-related development, reports indicate the DNS security patch released by Apple on Friday may fail to fix the exploit flaw it was intended to repair.
Andrew Storms, director of security operations at nCircle Network Security Inc. and Swa Frantzen of the SANS Institute’s Internet Storm Center both detailed research indicating systems running the client version of Mac OS X were still incrementing ports, not randomizing them, as should have been the case if the fix had addressed the flaw. “Apple might have fixed some of the more important parts for servers, but is far from done yet, as all the clients linked against a DNS client library still need to get the work-around for the protocol weakness,” Frantzen said.
While Dan Kaminsky, the researcher who uncovered the DNS flaw in February and helped coordinate a multivendor patch effort indicated “if there was a huge population of people behind DNS servers running OS X, I’d be more worried,” Rich Mogull, an independent security consultant and former Gartner Inc. analyst said, “It may be a low priority in the scheme of the DNS vulnerability, but if all my servers are OS X, it matters. Within the Mac audience, it matters.”
Via Computerworld
Lonnie Lazar is a writer-musician-web designer-attorney. He writes about Apple for Cult of Mac and Mac|Life, and about VoIP and telecommunications for Voxilla. Follow Lonnie on Twitter @LonnieLazar, join the Cult of Mac on Facebook, and find Lonnie’s photos on Flickr.
