Haiti EarthQuake Relief Live Breaking News From Major News Wires

Haiti EarthQuake

Subscribe to Haiti EarthQuake: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Haiti EarthQuake: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Haiti EarthQuake Authors: Tim Crawford, Jason Bloomberg, Ben Bradley, XebiaLabs Blog, Steve Mordue

Related Topics: Java Developer Magazine, Macintosh Magazine, Haiti EarthQuake

Blog Feed Post

Apple’s Magical Lie

My target this week is Apple and their security practices

By: Ian Gillespie

Warning: I am not an Information Security expert – I am the Lead Designer at Hurricane Labs. I do not know the detailed best practices of securing a network or how to set up a SIEM such as Splunk. You may be asking yourself, “Why the heck is this guy even writing an article on a blog about Information Security?!” Hold on a second – what I propose is an outsider’s perspective on the idea of information security as a whole. My perspective may not be the same as that of an information security specialist, but that’s the point. The purpose of this article is to hopefully be entertaining, but to also allow me to rant, or vent my frustrations with things having to do with security – whether it be company practices, or even just the way we share our information on social networks. I hope to write a few blog posts in the coming weeks. Hopefully you will get a little enjoyment out of this as well – at my expense, of course.

My target this week is Apple and their security practices, or rather, the lack of their security practices. They are releasing an automatic security update for OSX – awesome, thanks Apple! I’m surprised no one has ever thought of this before…oh crap, nevermind. As a fellow co-worker pointed out on our previous podcast – this type of thing has been around in operating systems for the better part of a decade, but I’m sure Apple will tout this as a brand new feature that ‘Automagically Keeps Your Mac Safe’. Because of this, Apple should write a really long apology for being dumb about security. This should be put on the front page of the Apple website:

For years we lied about the security of a mac. We falsely made countless consumers believe that our products were invulnerable to attacks and that we had, in fact, created the first invulnerable computer system in history of humanity. For this, we are sorry. Contact us for a free Retina Display Macbook Pro.

(Okay, maybe the last part is stretching it.)

You may be saying to yourself: “Ian, why so serious?” Well, let me tell you why, friendo – I had first hand experience dealing with Apple’s misinformation regarding their security. A couple of years ago my wife and I went to the Apple store to buy her a new laptop. During this visit, one of the Apple Representatives told her that she would never have to worry about computer viruses. I immediately scolded him and told him that this was simply not true. On the car ride home I reminded my wife on the importance of updating her software regularly and to be conscious of her computer activity – nothing is 100% secure.

Let’s say, hypothetically, that my wife did not have her Designer Security Expert husband by her side to show her not only how to crop a picture in Photoshop, but that she also needed to update her software from time to time. If this were the case, she would have come home and years would have gone by without her ever updating her Mac’s software. Trust me, she wouldn’t have updated it – ever! She didn’t even know she had a trash can on her Windows machine. (Don’t tell her I told you that.) And the worst part – she is just one innocent consumer who was told this lie. Telling consumers something blatantly false – especially when it comes to security, is just wrong and irresponsible. Not to mention the fact that they looked pretty stupid when the whole Flashback fiasco happened and it took them forever and a blue-moon to release a Java update. The worst thing they could have done is to try and ignore the problem, which is exactly what they did.

Good news though. Like I said earlier, Apple seems to be (well kinda) changing their ways by offering automatic security updates for Mountain Lion. Good job Apple, I commend you. Let’s hope your Apple store representatives are a little more honest about your product security as well.

My point, in the end, is that companies need to be more upfront about the security of their products. Why risk getting caught with egg on your face when you could have just been more upfront from the beginning? Hopefully Apple will be a little more proactive with the security of their iOS devices (probably not, but that may just be me being cynical). A little transparency can go a long way – this goes for anyone – including you LinkedIn, but you’ve already been yelled at enough.

Read the original blog entry...

More Stories By Hurricane Labs

Christina O’Neill has been working in the information security field for 3 years. She is a board member for the Northern Ohio InfraGard Members Alliance and a committee member for the Information Security Summit, a conference held once a year for information security and physical security professionals.