Black Hat talk on Apple FileVault encryption flaw canceled

“A security researcher who was set to speak at the Black Hat hacker convention in Las Vegas next week on a previously undiscovered flaw in Apple’s FileVault encryption system has canceled his talk, citing confidentiality agreements with the Cupertino computer maker,” Brian Krebs reports for The Washington Post.

“Charles Edge, a researcher from Georgia, had been slated to discuss his research on a weakness that could be used to defeat FileVault encryption on the Mac. But sometime last week, Black Hat organizers pulled his name and presentation listing from its schedule of talks,” Krebs reports.

“Contacted via cell phone, Edge said he signed confidentiality agreements with Apple, which prevents him from speaking on the topic and from discussing the matter further,” Krebs reports.

“Edge should absolutely honor any legal agreements he signed with Apple, which he says is his biggest client,” Krebs writes. “But these kinds of reversals have a funny way of stoking the curiosity of the hacker community, already an inquisitive bunch by nature.”

Full article here.

[Thanks to MacDailyNews Reader “Brawndo Drinker” for the heads up.]

22 Comments

  1. Well I must say that while I have full confidence in Apple for fast fixes the majority of the time and good security for the most part, they really need to be taking Security even more seriously. They are getting the attention of all now and they will be picked apart sooner or later. The hacker community is not to be taken lightly.

  2. “The hacker community is not to be taken lightly.”

    @smyhre
    I think that’s why Apple has chosen to hire this guy as a contractor to assist them in identifying/closing this vulnerability and also prevent him from divulging it publicly. If they were taking them lightly, this guy would be giving his presentation.

  3. Hooray Apple, for thinking that silence and reticence are a substitute for real security. Of course, the vaunted rock solid Unix-based OS X must have a security flaw so huge, so damaging, so insidious, so publicly embarrassing that no one outside the walls of the inner sanctum can divulge its horrific immensity. Thank goodness for Steve Jobs’ ever watchful eye looking after yours and my best interests. Oops, sorry, Apple latest security patch is worthless. I guess Apple isn’t very much concerned about more self-inflicted wounds. However, it appears that this latest injury was in the head versus the foot.

    For those still gullible to believe that Apple withdrawing its participation in Black Hat is a good thing, I can sell you some blue prints for a 1954 backyard bomb shelter. I’l even throw in some tin foil for your caps.

  4. zmcv,

    I’m sorry to pee in your Cheerios, but re-read “agreements he signed with Apple, which he says is his biggest client.” Of course Apple wants to bring Edge in and learn what he knows before others do. That is the responsible thing to do.

    And just so you know, there are STILL only two pieces of malware in the wild for OS X, both of which have to be ACTIVELY DOWNLOADED and GIVEN PERMISSION TO RUN. Furthermore, when a new Mac goes onto the internet it is completely closed and invisible. Now, how insecure is that?

    Unix and OS X aren’t invulnerable, but they have two things going for them. One is that the Unix system was devised to be networked and is very, very hard to hide any malware in. Second is that the Mac community is wide open (even if Apple sometimes keeps tight-lipped) and share what they know. In fact, one of the best anti-virus programs available for the Mac is Clamxav, which is open source and free. See John Gruber’s article Broken Windows here: http://daringfireball.net/2004/06/broken_windows and educate yourself.

    Personally, I don’t have any anti-virus software and haven’t since I started using OS X back in 2003. It’s nice. You should try it sometime.

  5. zvmcv,

    I have an idea. How about you learn how to be a hacker and then you can really stick it to Apple. If OS X is as insecure as you seem to believe, you wouldn’t have any problem bringing all the Macs in the world to a standstill.

    Then you could go to the Black Hat convention and be a big hero. Just think of all the fame and fortune you could get.
    Or you can stay here being the annoying little asscrack that you always are. We’re talking about your future, boy.

  6. The challenge of braking up OSX exists since years amongst the hacker communities around the world… None yet has found his way through.
    Windows is definitively a bored strainer in comparison.

  7. @zv….,

    I think that Apple did the right thing. They are probably working on a fix to the problem right now. So instead of working to catch up on something that is let out into the wild, they can work on correcting it before it happens.

    If only other hackers could be more conscientious, instead of trying to be the next Mitnick, – thinking that everyone is just a dumbass – then security would be better.

    I could just see the headlines next week, “…I placed many calls to Apple, but they wouldn’t listen to me….”

    Averted! Well done Apple!

    /rick

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.