“A security researcher who was set to speak at the Black Hat hacker convention in Las Vegas next week on a previously undiscovered flaw in Apple’s FileVault encryption system has canceled his talk, citing confidentiality agreements with the Cupertino computer maker,” Brian Krebs reports for The Washington Post.
“Charles Edge, a researcher from Georgia, had been slated to discuss his research on a weakness that could be used to defeat FileVault encryption on the Mac. But sometime last week, Black Hat organizers pulled his name and presentation listing from its schedule of talks,” Krebs reports.
“Contacted via cell phone, Edge said he signed confidentiality agreements with Apple, which prevents him from speaking on the topic and from discussing the matter further,” Krebs reports.
“Edge should absolutely honor any legal agreements he signed with Apple, which he says is his biggest client,” Krebs writes. “But these kinds of reversals have a funny way of stoking the curiosity of the hacker community, already an inquisitive bunch by nature.”
Full article here.
[Thanks to MacDailyNews Reader “Brawndo Drinker” for the heads up.]
Well I must say that while I have full confidence in Apple for fast fixes the majority of the time and good security for the most part, they really need to be taking Security even more seriously. They are getting the attention of all now and they will be picked apart sooner or later. The hacker community is not to be taken lightly.
They are going to get attacked by the hacker ‘community’ no matter what they say or do. Screw those self-centered little punks. I’d like to see them behind bars. In Guantanamo. Being water-boarded. With hog pee.
@ SGB,
And with “Macarena” playing at top volume on endless repeat.
“The hacker community is not to be taken lightly.”
@smyhre
I think that’s why Apple has chosen to hire this guy as a contractor to assist them in identifying/closing this vulnerability and also prevent him from divulging it publicly. If they were taking them lightly, this guy would be giving his presentation.
Hooray Apple, for thinking that silence and reticence are a substitute for real security. Of course, the vaunted rock solid Unix-based OS X must have a security flaw so huge, so damaging, so insidious, so publicly embarrassing that no one outside the walls of the inner sanctum can divulge its horrific immensity. Thank goodness for Steve Jobs’ ever watchful eye looking after yours and my best interests. Oops, sorry, Apple latest security patch is worthless. I guess Apple isn’t very much concerned about more self-inflicted wounds. However, it appears that this latest injury was in the head versus the foot.
For those still gullible to believe that Apple withdrawing its participation in Black Hat is a good thing, I can sell you some blue prints for a 1954 backyard bomb shelter. I’l even throw in some tin foil for your caps.
zmcv,
I’m sorry to pee in your Cheerios, but re-read “agreements he signed with Apple, which he says is his biggest client.” Of course Apple wants to bring Edge in and learn what he knows before others do. That is the responsible thing to do.
And just so you know, there are STILL only two pieces of malware in the wild for OS X, both of which have to be ACTIVELY DOWNLOADED and GIVEN PERMISSION TO RUN. Furthermore, when a new Mac goes onto the internet it is completely closed and invisible. Now, how insecure is that?
Unix and OS X aren’t invulnerable, but they have two things going for them. One is that the Unix system was devised to be networked and is very, very hard to hide any malware in. Second is that the Mac community is wide open (even if Apple sometimes keeps tight-lipped) and share what they know. In fact, one of the best anti-virus programs available for the Mac is Clamxav, which is open source and free. See John Gruber’s article Broken Windows here: http://daringfireball.net/2004/06/broken_windows and educate yourself.
Personally, I don’t have any anti-virus software and haven’t since I started using OS X back in 2003. It’s nice. You should try it sometime.
Cubert,
“And with “Macarena” playing at top volume on endless repeat.”
MY GAWD, MAN !!! Even I’M not THAT cruel !
Great, now I have that video in my head. Suicide to follow.
zvmcv,
I have an idea. How about you learn how to be a hacker and then you can really stick it to Apple. If OS X is as insecure as you seem to believe, you wouldn’t have any problem bringing all the Macs in the world to a standstill.
Then you could go to the Black Hat convention and be a big hero. Just think of all the fame and fortune you could get.
Or you can stay here being the annoying little asscrack that you always are. We’re talking about your future, boy.
The challenge of braking up OSX exists since years amongst the hacker communities around the world… None yet has found his way through.
Windows is definitively a bored strainer in comparison.
@zv….,
I think that Apple did the right thing. They are probably working on a fix to the problem right now. So instead of working to catch up on something that is let out into the wild, they can work on correcting it before it happens.
If only other hackers could be more conscientious, instead of trying to be the next Mitnick, – thinking that everyone is just a dumbass – then security would be better.
I could just see the headlines next week, “…I placed many calls to Apple, but they wouldn’t listen to me….”
Averted! Well done Apple!
/rick
See, now, here I was trying to educate poor zvmzv or whatever he’s calling himself today, and Sir Bill has to go and just smack him down.
I’m thinkin’ I like Bill’s way better.
aka Christian,
I don’t know, I really enjoyed your “pee in your Cheerios” comment.
Did you know that’s the actual way that cereal makers get all of the daily required vitamins and minerals in that stuff.
And people bitched about too much sugar.
“I’d like to see them behind bars. In Guantanamo.”
Even Hitler never openly advocated torture. God bless america.
@ sir Gill Bates who said
“They are going to get attacked by the hacker ‘community’ no matter what they say or do. Screw those self-centered little punks. I’d like to see them behind bars. In Guantanamo. Being water-boarded. With hog pee.”
That attitude won’t get you far in the civilized world but fortunately for you there is a terrorist alliance of nations known as AENUS (Australia, Enland N United States) that you might consider joining. Unless of course you are into suicide bombings…there are other terrorist organizations for that.
Most of the stuff you write sir, is excellent and appropriate. Sad to see you go down this route.
boulderfrog,
“Even Hitler never openly advocated torture. God bless america.”
Well George W. Bush does.
Road Warrior (NLI),
“Sad to see you go down this route.”
Believe it or not, I was joking. But I admit, it was pretty crude and over the top. Consider me contrite.
I have been appalled by the whole situation that has been permitted to exist in Cuba (and Iraq) by our leaders. Besides the torture, just the fact that people can be locked away for years with no recourse is unbelievable. The fact that even our Supreme Court has allowed this to go on is sickening. It’s confusing to me why people don’t seem to comprehend that if it can be done to others, it can also be done to us.
I guess if anyone should be behind bars, it should be the person who has spit on our Constitution and created this whole situation. But that will never happen.
Road Warrior (NLI),
Ya know, I didn’t realize anybody paid attention to my little diatribes. I guess I’m just used to my wife ignoring me for so many years. Can’t really blame the poor dear.
Whatever happened to ‘Don’t do the crime if you can’t do the time’.
I blame their capturers for not shooting them in the head when they found them.
Terrorists deserve nothing better.
To the idiot who posted at 03 08 9:14 a.m.
Everyone deserves due process. How many of the “enemy combatants” being held are ACTUALLY terrorists? Do you personally know? Are you aware that our current administration is screwing with our laws so that ANYONE, including YOU, can be labeled a terrorist, have your internet access and phone lines tapped, and then be held indefinitely without a lawyer or even being told why you are held? I guess you believe our government should be allowed to simply enter your house and shoot you based on their definition of “terrorist.”
Pay attention, fool. Justice needs to be for everyone.
@Sir Bill.
I admire people who are willing to apologize when they’ve made a gaffe (or sometimes when others perceive you’ve made one). I find I have to do it all too often, and it is all too rare that I see others do so.
@ Sir Gill Bates,
“Whatever happened to ‘Don’t do the crime if you can’t do the time’.”
You know, one man’s crime can be considered another man’s
patriotic act. It depends on your perspective. Not that I condone ANY of it.
aka Christian,
Thanks, that was appreciated. Yes, I sure have made more than my fair share of bubble headed blunders. I’ve found that the best solution is to pull my foot out of my mouth, admit my foolishness and move on.
It would be nice if I never repeated my mistakes, but I guess if I’m not going to keep my big yap shut it’s bound to happen again. Again, thanks for bearing with me.
Thanks Sir Gill. I appreciate that some people do find this funny but it tends to be a very sore point for me. I think that what you said shows how appaling the situation is:
“I guess if anyone should be behind bars, it should be the person who has spit on our Constitution and created this whole situation. But that will never happen.”
I cheerfuly disagree with you. I hope it does happen. I hope that there are enough decent Americans left to take a stand and get this war criminal, this terrorist Bush where he belongs…to the Hague, so that he can face charges on crimes against humanity, with fair due process something that civilized nations not only aim for but reach.
Then if found guilty, and only if found guilty he should be put away for a long long long time.
And yes, I do find the majority of yours posts quite engaging.