On TV.com: Why Is Everyone in TV High School SO OLD

BNET Business Network:: BNET; TechRepublic; ZDNet

Zero Day

Ryan Naraine and Dancho Danchev

Get Zero Day via:: Mobile; RSS; Email Alerts
Bios:: Ryan’s Bio; Dancho’s Bio

May 13th, 2009

Apple snags ex-OLPC security chief

Posted by Ryan Naraine @ 10:33 am

Categories: Anti Virus, Apple, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Hackers, Hirings and firings, Open source, Punditocracy, Research, Uncategorized, iPhone

Tags: Join, Apple Inc., Security, Ryan Naraine

Former director of security architecture at One Laptop per Child (OLPC) Ivan Krstic has joined Apple to help thwart hacker attacks against the Mac operating system.

Krstic, a well-respected innovator who designed the Bitfrost security specification for the OLPC initiative, joined Cupertino this week and will work on core OS security. His hiring comes at a crucial time for a company that ties security to its marketing campaigns despite public knowledge that it’s rather trivial to launch exploits against the Mac.

[SEE: Inside the $100 laptop's security spec ]

Krstic sees the OLPC’s Bitfrost system as a foolproof way to defeat malware attacks so it’s a safe bet he’ll be working with Apple engineers on some form of sand-boxing of applications:

Instead of blocking specific viruses, the system (Bitfrost) sequesters every program on the computer in a separate virtual operating system, preventing any program from damaging the computer, stealing files, or spying on the user. Viruses are left isolated and impotent, unable to execute their code. “This defeats the entire purpose of writing a virus,” says Krstic.

I’ve written in detail in the past about Apple’s security-by-PR campaigns and the danger of assuming Macs are secure because hackers aren’t targeting the operating system so it comes as pleasant news that the company appears serious about hiring top talent in the security world.

[ SEE: Apple bumper patch vindicates MOAB, MOKB hackers ]

Krstic is a no-BS software engineer who has done quality work in the past and his presence at Apple will only help.

Here’s a talk that outlines Krstic’s thinking around computer security.

Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.

Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Talkback
Most Recent of 26 Talkback(s)

Thread View
Flat View

FUD?!?!: WHAT?!? You are new to computers, aren't you. Man, you shills are
getting worse. (Read the rest); Posted by: SimonUK2 Posted on: 05/18/09 You are currently: a Guest | Log in | Terms of Use

OLPC XO-2 is an Apple/Microsoft/Intel killer charbax@... | 05/13/09

Don't hold your breathe Marcos El Malo | 05/14/09

A Users Perspective Harry Bardal | 05/13/09

No need for his work at Apple..... daMan25 | 05/13/09

Could it be that Apple likes to change the game? CowLauncher | 05/13/09

Apple just invented chroot!! NonZealot | 05/13/09

How about 10 years? See this : Soulstorm | 05/14/09

Better Mouse Trap CowLauncher | 05/14/09

Innovation, stupid. Not invention. Please get it right. [nt] olePigeon | 05/14/09

@NonZealot Axsimulate | 05/15/09

Hilariousness derekcurrie | 05/15/09

WHERE DOES IT SAY THAT? SimonUK2 | 05/18/09

Well, except... zepedebo2 | 05/13/09

If this is possible, an admin would do this because why? derekcurrie | 05/15/09

FUD?!?! SimonUK2 | 05/18/09

You don't understand security, do you? The Mad Hatter | 05/13/09

What was that again? daMan25 | 05/13/09

Ignorance is Bliss in Windows World derekcurrie | 05/15/09

This flaw isn't even fixed in Windows 7. ashdude | 05/15/09

RE: Apple snags Ex-OLPC security chief t0mt0m | 05/13/09

RE: Apple snags Ex-OLPC security chief DannyO_0x98 | 05/13/09

Then why..... daMan25 | 05/14/09

I Wouldn't Have Considered It A Propos DannyO_0x98 | 05/14/09

ASAP Patches Are The Way To Go derekcurrie | 05/15/09

Hmm honeymonster | 05/17/09

"it?s rather trivial to launch exploits" derekcurrie | 05/15/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

The True Costs of Virtual Server Solutions VMware In an economic environment that is repeatedly heralding the message "do ... Download Now
Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now
Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now

Recent Entries

Blogs From Our Sponsors

Top Rated

Facebook password-reset spam is Bredolab botnet attack+46 votes
Thousands of web sites compromised, redirect to scareware+43 votes
Microsoft confirms 'detailed' Windows 7 exploit+43 votes
Firefox hit by multiple drive-by download flaws+41 votes
Which antivirus is best at removing malware?+39 votes
iHacked: jailbroken iPhones compromised, $5 ransom demanded+32 votes
New LoroBot ransomware encrypts files, demands $100 for decryption+28 votes
Mac OS X mega patch covers 58 security vulnerabilities+26 votes

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Click Here

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now
Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now

Popular Sanity Saver Videos

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More