[Infowarrior] - Apple snags ex-OLPC security chief

[Richard Forno]

Apple snags ex-OLPC security chief

Posted by Ryan Naraine @ 10:33 am

http://blogs.zdnet.com/security/?p=3358

Former director of security architecture at One Laptop per Child  
(OLPC) Ivan Krstic has joined Apple to help thwart hacker attacks  
against the Mac operating system.

Krstic, a well-respected innovator who designed the Bitfrost security  
specification for the OLPC initiative, joined Cupertino this week and  
will work on core OS security.  His hiring comes at a crucial time for  
a company that ties security to its marketing campaigns despite public  
knowledge that it’s rather trivial to launch exploits against the Mac.

Krstic sees the OLPC’s Bitfrost system as a foolproof way to defeat  
malware attacks so it’s a safe bet he’ll be working with Apple  
engineers on some form of sand-boxing of applications:

Instead of blocking specific viruses, the system (Bitfrost) sequesters  
every program on the computer in a separate virtual operating system,  
preventing any program from damaging the computer, stealing files, or  
spying on the user. Viruses are left isolated and impotent, unable to  
execute their code. “This defeats the entire purpose of writing a  
virus,” says Krstic.

I’ve written in detail in the past about Apple’s security-by-PR  
campaigns and the danger of assuming Macs are secure because hackers  
aren’t targeting the operating system so it comes as pleasant news  
that the company appears serious about hiring top talent in the  
security world.

Krstic is a no-BS software engineer who has done quality work in the  
past and his presence at Apple will only help.

Here’s a talk that outlines Krstic’s thinking around computer  
security....


http://blogs.zdnet.com/security/?p=3358