Connecting to LinkedIn...



Apple Should Be More Transparent About Security

3/09/2014 by


It seems that Apple has gotten embroiled in a security scandal of one sort or another every few months.

It dodged Heartbleed but was hit by the very embarrassing ‘goto fail’ bug. It was called out for not adequately documenting the uses of diagnostic tools that could have been used to collect data from user devices. Late last year researchers showed off a method for siphoning data via the charging port of iOS devices. A year ago a researcher went public with a method for accessing Apple IDs of developers after he says he got no response from Apple. And then there was this week’s celebrity photo hack, which may have been able to be prevented by making iCloud backups more secure.

In each of these cases, Apple fixed vulnerabilities, released support notes or patched bugs. But in almost all cases, and many others over the years, the company was as opaque as possible about explaining the details of security issues, reluctant to admit to them publicly and very unresponsive to independent security researchers. That leads to misunderstandings and FUD about the extent of the problems and the risks involved for users.

This needs to change or it will continue to happen.

Apple as a company has shown to have deep concern for the privacy of its users. It very frequently goes against common business wisdom to protect user information from third parties. One example of this is Apple refusing to share subscriber info with the publishers of iPad magazines. Apple sources, including both past and present employees, have never shared any information with me that indicates that Apple is interested in anything less than complete user privacy.

But though the company appears on many levels to have the best interests of users at heart, it does not appear to be expending the same kind of deep, detail-oriented effort on security as it is famous for in many other product areas. Apple will obsess over the degree of chamfer on a button, but somehow shoots itself in the foot with silly security mistakes over and over again.

This article has been extracted from, please click on this link to read the article in full

Montash is a multi-award winning, global technology recruitment firm. Specialising in permanent and contract positions across mid-senior appointments which cover a wide range of industry sectors and IT functions, including:

ERP, BI & Data, Information Security, IT Architecture & Strategy, Energy Technologies, Demand IT and Business Engagement, Digital and E-commerce, Infrastructure and Service Delivery, Project and Programme Delivery.

With offices based in London, Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid-management in permanent and contract roles.

comments powered by Disqus

Social Stream

Latest News


Humans remain largest security flaw in cloud ...

2016-10-21 14:00:00 +0100

With a vast number of companies moving some, if not all, of their operations to the cloud, security continues to be of major concern. Whilst there are numerous patches and firewalls to safeguard defences, it has been highlighted that the most difficult area to protect against is human interaction. This is the view of Jamie Woodruff, a penetration tester and ethical hacker. Woodruff’s views come after he was contracted to conduct a penetration test in or...


Offshore exploration providing boost for oil ...

2016-10-19 09:00:00 +0100

The oil and gas industry has had a notoriously challenging time of late, with the prices of oil plummeting and causing many firms to tighten their belts. However, offshore exploration is providing a much-needed bright spot for the sector, with an increasing number of governments becoming more accommodating. In the past week, it has been revealed that there are big changes afoot for Brazil’s petroleum laws. Shell has already begun to move on this opportu...