Latest in Mac os x

Image credit:

Apple lands OLPC security whiz -- more secure products on the way?


Twitter tipster Rich Mogull of TidBITS provided us with a ping pointing to ZDNet's Zero Day page, where blogger Ryan Naraine broke some good news today.

The news? The ex-director of security architecture for the One Laptop Per Child project, Ivan Krstic (at right), has gone to work for Apple. He'll be focusing his attention on core operating system security.

Krstic's innovative Bitfrost security specification, part of the overall OLPC initiative, essentially negates the effect of any virus by running every program on the computer in its own virtual operating system. By doing this, no malware can spy on user keystrokes, futz with files, or steal data.

According to a 2007 article by Naraine, Bitfrost has five primary goals, all of which are targeted at making the OLPC one of the most secure platforms available:

  • No user passwords -- the security of the device cannot depend on the user's ability to remember a password
  • No unencrypted authentication -- no cleartext passwords, no use of Ethernet MAC addresses for authentication
  • Out-of-the-box security -- The device should be secure out of the box, without the need to download security updates if at all possible
  • Limited institutional Public Key Infrastructure -- Don't rely on public keys to validate the identity of device owners
  • No permanent data loss -- Information is to be replicated to some centralized storage place so it can be recovered if the device is stolen, destroyed, or lost
While we may not know what the far-reaching implications of Krstic's work at Apple may be for a while, we can only hope that his hiring points to much more secure Apple products in the future.

From around the web

ear iconeye icontext filevr