Now You See It, Now You Don't...

Apple security, that is.

Clearly, the company's hiring of a product security manager carries a very clear "we need to improve" message, but it's clearly tied to a marketing and IP problem with its much publicized habit of losing prototype iPhones: hat tip to the New York Times and Nick Bilton.

So as far as the worrying issue of DigiNotar certificates is concerned, it seems that it's a matter of priorities, not, as Larry Seltzer pointedly suggests, a matter of the whole of Apple being on vacation and therefore unable to react. Perhaps, as Chet Wisniewski suggests, Apple believes that its users are too busy with Other Things to worry about a major digital certificate compromise. Microsoft, on the other hand, has, like Google, Mozilla et al, divested DigiNotar of its "trusted authority" status.

Apple's inconsistency in security matters remains as puzzling to me now as it was a while ago when I talked to Drew Amorosi about it (in an article now available here). Lion has certainly raised the company's game in some respects, but it can't rely on the occasional major OS upgrade or monthly patches to address topical issues like this one.

There's a lot more to keeping customers safe than trying to maintain an armoured operating system. A computer system is more than the hardware, or the OS, or the applications that run on top of it. It's the user as well, and the interconnected environment in which the computer exists. For all its faults, I sometimes think Microsoft seems to understand that better than Apple, these days...

What’s Hot on Infosecurity Magazine?