At [DeepSec] last year i had the pleasure of hearing Ivan Krsti? speak. While some of his arguments had (small) holes in them (which the audience were quick to pounce on), he raised the ugly fact that people like me like to ignore.. That some of us spend a lot more time thinking of elaborate ways to break stuff than we do designing less breakable stuff..

I think for most security "breakers" its an argument that sometimes hits hard, and makes you wonder if you should be refocusing your efforts..

Ivan designed the bitfrost security system for the OLPC and is/was a Harvard academic with strong ties to the Python community. (you can follow his talk schedule here).

It seems, he has just taken a position at [Apple]

We recently wrote a paper contrasting the built in memory protection mechanisms on OSX and its windows counterparts, and concluded the paper with the following lines:

"It can be postulated that OS X currently sits in an unusual niche, staying off the radar of server-attackers while below the threshold to make it an attractive target for attackers wishing to capture large volumes of desktop computers (for botnets or similar activities). Apple would be well advised to make good use of their time in this niche to learn from the mistakes made by those before them, because as their market share steadily rises, they steadily inch closer to moving out of this protected space.... .. We hope that Apple is able to make the necessary improvements before it too is forced into altering its views on generic OS protection mechanisms through the media frenzy that follows public security breaches."

It would seem like with a move like this, Apple are thinking these thoughts too..

/mh