• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: dev site down time is ridiculous
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dev site down time is ridiculous

  • Subject: Re: dev site down time is ridiculous
  • From: Todd Heberlein <email@hidden>
  • Date: Wed, 24 Jul 2013 10:53:31 -0700
On Jul 24, 2013, at 10:17 AM, Bob Sabiston <email@hidden> wrote:

> OK I don't want to get in some flame war with people that are going to attack me and say Apple is in the right.  I am just surprised it's taking so long for one of the biggest companies in the world to get this site back up.  This is not "soon" by any stretch of the word.

This is just a guess… :)

When an organization has been penetrated, there is often an extensive downtime for a couple of reasons. First there is the lockdown, where evidence is collected for several reasons (determine what has been compromised, determine how they got in, and build a potential legal case). Then there is the detailed analysis of how the penetration occurred. Apple has almost certainly hired forensic specialists, and they can often set the pace for when Apple comes back online. Frequently (almost always) an organization doesn't collect enough logs to make penetration analysis easy (see example below). Also, if this admitted "security specialist" got in, Apple and the forensics team may have found a number of other hackers have penetrated the site and were just much quieter about it (the "Advanced Persistent Threats"). Finally they have to go through the re-build period.

Rebuilding complex web sites can be very difficult. IMHO, Apple really needed a major rebuild of their site anyways. It always felt like a hodgepodge of sites built up over the last dozen years. (e.g., some of the web pages still had the horrendous Mac OS 10.1 background pattern).


Regarding penetration analysis, you would think the DOD and Intelligence Community would be the gold standard for log collection and analysis. It turns out they are terrible.

I made this little video over the weekend for another discussion. It shows what you can do with Apple's BSM audit trails, and it points out that using the government's recommended configuration for BSM, you cannot do any of these analyses. So sad. :(

	Should you be leveraging Apple's BSM audit system?
	http://www.netsq.com/Podcasts/Data/2013/AuditIntro/

Todd

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >dev site down time is ridiculous (From: Bob Sabiston <email@hidden>)
 >Re: dev site down time is ridiculous (From: Bob Sabiston <email@hidden>)

  • Prev by Date: Re: dev site down time is ridiculous
  • Next by Date: Re: view based NSTable View - button not firing
  • Previous by thread: Re: dev site down time is ridiculous
  • Next by thread: Re: dev site down time is ridiculous
  • Index(es):
    • Date
    • Thread