On Jul 24, 2013, at 10:17 AM, Bob Sabiston <[email protected]> wrote:
> OK I don't want to get in some flame war with people that are going to attack
> me and say Apple is in the right. I am just surprised it's taking so long
> for one of the biggest companies in the world to get this site back up. This
> is not "soon" by any stretch of the word.
This is just a guess… :)
When an organization has been penetrated, there is often an extensive downtime
for a couple of reasons. First there is the lockdown, where evidence is
collected for several reasons (determine what has been compromised, determine
how they got in, and build a potential legal case). Then there is the detailed
analysis of how the penetration occurred. Apple has almost certainly hired
forensic specialists, and they can often set the pace for when Apple comes back
online. Frequently (almost always) an organization doesn't collect enough logs
to make penetration analysis easy (see example below). Also, if this admitted
"security specialist" got in, Apple and the forensics team may have found a
number of other hackers have penetrated the site and were just much quieter
about it (the "Advanced Persistent Threats"). Finally they have to go through
the re-build period.
Rebuilding complex web sites can be very difficult. IMHO, Apple really needed a
major rebuild of their site anyways. It always felt like a hodgepodge of sites
built up over the last dozen years. (e.g., some of the web pages still had the
horrendous Mac OS 10.1 background pattern).
Regarding penetration analysis, you would think the DOD and Intelligence
Community would be the gold standard for log collection and analysis. It turns
out they are terrible.
I made this little video over the weekend for another discussion. It shows what
you can do with Apple's BSM audit trails, and it points out that using the
government's recommended configuration for BSM, you cannot do any of these
analyses. So sad. :(
Should you be leveraging Apple's BSM audit system?
http://www.netsq.com/Podcasts/Data/2013/AuditIntro/
Todd
_______________________________________________
Cocoa-dev mailing list ([email protected])
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to [email protected]
