Full Report
At [DeepSec] last year i had the pleasure of hearing Ivan Krsti? speak. While some of his arguments had (small) holes in them (which the audience were quick to pounce on), he raised the ugly fact that people like me like to ignore.. That some of us spend a lot more time thinking of elaborate ways to break stuff than we do designing less breakable stuff.. I think for most security “breakers” its an argument that sometimes hits hard, and makes you wonder if you should be refocusing your efforts..
Analysis Summary
# Main Topic
The primary discussion revolves around the philosophical tension within the security community where security "breakers" (pentesters/exploit developers) potentially dedicate more effort to finding ways to circumvent security measures than the effort dedicated by designers to creating robust, less breakable systems. This observation was highlighted by Ivan Krstić and is framed in the context of Apple potentially improving its security posture following similar academic observations regarding the relative obscurity of OS X/macOS as a desktop target pool.
## Key Points
- A core conflict exists where vulnerability research (breaking) often outpaces defensive design improvements.
- The observation suggests a potential need for security professionals to refocus efforts toward designing more resilient systems rather than solely focusing on exploitation techniques.
- The context implies that Apple, moving into a larger desktop market share, needs to proactively address inherent OS protection mechanisms to avoid security pitfalls encountered by other major operating systems before they become unavoidable targets.
## Threat Actors
- **General Security "Breakers":** Individuals who spend significant time developing methods to bypass existing security controls.
- **No Specific Malicious Threat Actor/Group:** The article does not detail a specific cyberattack, TTPs, or IoCs related to an active adversary. The focus is metacritical of the security industry's effort allocation.
## TTPs
- **N/A:** No specific offensive or defensive TTPs related to an attack are detailed. The discussion is purely conceptual regarding the effort balance between Offensive Security (breaking) and Defensive Engineering (designing).
## Affected Systems
- **OS X/macOS:** Mentioned specifically in the context of its current market position and the need for improvements in its built-in memory protection mechanisms as its market share grows.
- **Desktop Computers:** General category mentioned in relation to being targets for large-scale compromise (e.g., botnets).
## Mitigations
- **Refocus Defensive Efforts:** Security professionals should allocate more time to designing inherently less breakable systems rather than exclusively focusing on elaborate exploitation methods.
- **Proactive Security Improvement:** Apple (and similar rising platforms) is advised to leverage their current market niche to implement necessary improvements to generic OS protection mechanisms before market forces mandate reactive security changes following public breaches.
## Conclusion
The intelligence summary highlights a critical, introspective observation regarding resource allocation in the security field—the imbalance favoring attack discovery over proactive, resilient design. For platform owners like Apple, the implied recommendation is to urgently mature general OS protection mechanisms to prepare for inevitable increased targeting as market share expands.