Apple hires former Windows hacker to work on core security

Apple hires former Windows hacker to work on core security

Summary: In a nod to the importance of security in Apple's future, the company has hired a noted former Microsoft security expert to be part of its security team.

Apple hires Windows Hacker away from Microsoft - Jason O'Grady

According to Wired, Apple has hired Kristin Paget, a former independent contractor at Microsoft, to be part of Apple's security team.

Just over five years ago, she was part of a small team of elite hackers brought in by Microsoft to lock down Windows Vista.

Her LinkedIn profile now displays her job title as "Core OS Security Researcher at Apple."

Paget, who used to go by the name Chris, has lots of experience in the field. 

While mostly under non-disclosure agreements ("NDA," for obvious reasons) she spoke about her Windows Vista hacking at Black Hat 2011 in Las Vegas when the agreement expired:

“We prevented a lot of bugs from shipping on Vista,” Paget said, according to a recording of her talk. “I’m proud of the number of bugs we found and helped get fixed.”

In fact, she was so successful in her Windows bug tracking that she actually caused Vista's release to be delayed. She even received a special t-shirt signed by Microsoft Vice President of Windows Development Brian Valentine that read "I delayed Windows Vista."

Apple's days of security by obscurity days are clearly over. In April it was revealed over 600,000 Macs were infected with malware. Apple added malware protection to OS X 10.6 Snow Leopard starting in 2009 and Paget's hiring is a great sign that the company is taking security seriously.

Topics: Apple, Microsoft, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
    • Are you for real?

      Earlier today you wrote "kudos to Microsoft" - for fixing CRITICAL security issues in Windows, your beloved platform... The fact is; EVERY platform probably has minor or major security issues or flaws.

      "You just can't make these kind of people up"
      • If Apple was serious about security

        They would have made Charlie Miller the head of security instead of turfing him when he showed proof of concept and wrote malware which made it into the appstore and survived for weeks until he let everyone know it was malware.
        Charlie Miller has also won pwn2own comps.
        That's the calibre of people you want if you are really serious.
        Not someone whose claim to fame is patching Windows Vista.
  • How dumb can your articles be?

    So Apple hires 1 person from Microsoft and you summarize "Apple's days of security by obscurity days are clearly over". Wow.

    This is about as dumb as your Surface post stating you returned it because of the corners and the fact that it takes 1 second to flip from portrait to landscape.

    Go back to your Angry Birds game on your iWhatever and let people who know about computing write about it..
    • Have you ever used a Surface?


      My Surface took almost _four_ seconds to switch from portrait to landscape mode. How long does yours take? Also, apps and the OS were _horribly_ slow, bordering on unusable. How fast is it for you? Have you used mail for any length of time? How was it? Have you ever even used a Surface? Where's your review?

      Please don't cherry pick points out of a previous post that suit your argument without addressing all of the points that I made. Either back up your comments with facts and objective criticism (like "I love the sharp edges!") or identify yourself as a M$ troll/shill with an axe to grind.

      Also, keep your childish invective for the schoolyard or _your_ office, the professional audience here doesn't care for it. Plus it makes you look unprofessional.


      - Jason
      (I'll let the commenters vote/flag as they see fit)
      Jason D. O'Grady
      • I prefer a little lag in the screen following my movements.

        It is a complaint I have with my iPhone. When I am trying to show someone something on my iPhone, or tilting the phone slighty to remove a reflection blocking my view, a rapid screen flip is exceedingly frustrating. I'd prefer a bit of lag so I don't end up chasing the view just because I tilted the device a bit. 4 seconds lag ... not so much but 1 to 2 seconds would be ideal for me.
        • The iPhone works perfect for me.

          The iPhone works great as it is. I would definitely not want any lag.
      • I use my Surface daily..

        No lag, no performance issues at all as a matter of fact.

        I have used the mail app and I don't like it, I would prefer a version of Outlook on the device, and perhaps that may come. The music app also sucks, but I've downloaded a better one from the store for free.

        The app argument seems to be the go to card for iFans. I am not lacking for any capabilities as far as apps. I would like to see the Alaska Airlines app in the store, but other than that, I can work and play on my surface which is a lot more than I can say for my old iPad 2 which I ditched on E-Bay.

        As for being professional, I couldn't care less what others here think. This site USED to have good, technical writing, but not any more (with a few exceptions like Mary Jo, Ed Bott and the Storage writer who's name escapes me). This is the National Enquirer for tech stories now, so the fact that you can't take a little criticism for your stretching of facts ("Apple's days of security by obscurity days are clearly over") without backing it up with any sort of facts or examples, should be highlighted as you are a journalist.


        I'm not an MS shill at all since I hate a lot of things that they do as well, I just hate Apple more :-)

        Enjoy your weekend!

        • You've misunderstood the article..

          The article says, quite clearly, that:
          "Apple's days of security by obscurity days are clearly over. In April it was revealed over 600,000 Macs were infected with malware."

          That is, O'Grady is saying that _while_ in the past it had been possible for Apple to get away with "security by obscurity" _now_ those days have gone. Apple must _now_ take security issues seriously. O'Grady backed up this claim by noting that "600,000 Macs were infected with malware" earlier this year.

          Nowhere did O'Grady write that Apple's employment of "1 person from Microsoft"
          would fix all OS X security issues: on the contrary, O'Grady wrote that Apple's employment of Paget was "a great sign that the company is taking security seriously." Nothing more.

          You clearly misread what was written as: "Apple used be able to rely on security by obscurity; but now that Apple has employed Paget, most of Apple's security problems have been solved." This bears no similarity to what the author wrote!

          Given that _your_ criticisms were a consequence of _your_ comprehension problems, you really ought to have apologised to O'Grady. Instead, you seem to be standing by your comprehension problem and attacking the bloke. Weird.
          • Totally Agree

            Totally agree but on the off topic, why da hell do you use _ insted of blank spaces? -_-
          • Underscores

            I've noticed that that the tagging on ZDnet seems to be on the blink, so I was using underscores for emphasis, where I'd normally use italics.

            Perhaps the tag problems have been fixed. Here goes. [i]Have[/i] they?
          • (Off topic) Why has ZDnet disabled mark-up tags?

            As I mentioned in my reply to DannyGM, ZDnet no longer supports the brief mark-up tags, such as [i]italics[/i] and [b]bold[/b]. Does anyone know the reason for this change?

            Perhaps ZDnet now supports standard HTML tags, such as italics and bold: I'll have to post this to tell.

            I have wondered whether this was a Mac/Safari rendering problem, but I get the same results in Mac Safari, Chrome and Firefox, so it seems as though the changes were made at the server end.
        • App count

          is over-rated. Surface RT is a good start for MS. It's a gen 1 product with a few flaws. If you're crying over the Mail app you shouldn't worry that can be fixed. The hardware is sound and Windows 8 is amazing with a touch device. I personally enjoy Xbox Music with its vast library and simple interface.

          As for security the hire by Apple is a good move. They need to focus on their response times and find issues before they occur.

        • If you don't care what the rest of us think....

          And hate the site as well, why are you here? Obviou$ troll is trolling.
      • Thankyou Jason

        It is about time someone from ZDNet "got-up" these moronic trollers! You get my vote.
      • as soon as you said M$ troll, you lost my vote

        As a blogger you should take every criticism sportively. Now that's childish. I come to your blogs to read about Apple, probably I shouldn't read yours too. With this response you proved to be you are not better than troll blogger SJVN, who has no clue about Windows, OSX, and Linux too.
        Ram U
        • As a technology blogger you should not have reffered

          Microsoft as M$, otherwise there is no difference between you and shellcoder_codes and other trolls.
          Ram U
          • That word...

            Why does everyone throw the word "troll" around loosely? The word is meant for individuals who posts inflammatory, extraneous, or off-topic messages with the primary intent of provoking readers. Plus, the word is usually used by incompetent teenagers who believing everything is of a joking matter. Use of the word is degrading to you as a human and should really stick it its birth place, 4chan. Seeing that Jason has used this word, I believe an "incompetent teenager" fits his profile.
            Jackie McGlone
          • Wait,

            she worked on Vista. Not 7. Wasn't the final Vista build abandoned because it was utterly buggy and all? How is that an indication that she's going to be a good bet for Apple's security issues? Just a thought.
      • Youand omdguy both make valid points

        Just because one points out issues in a platform doesn't mean one is a "fanboy" for any other competing platform by default...
      • Was not expecting that...

        Well Jason, I was not really expecting that from an employee of zdnet. Not only is your comment rude, but it is also very unprofessional. You start your comment of with "My Surface took almost _four_ seconds", which makes me think you care more about how "omdguy" made fun of your big boy toy, rather than your article. If I was your employer, I would have fired you for making such a rude comment to one of your readers. He may have started it, but doesn't mean you have to be such a child about it. Feels as if we're back in kindergarten again, where children fight over who has the better toy.

        If you're still reading Jason, I'm proud of you. Surprised you haven't just puled a childish act and order a deletion of my comment. Good job Jason, I'm very proud of you. Now, it is time for me to make a comment upon your article.

        Your article speaks of how Apple has hired a new employee who happen to be apart of Microsoft's security team and was the one who worked with Windows Vista. I'd love to point out that Windows Vista was the worst operating system to be made by Microsoft. Not only did people hate Windows Vista, some took it to a whole new level where they'd switch to Apple or downgrade back to Windows XP. From my point of view, might not have been a great idea to hire anyone that worked on the Vista project. Just shows that Apple is wiling to do anything to get their security up.

        You also say "Apple's days of security by obscurity days are clearly over." But Jason! What happened five years ago when every single Apple fan was bragged that Apple products could never get a virus? Even Apple advertised that Apple products could not get any viruses. All of a sudden in 2008 Macintosh gets hit with a single worm (Leap-A worm) and every owner of a Macintosh is like "oh my god". During that time, every fan of Windows and Linux was laughing harder than ever before. I have to say myself, it was really great.

        If we skip to mid 2012, there is another huge Macintosh virus pandemic where over 600,000 Macintosh computers were effected. The CEO of Kaspersky said that Apple is 10 years behind Microsoft in security during that huge pandemic. You better bet that Apple is going to hire an individual from Microsoft's security team, they're desperate to catch up with Microsoft in the security field.

        You might come back with "Windows is way worse than that", you must be very ignorant if you're thinking that. Microsoft controls over 80% of the market share, of course malware creators are going to after the biggest fish. Now that Apple products are becoming more popular, more and more viruses are going to appear in the coming years.

        Point being Jason, you and every Apple fan will never be able to say that Apple product's can't get viruses again. It is a game of cat and mouse, you better get use to it and strap in your seat belt for the next few years. Just remember, you can never be prepared when it comes to computer viruses.
        Jackie McGlone