Apple hires former Microsoft hacker to work on Mac OS X security

Kristin Paget formerly helped Microsoft save Windows Vista from being launched with vulnerabilities

Apple has quietly hired Kristin Paget, a former Microsoft security expert who worked as a hacker for the company to resolve Windows Vista vulnerabilities, to work on its Mac OS X security team.

According to her LinkedIn profile, Paget (formerly known as Chris Paget) was hired as Apple's Core OS Security Researcher in September.

Paget confirmed that she is now an Apple employee in an email to Wired, but referred all questions to Apple's public relations group, in keeping with the company's usual secrecy. An Apple spokesperson decline to comment.

Apple's decision to hire Paget indicates that the company is acting on the growing amount of Mac malware. Earlier this year, more than 600,000 Mac were reported to have been infected with a Flashback Trojan that was being installed on people's computers with the help of Java exploits. This led experts to put Apple security in the spotlight.

During her time at Microsoft, Paget had been forbidden from speaking about her role until five years after she had left the company.

So in 2011, when the five year period was up, Paget revealed at the Black Hat Las Vegas conference that Microsoft had believed its Windows Vista was secure when they had given it to her before its launch, but were forced to delay its release after Paget discovered many flaws in the operating system.

"We prevented a lot of bugs from shipping on Vista," she said. "I'm proud of the number of bugs we found and helped get fixed."

When Paget and Microsoft's team of hackers had finished solving the problems in Vista, they received humorous T-Shirts signed by Microsoft VP of Windows Development Brian Valentine that read 'I delayed Windows Vista' for their efforts.

On Twitter in July, when Paget was asked what her ideal job would be, she wrote: "Building things, ideally security focussed hardware. I've done too much breaking of things, it's time to create for a change."

Paget is widely known as an accomplished hacker, and among her accomplishments was setting up a cell phone call intervention system at hacking conference Defcon.

See also:

New 'Dockster' malware targets Apple computers

Tim Cook explains execuitve shakeup: 'It's all about collaboration'

New Mac malware stealing passwords

Watch Tim Cook's NBC interview in the UK

Tim Cook: 'We screwed up'

Tags: business issues, Mac, personnel, Apple, security, Microsoft, LinkedIn

Hackers try to blackmail plastic surgeon after stealing 500,000 patient records

READ THIS ARTICLE
MORE IN Social Networking Security
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Endpoint Management Solutions

Endpoint Security Management

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.