Some of you may have heard of Marcus Ranum, a top flight security guy currently working at Tenable Security, developers/underwriters of Nessus amongst other tools. Recently someone forwarded me a link to a web-page Marcus wrote a few years ago called The Six Dumbest Ideas in Computer Security. I invite you to take a moment and read it now before proceeding on to my comments on how his observations apply to Apple Computer's iPhone platform.

Although, with the rise of in popularity of the Mac, the number of hackers pursuing the OS/X platform and finding many security holes, these same hackers mostly agree that the iPhone platform on the other hand is one of the most secure environments. As a matter of fact, one of the reasons Apple has consistently given for the absence of a number of "features" on the iPhone, features as fundamental as cut-and-paste, is that resolving the security issues surrounding inter-application communications is so difficult. So guess what, Apple for once did not fall prey to what Marcus calls the single dumbest idea in computer security, the "Default Allow" rule.

Now let's hope that these new features have been implemented in a fashion still consistent with this mantra and furthermore that some of these lessons learned will start to show up in Snow Leopard later this year.