Tom Ferris, aka "badpack3t" has been spending time looking for security holes in OS X applications. Surprise. Surprise. He found some. Things are looking good for Apple Computer. Then again, maybe they aren’t. The company yesterday reported a healthy $410m profit on revenue of $4.36 billion, the second best quarterly sales in the company’s history. Much of that was driven by the sale of a whopping 8.5 million –with an ‘M’ — iPods. That’s 61 percent more than last year! Macintosh sales are a up a bit too –4 percent, with around 1.1 million shipped in the quarter. While the company’s nearterm fiscal outlook is good, the next couple years may not be so rosy on the security front. After years as a security afterthought, Apple’s products are beginning to attract the attention of security researchers and earn the company negative press around security. Apple’s decision to move to the Intel platform and its promotion of technologies like BootCamp, which will allow machines to boot both the Windows and Mac OSs, has got enterprise malware authors going “hmmmm…”All this is just speculation, of course, but the interest of folks like Tom Ferris in Apple apps can’t be good news for the company we all love to love. Ferris is a security gadfly who’s loathed in places like Redmond and even gets a luke-warm response among his peers in the freewheeling vulnerability research community. (Judging by some conversations I had at a recent hacker conference.) Using the handle “badpack3t,” he’s discovered and promptly disclosed a number of holes in Internet Explorer and Windows XP, often in defiance of Microsoft and the software industry’s responsible disclosure policy. Lately, Ferris has turned his attention from Windows to Apple’s software, fuzzing OS X applications — basically a process of tweaking applications until you make them crash. Judging from his Web site, Security Protocols, Ferris appears to have found some stuff — mostly non-critical heap overflows in OS X, but also some holes in Apple’s Safari Web browser that Ferris claims are serious. The holes were reported at the “begginning of the year” but Ferris isn’t waiting for the patch to tell us about them. Of course, finding overflows and other security holes is nothing new – most security researchers will tell you that, of course, there are lots of holes in Apple applications, just like there are in every software application. The difference is that, up till now, nobody cared enough to look far beyond Windows. At long last, that may be changing. Microsoft security guru Stephen Toulouse recently gave Apple a tongue lashing over security. My guess is he might also have some advice for dealing with “badpack3t,” too! Security