Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

8.28.2015
Mac Developer: Google offers 'short term fix' to help ad publishers bypass Apple's iOS 9 security protocol

Google offers 'short term fix' to help ad publishers bypass Apple's iOS 9 security protocol: "The workaround was published to Google's official Ads Developer Blog in a post titled 'Handling App Transport Security in iOS 9,' a reference to Apple's upcoming privacy tool."
A backdoor in every ad-serving app.

Labels: , ,

By : Tighten Google offers 'short term fix' to help ad publishers bypass Apple's iOS 9 security protocol 0 comments

8.27.2015
Mac Developer: China sentences 14 people in plot to convert US iPhones for Chinese networks

China sentences 14 people in plot to convert US iPhones for Chinese networks
With the help of people inside Foxconn, the group managed to steal iPhone serial numbers and then hack into the certificate system to make needed changes. The altered certificates were then used to activate the American iPhones.


Once that cat gets out of the bag, there is no getting kitty back inside.

Labels: ,

By : Tighten China sentences 14 people in plot to convert US iPhones for Chinese networks 0 comments

Mac Developer: Flipboard, we hardly knew ye

I'm toying around with the idea of becoming and independent detector of malware. It's such an important field. Take Flipboard (Android) for instance. It looks to me like Flipboard "synthesized" a login to Facebook on my behalf (I was using it without a login), effectively bypassing my privacy concerns so the app (I'm certain) could harvest my address book. That was immediately followed by an attempt to manipulate my Facebook permissions to allow the Flipboard Android app to create a Like for the Flipboard Facebook page programmatically. This is all very nasty, borderline malware activity that is indicative of the desperation that technology companies experience as they take on rounds of funding where pressure to monetize overrules common sense.

Best of luck with that strategy, guys. Let's see how you keep on that growth curve if Facebook locks you out of their ecosystem.

Labels:

By : Tighten Flipboard, we hardly knew ye 0 comments

8.24.2015
Mac Developer: Mozilla unveils major changes to Firefox add-on development: Cross-browser, multi-process, and mandatory signing | VentureBeat | Dev | by Emil Protalinski

Mozilla unveils major changes to Firefox add-on development: Cross-browser, multi-process, and mandatory signing | VentureBeat | Dev | by Emil Protalinski
When Mozilla released Firefox 40 last week, the company kicked off its plan to require that all Firefox add-ons are certified, regardless of where they are hosted. Digital signing will be done through addons.mozilla.org.


Hmmm.

Labels:

By : Tighten Mozilla unveils major changes to Firefox add-on development: Cross-browser, multi-process, and mandatory signing | VentureBeat | Dev | by Emil Protalinski 0 comments

8.23.2015
Mac Developer: Blackphone 2 from Silent Circle will test whether security is a priority for smartphone buyers | VentureBeat | Mobile | by Chris O'Brien

Blackphone 2 from Silent Circle will test whether security is a priority for smartphone buyers | VentureBeat | Mobile | by Chris O'Brien
... release in September the Blackphone 2, an Android-based smartphone that is optimized to protect security and privacy so that none of your data can be discovered or used by a third-party.


It's that phone.

Labels:

By : Tighten Blackphone 2 from Silent Circle will test whether security is a priority for smartphone buyers | VentureBeat | Mobile | by Chris O'Brien 0 comments

8.17.2015
Mac Developer: New privilege escalation exploit discovered in OS X Yosemite, also affects just-released 10.10.5

New privilege escalation exploit discovered in OS X Yosemite, also affects just-released 10.10.5: "The exploit was discovered by Italian developer Luca Todesco, who relies on a combination of attacks — including a null pointer dereference in OS X's IOKit — to drop a proof-of-concept payload into a root shell. It affects every version of OS X Yosemite"
Almost as if someone wants them to find the vulnerabilities. I mean, OSX is hardly a target for hackers. So many bigger fish to fry.

Labels:

By : Tighten New privilege escalation exploit discovered in OS X Yosemite, also affects just-released 10.10.5 0 comments

8.15.2015
Mac Developer: Google's initial Android Stagefright patch inadequate, forced to issue second fix

Google's initial Android Stagefright patch inadequate, forced to issue second fix: "The first software patch designed to mitigate the high-profile Stagefright vulnerability in Google's Android mobile operating system was insufficient, one security researcher discovered, leading to the issuance of yet another update."
Security is unbelievably difficult when the OS foundation is based on Unix and C. Maybe a new operating system is in order. I've long believed that the crown jewels of Blackberry was QNX.

Labels: ,

By : Tighten Google's initial Android Stagefright patch inadequate, forced to issue second fix 0 comments

Mac Developer: The parfait approach to cyber defense: It's all about the layers | VentureBeat | Security | by Israel Levy, Bufferzone

The parfait approach to cyber defense: It's all about the layers | VentureBeat | Security | by Israel Levy, Bufferzone: "And as security consulting firm Security Compass wrote in early 2014, for all of its advantages, HTML5 isn’t bulletproof and shouldn’t be viewed as such: ‘HTML5 applications regardless of deployment can still be plagued with the same vulnerabilities as web applications (SQL injection, cross-site scripting, weak encryption, business logic attacks, etc.).’"
The secure web browser of the future will have no JavaScript and no Flash. I use Little Snitch extensively and it's amazing how many web pages (read: advertisements) open raw socket connections to remote servers.

Labels:

By : Tighten The parfait approach to cyber defense: It's all about the layers | VentureBeat | Security | by Israel Levy, Bufferzone 0 comments

Mac Developer: Kaspersky ex-employees say Russian antivirus firm faked malware to harm rivals | VentureBeat | Security | by Reuters

Kaspersky ex-employees say Russian antivirus firm faked malware to harm rivals | VentureBeat | Security | by Reuters: "SAN FRANCISCO (Reuters, Joseph Menn) – Beginning more than a decade ago, one of the largest security companies in the world, Moscow-based Kaspersky Lab, tried to damage rivals in the marketplace by tricking their antivirus software programs into classifying benign files as malicious, according to two former employees.
The heat is on.

Labels: , ,

By : Tighten Kaspersky ex-employees say Russian antivirus firm faked malware to harm rivals | VentureBeat | Security | by Reuters 0 comments

8.12.2015
Mac Developer: Lenovo once again reminds everyone why it's better to get a Mac

Lenovo once again reminds everyone why it's better to get a Mac: "Back in February Windows PC manufacturer Lenovo was caught injecting Superfish adware onto some of their laptops, not only exploiting their own customers but leaving those customers open to man-in-the-middle attacks. Now they've been charged with using something akin to a rootkit to make sure their own customers can't cleanly reinstall Windows, not without Lenovo re-intalling updaters, app installers, and system data collectors as well. And yes, this Lenovo hack was also potentially exploitable by malware. "
When shopping for that new PC to run Windows 10 for your WinObjC project, do yourself a favor and get a Dell or use a Mac with bootcamp. I found the Windows 8 to Windows 10 transition on the Dell totally painless. I upgrade the chap to a SSD, used Windows 8 Media Creation to burn an ISO and am now up and running on Windows 10 with VS Community 2015.

I'm totally intrigued by the new HyperV malware protection in Windows and may switch to such a laptop for all my internet related work in the immediate future.

Labels: ,

By : Tighten Lenovo once again reminds everyone why it's better to get a Mac 0 comments

8.11.2015
Mac Developer: Practical Windows Code and Driver Signing

Practical Windows Code and Driver Signing: "A lot of this information can be verified in official Microsoft documentation found on MSDN, and I will try to cite the official documentation when needed. The authoritative documents on kernel-mode code signing are kmsigning.doc and KMCS_walkthrough.doc. These are pretty good resources, but they are from 2007 and thus contain no information about Windows 7, Windows 8, or SHA-2. Also, their scope is more limited than the scope of this document because they don't talk about signing executables. Therefore, a lot of the things I say here are actually conclusions that I have drawn from my own experiments. When I am telling you something that I determined experimentally, I will use phrases like 'it seems like' or 'in my experience'. When my experiments contradict the official documentation I will say so."
Terrific guide to code signing in Windows environment. Better bone up because WinObjC is here and works great.

Labels: ,

By : Tighten Practical Windows Code and Driver Signing 0 comments

Mac Developer: Windows 10 Device Guard: Microsoft's effort to keep malware off PCs • The Register

Windows 10 Device Guard: Microsoft's effort to keep malware off PCs • The Register: "If the Windows 10 kernel, which has control over the PC, is compromised, Device Guard will remain fire-walled off, and cannot be subverted into allowing unauthorized code to run. A hypervisor running beneath the kernel and Device Guard enforces this.
Some interesting developments here.

Labels: , ,

By : Tighten Windows 10 Device Guard: Microsoft's effort to keep malware off PCs • The Register 0 comments

8.07.2015
Mac Developer: Apple fans can't tell the difference between iOS and Android - Business Insider

Apple fans can't tell the difference between iOS and Android - Business Insider: "Two pranksters from the Netherlands, Alexander Spoor and Sacha Harland, handed an iPhone running Android to several iPhone users and told them it was running iOS 9. "
The real question here is: who has the time for this kind of hacking?

Labels:

By : Tighten Apple fans can't tell the difference between iOS and Android - Business Insider 0 comments

8.03.2015
Mac Developer: Security researchers build on PC vulnerabilities to create first firmware-based Mac worm

Security researchers build on PC vulnerabilities to create first firmware-based Mac worm: "Firmware attacks are possible because many computer manufacturers put few safeguards in place to prevent malicious updates or changes, leaving many computers vulnerable. According to Wired, Apple could have put protections in place to prevent at least one type of attack discovered by the research group, but apparently elected not to."
More O Daeng!

Labels: ,

By : Tighten Security researchers build on PC vulnerabilities to create first firmware-based Mac worm 0 comments

8.02.2015
Mac Developer: The iOS 8.4 jailbreak app is now available on Mac

The iOS 8.4 jailbreak app is now available on Mac
Do not pass go, do not collect $200.

Labels:

By : Tighten The iOS 8.4 jailbreak app is now available on Mac 0 comments

7.29.2015
Mac Developer: 'Stagefright' Android Text Message Vulnerability May Affect 950M Devices | MacTrast

'Stagefright' Android Text Message Vulnerability May Affect 950M Devices | MacTrast: "A newly discovered security flaw in the Android mobile operating system has been dubbed one of the worst vulnerabilities to date. ‘Stagefright’ could affect around 950 million Android devices."
This is a real goshwhacker.

Labels:

By : Tighten 'Stagefright' Android Text Message Vulnerability May Affect 950M Devices | MacTrast 0 comments

Mac Developer: Hackers combine coded photos and Twitter to hit targets - BBC News

Hackers combine coded photos and Twitter to hit targets - BBC News: "On several occasions, the commands, encrypted by using a technique called steganography, have instructed Hammertoss to upload information from a victim's network to accounts on cloud storage services."
Quite a dance.

Labels:

By : Tighten Hackers combine coded photos and Twitter to hit targets - BBC News 0 comments

7.24.2015
Mac Developer: Hackers Remotely Kill a Jeep on the Highway—With Me in It | WIRED

Hackers Remotely Kill a Jeep on the Highway—With Me in It | WIRED: "The Jeep’s strange behavior wasn’t entirely unexpected. I’d come to St. Louis to be Miller and Valasek’s digital crash-test dummy, a willing subject on whom they could test the car-hacking research they’d been doing over the past year. "
I'd say this falls into the category of "must read"

Labels: , ,

By : Tighten Hackers Remotely Kill a Jeep on the Highway—With Me in It | WIRED 0 comments

7.13.2015
Mac Developer: It's time to uninstall Adobe's Flash from your Mac - here's how

It's time to uninstall Adobe's Flash from your Mac - here's how: "Adobe has patched more than twenty Flash vulnerabilities in the last week — some of them days after active exploits were discovered in the wild — and issued over a dozen Flash Player security advisories since the beginning of this year."
This was my basic thought in 2001. Back then it was more about open standards and accessibility.

Labels:

By : Tighten It's time to uninstall Adobe's Flash from your Mac - here's how 0 comments

7.09.2015
Mac Developer: The unbelievable true story of Farty Troll‘s struggle to release | Cult of Mac

The unbelievable true story of Farty Troll‘s struggle to release | Cult of Mac: "Scott Kurtz, artist and writer of popular webcomic PvP, and his business partner Cory Casoni decided to find out with Farty Troll, a Flappy Bird clone about propelling a flatulent, blue giant named Skull through a maze of coffee cups using nothing but his own wind. Apple repeatedly rejected the app, but after a bit of straining and a lot of effort, it has finally come out."
The curious case of Farty Troll.

Labels:

By : Tighten The unbelievable true story of Farty Troll‘s struggle to release | Cult of Mac 0 comments

7.07.2015
Mac Developer: Hacking Team, the company that sells snooping software to governments, gets hacked | VentureBeat | Security | by Paul Sawers

Hacking Team, the company that sells snooping software to governments, gets hacked | VentureBeat | Security | by Paul Sawers: "Based out of Milan, Italy, Hacking Team has been known for a while, but it hit the headlines last year after security experts revealed the extent to which its software gives law enforcement and intelligence agencies remote access to mobile operating systems. It lets them access texts, phone calls, location data, and other forms of digital communications."
I guess, "Physician, heal thyself!"

Labels:

By : Tighten Hacking Team, the company that sells snooping software to governments, gets hacked | VentureBeat | Security | by Paul Sawers 0 comments

7.04.2015
Mac Developer: This might be our first look at BlackBerry’s Android smartphone (Update) | 9to5Google

This might be our first look at BlackBerry’s Android smartphone (Update) | 9to5Google: "Evan Blass just can’t stop. Earlier today he came out on Twitter to say that BlackBerry’s Android-powered ‘Venice’ smartphone is on its way to AT&T, and now he has shared an image of what looks to be some kind of BlackBerry device running Google’s mobile operating system."
A novel approach might be to run Android as a subsystem under QNX, and keep the highly secure Blackberry mail running in the better (ie. QNX) OS.

Labels:

By : Tighten This might be our first look at BlackBerry’s Android smartphone (Update) | 9to5Google 0 comments

6.29.2015
Mac Developer: Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks | Ars Technica

Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks | Ars Technica: "in 2011 Duqu 1.0 attackers compromised computers at NetLock, a Hungarian certificate authority. That hack allowed them to sign their wares with digital stamps trusted by Windows machines."
Fascinating tale. Or "How I learned to stop worrying and love the Nation-state sponsored cyberwars."

Labels: , ,

By : Tighten Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks | Ars Technica 0 comments

6.25.2015
Mac Developer: NSA, GCHQ hacked Kaspersky, other cybersecurity companies – Snowden docs - YouTube

NSA, GCHQ hacked Kaspersky, other cybersecurity companies – Snowden docs - YouTube: "Published on Jun 23, 2015 US and British spy agencies worked to reverse-engineer antivirus software in order to 'exploit such software and to prevent detection of our activities.' Russian security firm Kaspersky Lab was particularly targeted."
Saw this on RT. Nothing in the Western press about it, which I think is very interesting.

Labels: ,

By : Tighten NSA, GCHQ hacked Kaspersky, other cybersecurity companies – Snowden docs - YouTube 0 comments

Mac Developer: Some T-Mobile iPhone users suffering from random restarts, 'blue screen of death' | iMore

Some T-Mobile iPhone users suffering from random restarts, 'blue screen of death' | iMore: "If you're encountering random reboots on your T-Mobile iPhone, you're not the only one. Several users on social media are reporting that iPhones on the Uncarrier are flashing blue for a second, and randomly rebooting every 20 to 30 minutes."
Is this why there are no more Mac vs. PC ads? Let us use the billions to crush PCs once and for all! Mac! Mac! Mac!

Labels:

By : Tighten Some T-Mobile iPhone users suffering from random restarts, 'blue screen of death' | iMore 0 comments

6.24.2015
Mac Developer: XARA, deconstructed: An in-depth look at OS X and iOS cross-app resource attacks | iMore

XARA, deconstructed: An in-depth look at OS X and iOS cross-app resource attacks | iMore: "This week, security researchers from Indiana University released details of four security vulnerabilities they discovered in Mac OS X and iOS. The researchers detailed their discoveries of what they call 'cross-app resource attacks' (referred to as XARA) in a whitepaper released Wednesday. Unfortunately, there has been a lot of confusion surrounding their research."
A little more about XARA which I think is quite serious on OSX.

Labels:

By : Tighten XARA, deconstructed: An in-depth look at OS X and iOS cross-app resource attacks | iMore 0 comments

6.23.2015
Mac Developer: Popcorn Time for iOS passes 1 million downloads on non-jailbroken devices | VentureBeat | Media | by Emil Protalinski

Popcorn Time for iOS passes 1 million downloads on non-jailbroken devices | VentureBeat | Media | by Emil Protalinski: "Because sideloading apps onto iOS was not achievable without jailbreaking your device, until now, the Popcorn Time group is ecstatic at having reached this milestone. It shows that iOS users are not just very interested in a Popcorn Time app for iOS, but they are eager to try an alternative to jailbreaking in order to get apps that Apple doesn’t approve of."
Don't fret. This is probably a good thing at this point in the evolution of the OS.

Labels:

By : Tighten Popcorn Time for iOS passes 1 million downloads on non-jailbroken devices | VentureBeat | Media | by Emil Protalinski 0 comments

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2015
All Rights Reserved
Tighten Pro