Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

8.25.2016
Mac Developer: Dangerous, targeted iPhone attack nullified by Apple with iOS 9.3.5 patch

Dangerous, targeted iPhone attack nullified by Apple with iOS 9.3.5 patch: "More details have emerged about the need for the iOS 9.3.5 patch, which looks to have terminated a trio of exploits capable of a remote jailbreak and mass exfiltration of data from a target's iPhone, including device and account passwords."

The real question is: who knew about it more than 10 days ago?

Labels:

By : Tighten Dangerous, targeted iPhone attack nullified by Apple with iOS 9.3.5 patch 0 comments

8.24.2016
Mac Developer: HTTPS and OpenVPN face new attack that can decrypt secret cookies | Ars Technica

HTTPS and OpenVPN face new attack that can decrypt secret cookies | Ars Technica: "Researchers have devised a new attack that can decrypt secret session cookies from about 1 percent of the Internet's HTTPS traffic and could affect about 600 of the Internet's most visited sites, including nasdaq.com, walmart.com, match.com, and ebay.in."

No worries, the NSA is decrypting everything anyhoo.

Labels:

By : Tighten HTTPS and OpenVPN face new attack that can decrypt secret cookies | Ars Technica 0 comments

8.23.2016
Mac Developer: Hints suggest an insider helped the NSA “Equation Group” hacking tools leak | Ars Technica

Hints suggest an insider helped the NSA “Equation Group” hacking tools leak | Ars Technica: "A group called the Shadow Brokers made headlines this month by leaking a hacking tool belonging to the NSA's Tailored Access Operations (TAO) team. Now this week, several informed sources suggest an inside source may have been involved."

Snowden, Snowden, Snowden opening the way...

Labels:

By : Tighten Hints suggest an insider helped the NSA “Equation Group” hacking tools leak | Ars Technica 0 comments

8.22.2016
Mac Developer: Shopped in an Eddie Bauer store recently? Your card's probably gone. It's just gone • The Register

Shopped in an Eddie Bauer store recently? Your card's probably gone. It's just gone • The Register: "The retailer – which sells high-end clobber for hikers or anyone who wants to pretend they're outdoorsy – said malware infected its cash registers on January 2 and the code remained undetected for at least six months. The software nasty was cleaned up on July 17."

Longing for the days of the weird, proprietary hardware-based cash registers.

Labels:

By : Tighten Shopped in an Eddie Bauer store recently? Your card's probably gone. It's just gone • The Register 0 comments

8.21.2016
Mac Developer: Snowden files confirm Shadow Brokers spilled NSA's Equation Group spy tools over the web • The Register

Snowden files confirm Shadow Brokers spilled NSA's Equation Group spy tools over the web • The Register: "Among the files leaked by whistleblower Snowden in 2013 is a draft NSA manual on how to redirect people's web browsers using a man-in-the-middle tool called SECONDDATE. This piece of software meddles with connections in real-time so targets quietly download malware from NSA-controlled servers.

Computer security - why even bother?

Labels: ,

By : Tighten Snowden files confirm Shadow Brokers spilled NSA's Equation Group spy tools over the web • The Register 0 comments

Mac Developer: How the NSA snooped on encrypted Internet traffic for a decade | Ars Technica

How the NSA snooped on encrypted Internet traffic for a decade | Ars Technica: "In a revelation that shows how the National Security Agency was able to systematically spy on many Cisco Systems customers for the better part of a decade, researchers have uncovered an attack that remotely extracts decryption keys from the company's now-decommissioned line of PIX firewalls.

AKA the Cisco shrugs series of exploits.

Labels:

By : Tighten How the NSA snooped on encrypted Internet traffic for a decade | Ars Technica 0 comments

8.18.2016
Mac Developer: Cisco confirms NSA-linked zeroday targeted its firewalls for years | Ars Technica

Cisco confirms NSA-linked zeroday targeted its firewalls for years | Ars Technica: "Cisco Systems has confirmed that recently-leaked malware tied to the National Security Agency exploited a high-severity vulnerability that had gone undetected for years in every supported version of the company's Adaptive Security Appliance firewall.

Oh, were we supposed to fix that? No biggie, just a device in every NOC in the world.

Labels:

By : Tighten Cisco confirms NSA-linked zeroday targeted its firewalls for years | Ars Technica 0 comments

8.17.2016
Mac Developer: Video of Apple's Black Hat 2016 presentation now available

Video of Apple's Black Hat 2016 presentation now available: "The full video of Apple's presentation at this year's Black Hat security conference was posted to YouTube on Tuesday, offering viewers a deep dive into iOS security mechanisms, from backbone synchronization service iCloud to new systems like HomeKit. "

Here you at.

Labels:

By : Tighten Video of Apple's Black Hat 2016 presentation now available 0 comments

8.16.2016
Mac Developer: Snowden: NSA hack is likely a warning from Russia

Snowden: NSA hack is likely a warning from Russia: "Snowden believes the hack is likely of Russian origin and intended to be a warning that “someone can prove US responsibility for any attacks that originated from this malware server.”"

We're number one! We're number one!

Labels:

By : Tighten Snowden: NSA hack is likely a warning from Russia 0 comments

Mac Developer: Group claims to hack NSA-tied hackers, posts exploits as proof | Ars Technica

Group claims to hack NSA-tied hackers, posts exploits as proof | Ars Technica: "In what security experts say is either a one-of-a-kind breach or an elaborate hoax, an anonymous group has published what it claims are sophisticated software tools belonging to an elite team of hackers tied to the US National Security Agency."

Wot

Labels: ,

By : Tighten Group claims to hack NSA-tied hackers, posts exploits as proof | Ars Technica 0 comments

8.10.2016
Mac Developer: Oops: Microsoft leaks its Golden Key, unlocking Windows Secure Boot and exposing the danger of backdoors

Oops: Microsoft leaks its Golden Key, unlocking Windows Secure Boot and exposing the danger of backdoors: "Microsoft has demonstrated why the FBI's desire for "Golden Key" backdoors allowing "good guys" to bypass security is such a bad idea: it inadvertently released its own keys to Windows tablets, phones, HoloLens and other devices using UEFI Secure Boot."

Wow. Secure boot no more.

Labels: ,

By : Tighten Oops: Microsoft leaks its Golden Key, unlocking Windows Secure Boot and exposing the danger of backdoors 0 comments

8.05.2016
Mac Developer: Three times as bad as malware: Google shines light on pay-per-install • The Register

Three times as bad as malware: Google shines light on pay-per-install • The Register: "As some point you have probably downloaded a "free" piece of software only to find it has come with a whole host of other unwanted friends that go on to redirect your browser search bar or inject ads where there weren't any before.

This is the world of pay-per-install (PPI) and Google, along with New York University and the International Computer Science Institute, spent a year digging into the little-understood market, publishing their results in a paper [PDF] this week."

The capitalists and communists agree on this one.

Labels: ,

By : Tighten Three times as bad as malware: Google shines light on pay-per-install • The Register 0 comments

8.04.2016
Mac Developer: 'ICANN's general counsel should lose his job over this' • The Register

'ICANN's general counsel should lose his job over this' • The RegisterThe extent to which ICANN manipulated its own processes to reject Dot Registry's applications and then make it impossible for the company to find out why, or to have that decision reviewed, is almost Kafkaesque.
Who is John Galt?

Labels:

By : Tighten 'ICANN's general counsel should lose his job over this' • The Register 0 comments

Mac Developer: OS X file guard tool in alpha • The Register

OS X file guard tool in alpha • The Register: "A new OS X utility called FlockFlock that monitors file-system accesses for malicious activity is available as an alpha release for experienced developers to test."

Yessssss...

Labels:

By : Tighten OS X file guard tool in alpha • The Register 0 comments

Mac Developer: Russian spies claim they can now collect crypto keys—but don’t say how | Ars Technica

Russian spies claim they can now collect crypto keys—but don’t say how | Ars Technica: "Russia's intelligence agency the FSB, successor to the KGB, has posted a notice on its website claiming that it now has the ability to collect crypto keys for Internet services that use encryption. This meets a two-week deadline given by Vladimir Putin to the FSB to develop such a capability. However, no details have been provided of how the FSB is able to do this."

Lots of clever ASM coders in Russia.

Labels: , ,

By : Tighten Russian spies claim they can now collect crypto keys—but don’t say how | Ars Technica 0 comments

Mac Developer: Oliver Stone asks moviegoers to power down phones—and leave them off | Ars Technica

Oliver Stone asks moviegoers to power down phones—and leave them off | Ars Technica: ""That's not all it does," Stone says as the background music turns darker and the camera begins rapidly jumping between angles. "It allows certain parties to track your every move every time you make a call or send a text. We are giving them access. The information you've put out into the world voluntarily is enough to burn your life to the ground. This will be our undoing.""

Can't wait for the movie.

Labels:

By : Tighten Oliver Stone asks moviegoers to power down phones—and leave them off | Ars Technica 0 comments

7.30.2016
Mac Developer: MoltenGL – Molten

MoltenGL – Molten: "On both iOS and macOS, applications and games built on OpenGL ES 2.0 can use MoltenGL to provide the additional graphic performance, debugging, and performance-tuning capabilities available through Metal, without having to abandon the familiar OpenGL ES 2.0 API, or rewrite rendering logic and shaders for a different platform."

Mostly I'm excited about this as a way to unify to OpenGLES on the desktop. Why not?

Labels:

By : Tighten MoltenGL – Molten 0 comments

Mac Developer: Google rolls out HSTS • The Register

Google rolls out HSTS • The Register: "The HSTS automatically forces browsers to upgrade insecure HTTP connections to encrypted HTTPS. Google tried rolling it out at the end of last year but faced technical issues that knocked the Chocolate Factory's Santa tracking service offline."

You will conform.

Labels:

By : Tighten Google rolls out HSTS • The Register 0 comments

7.29.2016
Mac Developer: Apple's Ivan Krstic to give 'behind the scenes' iOS security talk at Black Hat USA

Apple's Ivan Krstic to give 'behind the scenes' iOS security talk at Black Hat USA: "Ivan Krstic will explore the "cryptographic design and implementation of our novel secure synchronization fabric" as it relates to technology like HomeKit, Auto Unlock, and iCloud Keychain, according to Apple. The briefing, scheduled for Aug. 4, will also go into the Secure Enclave present on Touch ID-capable devices, and "a unique JIT hardening mechanism" intended to make Safari's JIT (Just-in-Time) compiler a harder target."

Hello kimono...

Labels:

By : Tighten Apple's Ivan Krstic to give 'behind the scenes' iOS security talk at Black Hat USA 0 comments

7.28.2016
Mac Developer: Kim Dotcom’s lawyer will also represent alleged KickassTorrents founder | Ars Technica

Kim Dotcom’s lawyer will also represent alleged KickassTorrents founder | Ars Technica: "Just over a week ago, federal authorities announced the arrest of Artem Vaulin, a Ukrainian man that they say is the mastermind of KickassTorrents (KAT), which was the world’s largest BitTorrent search site until recently.

Vaulin, 30, has retained Ira Rothken, the California lawyer who has successfully kept Kim Dotcom out of custody in New Zealand since 2012. "

Nothing succeeds like success.

Labels:

By : Tighten Kim Dotcom’s lawyer will also represent alleged KickassTorrents founder | Ars Technica 0 comments

7.26.2016
Mac Developer: New attack that cripples HTTPS crypto works on Macs, Windows, and Linux | Ars Technica

New attack that cripples HTTPS crypto works on Macs, Windows, and Linux | Ars Technica: "A key guarantee provided by HTTPS encryption is that the addresses of visited websites aren't visible to attackers who may be monitoring an end user's network traffic. Now, researchers have devised an attack that breaks this protection."

Let's get those patches out ASAP. Feel sorry for all the embedded routers that have to be flashed. Yeah, that's likely to happen...

Labels:

By : Tighten New attack that cripples HTTPS crypto works on Macs, Windows, and Linux | Ars Technica 0 comments

7.23.2016
Mac Developer: Hacker who published LA Times login credentials ordered to prison | Ars Technica

Hacker who published LA Times login credentials ordered to prison | Ars Technica: "The original headline said, "Pressure builds in House to pass tax-cut package." It was changed to "Pressure builds in House to elect CHIPPY 1337.""

If only the same rule of law were applied to the elected officials of this same nation.

Labels: ,

By : Tighten Hacker who published LA Times login credentials ordered to prison | Ars Technica 0 comments

Mac Developer: Apple's latest software updates fix flaw resembling Android Stagefright

Apple's latest software updates fix flaw resembling Android Stagefright: "Apple's recent iOS, OS X, tvOS and watchOS updates patch a previously unknown security flaw that allows the surreptitious gathering of sensitive data with a simple text message, an OS-level bug which bears a striking resemblance to last year's much derided Stagefright exploit on Google's Android platform."

How long was this baby in the wild rooting devices? Security is still hard.

Labels:

By : Tighten Apple's latest software updates fix flaw resembling Android Stagefright 0 comments

7.21.2016
Mac Developer: Critical flaw leaves all Apple devices open to password thieves

Critical flaw leaves all Apple devices open to password thieves: "Tyler Bohan, senior security researcher at Cisco Talos, has discovered a serious vulnerability in “ImageIO,” a framework built into Apple’s platforms that handle image data. Hackers are able to take advantage of this to steal passwords stored locally on your devices."

Security is still hard.

Labels:

By : Tighten Critical flaw leaves all Apple devices open to password thieves 0 comments

Mac Developer: Alleged founder of world’s largest BitTorrent distribution site arrested | Ars Technica

Alleged founder of world’s largest BitTorrent distribution site arrested | Ars Technica: "HSI and IRS looked into the historical hosting records of KAT and found that for about 3.5 years, ending in January 2016, the operation was hosted out of Chicago, Illinois, which explains why the case is now being prosecuted out of the Northern District of Illinois. The site also used a Canadian hosting service—the two American agencies also used MLAT to get an image of the Canadian server."

"Don't follow leaders, Watch the parking meters" - Bob Dylan

Labels:

By : Tighten Alleged founder of world’s largest BitTorrent distribution site arrested | Ars Technica 0 comments

7.15.2016
Mac Developer: Crypto flaw made it easy for attackers to snoop on Juniper customers | Ars Technica

Crypto flaw made it easy for attackers to snoop on Juniper customers | Ars Technica: "As if people didn't already have cause to distrust the security of Juniper products, the networking gear maker just disclosed a vulnerability that allowed attackers to eavesdrop on sensitive communications traveling through customers' virtual private networks."

Big pipe style.

Labels: ,

By : Tighten Crypto flaw made it easy for attackers to snoop on Juniper customers | Ars Technica 0 comments

7.11.2016
Mac Developer: HTTPS crypto’s days are numbered. Here’s how Google wants to save it | Ars Technica

HTTPS crypto’s days are numbered. Here’s how Google wants to save it | Ars Technica: "Like many forms of encryption in use today, HTTPS protections are on the brink of a collapse that could bring down the world as we know it. Hanging in the balance are most encrypted communications sent over the last several decades. On Thursday, Google unveiled an experiment designed to head off, or at least lessen, the catastrophe."

HTTPS is dead! Long-live HTTPS!

Labels: ,

By : Tighten HTTPS crypto’s days are numbered. Here’s how Google wants to save it | Ars Technica 0 comments

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2015
All Rights Reserved
Tighten Pro