Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

9.24.2016
Mac Developer: Safe browsing checks fail as 16,000 WordPress sites hacked this year • The Register

Safe browsing checks fail as 16,000 WordPress sites hacked this year • The RegisterAt least 15,769 WordPress websites - and probably more - have been compromised this year, half slipping past Google's Safe Browsing checks, says security researcher Daniel Cid.

The world's most popular content management system represented the lion's share of some 21,821 sites studied in the second 2016 Sucuri report on compromised web properties that found 3099 Joomla! sites were hacked in the same period.
Personally a fan of Blogger run by Google's noc engineers rather than limited by my ability to patch PHP, upgrade WP plug-ins and so forth.

Labels:

By : Tighten Safe browsing checks fail as 16,000 WordPress sites hacked this year • The Register 0 comments

9.23.2016
Mac Developer: Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net | Ars Technica

Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net | Ars Technica: "On Thursday morning, exactly two weeks after Krebs published his first post, he reported that a sustained attack was bombarding his site with as much as 620 gigabits per second of junk data. "

Apple and Google have much to lose if security weakness are unreported and they also have the server farms to defend this guy.

Labels:

By : Tighten Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net | Ars Technica 0 comments

Mac Developer: Yahoo confirms at least 500M accounts impacted by 2014 security breach

Yahoo confirms at least 500M accounts impacted by 2014 security breach: "Yahoo on Thursday announced that information associated with at least 500 million accounts was stolen in a security breach of its network in 2014, claiming a "state-sponsored actor" was behind the attack."

And we wanted to inform you "right away";

Labels:

By : Tighten Yahoo confirms at least 500M accounts impacted by 2014 security breach 0 comments

9.22.2016
Mac Developer: Apple buys out machine learning firm Tuplejump

Apple buys out machine learning firm Tuplejump: "Apple has bought out Tuplejump, its third machine learning acquisition in the space of a year, a report said on Thursday."

The real loss here is having a (company (named Tuplejump)).

By : Tighten Apple buys out machine learning firm Tuplejump 0 comments

Mac Developer: The arms race to protect apps from cracking | Cult of Mac

The arms race to protect apps from cracking | Cult of Mac: "App developers put a lot of time and effort into preventing their apps from being cracked or pirated. But for every coder taking a step toward making an app more secure, there’s someone on the march to crack it. The integrity of any app is subject to an ongoing arms race."

The downward spiral...

Labels:

By : Tighten The arms race to protect apps from cracking | Cult of Mac 0 comments

9.21.2016
Mac Developer: Think Your Mobile App is Hack Proof | App Developer Magazine

Think Your Mobile App is Hack Proof | App Developer Magazine: "In the worst cases, a hack exposes a company to serious risks, and the impact for businesses and users can be devastating. Imagine having your mobile health app reprogrammed to instruct you to deliver a lethal dose of medication. Or your mobile finance app draining your bank account by redirecting funds."

A zero-day exploit could ruin your whole valuation.

Labels:

By : Tighten Think Your Mobile App is Hack Proof | App Developer Magazine 0 comments

9.20.2016
Mac Developer: Professor proves NAND mirroring attack thwarts iPhone 5c security protocols

Professor proves NAND mirroring attack thwarts iPhone 5c security protocols: "A Cambridge computer scientist used $100 of hardware to clone an iPhone 5c's NAND memory chip in a successful attempt at bypassing the handset's encryption lock, seemingly proving correct theories lobbed in the aftermath of Apple's encryption fight with the FBI.

Troubling for privacy advocates.

Labels: ,

By : Tighten Professor proves NAND mirroring attack thwarts iPhone 5c security protocols 0 comments

9.18.2016
Mac Developer: Accused UK hacker to be extradited to the US to face charges | Ars Technica

Accused UK hacker to be extradited to the US to face charges | Ars Technica: "Love, 31, is alleged to have been involved in the #OpLastResort hack in 2013, which targeted the US Army, the US Federal Reserve, the FBI, NASA, and the Missile Defense Agency in retaliation over the suicide, while awaiting trial, of Aaron Swartz."

Reality.

Labels:

By : Tighten Accused UK hacker to be extradited to the US to face charges | Ars Technica 0 comments

Mac Developer: Snowden’s bias is blatant—but Gordon-Levitt makes its message powerful | Ars Technica

Snowden’s bias is blatant—but Gordon-Levitt makes its message powerful | Ars Technica: "The first major film event about Edward Snowden did not come this year thanks to Director Oliver Stone. Instead, it came in the form of Citizenfour, the deserving winner of the 2015 Academy Award for Best Documentary."

Movie.

Labels:

By : Tighten Snowden’s bias is blatant—but Gordon-Levitt makes its message powerful | Ars Technica 0 comments

9.16.2016
Mac Developer: Publishers must let online readers pay for news anonymously | Technology | The Guardian

Publishers must let online readers pay for news anonymously | Technology | The Guardian: "Online newspapers and magazines have come to depend, for their income, on a system of advertising and surveillance, which is both annoying and unjust.

Readers are rebelling by installing ad blockers, which cut into the publisher’s surveillance-based income. And in response, some sites are cutting off access to readers unless they accept being surveilled. What they ought to do instead is give us a truly anonymous way to pay."

On the mic.

Labels:

By : Tighten Publishers must let online readers pay for news anonymously | Technology | The Guardian 0 comments

Mac Developer: Swedish appeals court upholds arrest warrant for Julian Assange • The Register

Swedish appeals court upholds arrest warrant for Julian Assange • The Register: "Assange had sought to appeal the warrant for his arrest, though not the charges, as a means of achieving escape from the Ecuadorian embassy where he has been holed up now for over four years."

Sweden: modern democratic state or vassals of US foreign policy?

Labels:

By : Tighten Swedish appeals court upholds arrest warrant for Julian Assange • The Register 0 comments

9.14.2016
Mac Developer: Researcher reports XSS hole in Google France • The Register

Researcher reports XSS hole in Google France • The Register: "Security researchers have disclosed an cross-site scripting vulnerability in Google France."

The browser: ubiquitous and vulnerable always.

Labels:

By : Tighten Researcher reports XSS hole in Google France • The Register 0 comments

Mac Developer: Ted Cruz channels Senator McCarthy in wrongheaded internet power grab crusade • The Register

Ted Cruz channels Senator McCarthy in wrongheaded internet power grab crusade • The Register: "With echoes of the notorious hearings run by Senator Joseph McCarthy in the 1950s, Wednesday saw Senator Ted Cruz cajole, misrepresent and then outright threaten witnesses to a hearing he called over the important change to the internet's functioning."

One must wonder how he was elected. Maybe his pals bought him a seat in the Senate.

Labels:

By : Tighten Ted Cruz channels Senator McCarthy in wrongheaded internet power grab crusade • The Register 0 comments

9.13.2016
Mac Developer: Thousands of infected FTP servers net attackers $88k in cryptocurrency | Ars Technica

Thousands of infected FTP servers net attackers $88k in cryptocurrency | Ars Technica: "ttackers are draining the CPU and power resources of thousands file transfer protocol servers by infecting them with malware that surreptitiously mints the relatively new crypto currency called Monero, researchers said."

Cyber-mining on the frontier.

Labels:

By : Tighten Thousands of infected FTP servers net attackers $88k in cryptocurrency | Ars Technica 0 comments

9.09.2016
Mac Developer: Two critical bugs and more malicious apps make for a bad week for Android | Ars Technica

Two critical bugs and more malicious apps make for a bad week for Android | Ars Technica: "It was a bad week for millions of Android phone users. Two critical vulnerabilities were disclosed but remain unpatched in a large percentage of devices, while, separately, malicious apps were downloaded as many as 2.5 million times from Google's official Play Marketplace."

Dang kiddies, it's harsh out there. Watch your parking meters.

Labels:

By : Tighten Two critical bugs and more malicious apps make for a bad week for Android | Ars Technica 0 comments

Mac Developer: Raspberry Pi sells over 10 million computers | Ars Technica

Raspberry Pi sells over 10 million computers | Ars Technica: "Four years since it first went on sale to eager developers, the credit card-sized Raspberry Pi computer has sold an impressive 10 million units."

Essentially, this generation's Apple ][ or C64.

Labels:

By : Tighten Raspberry Pi sells over 10 million computers | Ars Technica 0 comments

9.07.2016
Mac Developer: Kaspersky Ireland R&D haus • The Register

Kaspersky Ireland R&D haus • The Register: "With an initial investment of close to $5m, Kaspersky plans to create 50 new Dublin-based roles in the next three years. The new office will focus mainly on developing data analysis and machine learning technologies for the firm’s enterprise product line-up.

The Russian security software firm selected Dublin because of the city’s “growing reputation as a major European tech hub, providing access to a highly skilled IT talent pool and a strong network of innovative technology companies”."

Not just a tax haven, actually a civilized democracy unlike many other EU countries.

Labels:

By : Tighten Kaspersky Ireland R&D haus • The Register 0 comments

Mac Developer: Spoof an Ethernet adapter on USB, and you can sniff credentials from locked laptops • The Register

Spoof an Ethernet adapter on USB, and you can sniff credentials from locked laptops • The Register: "Security consultant and blogger Rob Fuller has turned a USB SoC-based device into a credential-sniffer that works even on locked machines."

Security is hard and getting harder all the time.

Labels:

By : Tighten Spoof an Ethernet adapter on USB, and you can sniff credentials from locked laptops • The Register 0 comments

9.06.2016
Mac Developer: Genius Bar doesn't hire retired Apple engineer, fires up age discrimination debate

Genius Bar doesn't hire retired Apple engineer, fires up age discrimination debate: "Famously, Facebook Chief Executive Mark Zuckerberg said that "young people are just smarter" at a conference in 2007."

Young people write shitty code and too much of it. There's so much of it out there. Shitty code, that is. University grads produce terrible code. If you don't believe me, go on github and read it. Yawn.

From time to time I do contracting jobs on iOS projects. Almost always, they hire me after 4 engineers have tried to solve the problem and failed.

One thing older engineers typically do not do is sell their soul (read: 90 hour work weeks) to an inexperienced CEO and his VC overlord for stock options that in 3-5 years will be worthless slips of paper.

Labels:

By : Tighten Genius Bar doesn't hire retired Apple engineer, fires up age discrimination debate 0 comments

9.03.2016
Mac Developer: Feds pin brazen kernel.org intrusion on 27-year-old programmer | Ars Technica

Feds pin brazen kernel.org intrusion on 27-year-old programmer | Ars Technica: "The indictment refers to kernel.org officials P.A. and J.H., who are presumed to be Linux kernel developer H. Peter Anvin and kernel.org Chief System Administrator John "'Warthog9" Hawley, respectively. It went on to say that Austin used the credentials to install a class of extremely hard-to-detect malware known as a rootkit and a Trojan that logs the credentials of authorized users who use the secure shell protocol to access an infected computer."

If the chief admin of the kernel was 0wned what mere mortal is safe?

Labels:

By : Tighten Feds pin brazen kernel.org intrusion on 27-year-old programmer | Ars Technica 0 comments

Mac Developer: New OS X security updates patch same zero-days as iOS 9.3.5 | Ars Technica

New OS X security updates patch same zero-days as iOS 9.3.5 | Ars Technica: "Late last week, Apple released iOS 9.3.5 to patch three zero-day bugs that could be used to access personal data on an infected phone. Dubbed "Trident," the bugs were used to create spyware called Pegasus that was used to target at least one political dissident in the United Arab Emirates."

Paddling as fast as I can to keep from inadvertently becoming a tool of the dystopian Orwellian civilization called Earth.

Labels:

By : Tighten New OS X security updates patch same zero-days as iOS 9.3.5 | Ars Technica 0 comments

8.31.2016
Mac Developer: Angler's obituary: Super exploit kit was the work of Russia's Lurk group • The Register

Angler's obituary: Super exploit kit was the work of Russia's Lurk group • The Register: "The group counts the discovery of the Equation Group, an entity strongly suspected of being part of the NSA's offensive tailored access operations wing, as one of its most high profile recent collarings. It also helped reveal the ultra sophisticated Flame malware and offered early analysis of the Stuxnet worm."

Weird how the "bad guys" are actually the good guys. I mean Russians, of course.

Labels:

By : Tighten Angler's obituary: Super exploit kit was the work of Russia's Lurk group • The Register 0 comments

8.29.2016
Mac Developer: Meet USBee, the malware that uses USB drives to covertly jump airgaps | Ars Technica

Meet USBee, the malware that uses USB drives to covertly jump airgaps | Ars Technica: ""We introduce a software-only method for short-range data exfiltration using electromagnetic emissions from a USB dongle," researchers from Israel's Ben-Gurion University wrote in a research paper published Monday. "Unlike other methods, our method doesn't require any [radio frequency] transmitting hardware since it uses the USB's internal data bus.""

SKYNET is dead, long live SKYNET.

Labels:

By : Tighten Meet USBee, the malware that uses USB drives to covertly jump airgaps | Ars Technica 0 comments

Mac Developer: Apple briefly allows, pulls jailbreak app on iOS App Store

Apple briefly allows, pulls jailbreak app on iOS App Store: "The "PG Client" app billed itself as a better client for the service that allows graphic artists to share works. However, when opened, the app was a Chinese version of the Pangu jailbreak tool.

The app was made available by the developer on Sunday at some point. By 3:30 p.m. Eastern, Apple had disabled the download, and by 4:00 p.m. had stricken the webpage for the app leading to the App Store download as well."

Those incorrigible jailbreakers!

Labels: ,

By : Tighten Apple briefly allows, pulls jailbreak app on iOS App Store 0 comments

Mac Developer: Baltimore cops: We flew high-res camera planes to film your every move • The Register

Baltimore cops: We flew high-res camera planes to film your every move • The Register: "As the ACLU's senior policy analyst and privacy expert Jay Stanley told Businessweek in its extensive report on PSS, the system – which uses a bank of cameras on a plane to provide a live-feed and 45-day archive of all activity in a 30-square-mile area – is "where the rubber meets the road" when it comes to the balance between security and privacy."

SKYNET lives.

Labels: , ,

By : Tighten Baltimore cops: We flew high-res camera planes to film your every move • The Register 0 comments

8.25.2016
Mac Developer: Dangerous, targeted iPhone attack nullified by Apple with iOS 9.3.5 patch

Dangerous, targeted iPhone attack nullified by Apple with iOS 9.3.5 patch: "More details have emerged about the need for the iOS 9.3.5 patch, which looks to have terminated a trio of exploits capable of a remote jailbreak and mass exfiltration of data from a target's iPhone, including device and account passwords."

The real question is: who knew about it more than 10 days ago?

Labels:

By : Tighten Dangerous, targeted iPhone attack nullified by Apple with iOS 9.3.5 patch 0 comments

8.24.2016
Mac Developer: HTTPS and OpenVPN face new attack that can decrypt secret cookies | Ars Technica

HTTPS and OpenVPN face new attack that can decrypt secret cookies | Ars Technica: "Researchers have devised a new attack that can decrypt secret session cookies from about 1 percent of the Internet's HTTPS traffic and could affect about 600 of the Internet's most visited sites, including nasdaq.com, walmart.com, match.com, and ebay.in."

No worries, the NSA is decrypting everything anyhoo.

Labels:

By : Tighten HTTPS and OpenVPN face new attack that can decrypt secret cookies | Ars Technica 0 comments

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2015
All Rights Reserved
Tighten Pro