C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation
Tighten Pro - in the Mac App Store
Tighten Pro is now available in the Mac App Store.
Simply click on the icon to the left to purchase directly from Apple.
Or choose PKCS#7Viewer.app by clicking the image to the right.
Mac Developer: Ad industry complains Apple Safari update is 'unilateral and heavy-handed' against tracking
Ad industry complains Apple Safari update is 'unilateral and heavy-handed' against tracking: "Six ad industry organizations have crafted an open letter complaining about changes coming to Apple's Safari browser, claiming that a new feature — "Intelligent Tracking Prevention" — will hurt both them and the public."
Labels: security policy
Mac Developer: Microsoft says it won't fix kernel flaw: It's not a security issue. Suuuure • The Register
Microsoft says it won't fix kernel flaw: It's not a security issue. Suuuure • The Register: "spotted this week by enSilo security researcher Omri Misgav, lies within the system call PsSetLoadImageNotifyRoutine, which has been part of Microsoft's operating system since Windows 2000 and is still active in the latest builds."
Things that go hmmmm in the night.
Labels: security policy
Mac Developer: Exploit goes public for severe bug affecting high-impact sites | Ars Technica
Exploit goes public for severe bug affecting high-impact sites | Ars Technica: "The critical vulnerability is located in Apache Struts 2, an open-source framework that large numbers of enterprise-grade organizations use to develop customer-facing Web applications. The bug, which has been active since 2008, allows end users to execute malicious code or commands by plugging maliciously modified data into search boxes or similar features hosted on the site."
Not invented here syndrome may have some unexpected benefits.
Labels: security exploit, security fix, security flaw
Mac Developer: Intel details 8th-generation Core i7, i5 processors suitable for MacBook, dual-core MacBook Pro refresh
Intel details 8th-generation Core i7, i5 processors suitable for MacBook, dual-core MacBook Pro refresh: "Previously teased in May, the four processors launched by Intel on Monday are all meant for use in notebooks and all-in-one desktop systems, due to being designed with a thermal design power (TDP) of 15 Watts, meaning the processors run at low temperatures. Intel claims the new Core i5 and Core i7 chips can lead to notebook and tablet designs with up to 10 hours of battery life, as well as the performance boost, which is said to provide double the processing power of processors released five years ago. "
Personally, I think Intel is doing a great job of not screwing up a good thing that you've got going.
Labels: x86 forever
Mac Developer: Secret chips in replacement parts can completely hijack your phone’s security | Ars Technica
Secret chips in replacement parts can completely hijack your phone’s security | Ars Technica: "People with cracked touch screens or similar smartphone maladies have a new headache to consider: the possibility the replacement parts installed by repair shops contain secret hardware that completely hijacks the security of the device."
Yay for us.
Mac Developer: Encryption key for iPhone 5s Touch ID exposed, opens door to further research
Encryption key for iPhone 5s Touch ID exposed, opens door to further research: "The tool and hack is not for the inexperienced. The outputs of the tool are binaries of the kernel and related software regulating the communications between the Touch ID sensor and Secure Enclave —but not any information transmitted presently or in the past between the Touch ID sensor and the Secure Enclave."
If this was a movie, it could be called The Legacy of Bunnie Huang
Labels: security, security exploit, security leak
Mac Developer: Rowhammer RAM attack adapted to hit flash storage • The Register
Rowhammer RAM attack adapted to hit flash storage • The Register: "It's Rowhammer, Jim, but not as we know it: IBM boffins have taken the DRAM-bit-flipping-as-attack-vector trick found by Google and applied it to MLC NAND Flash."
Just when you thought it was safe to get back in the pool.
Labels: security flaw, security is hard
Mac Developer: Comp sci world shock: Bonn boffin proposes P≠NP proof, preps for prestige, plump prize • The Register
Comp sci world shock: Bonn boffin proposes P≠NP proof, preps for prestige, plump prize • The Register: "This isn't purely an abstract issue. Current cryptography assumes P≠NP; if that turns out to be wrong, online security could become much more of a challenge."
It's the beef in "Where's the beef?"
Mac Developer: TSMC in mass production of 10nm 'A11' chips for Apple's 'iPhone 8'
TSMC in mass production of 10nm 'A11' chips for Apple's 'iPhone 8': "TSMC is applying the same 10-nanometer FinFET manufacturing technique being used to make A10X chips for this year's 10.5- and 12.9-inch iPad Pros, DigiTimes said on Monday. The A10X is in fact believed to be the first chip produced with the technique, though TSMC does have other clients."
Just when you think that Moore's law is over, FinFET smacks you upside the head.
Labels: Moore's Law
Mac Developer: Google refuses comment on 'aggressive deployment' of Android spyware app in Play store
Google refuses comment on 'aggressive deployment' of Android spyware app in Play store: "Google has taken action to curb the spread of Android malware based on "SonicSpy" that besides just exfiltrating personal data from the phone, had the ability to silently record audio, take photos with the camera, make calls, and send text messages."
Labels: security is hard
Mac Developer: Firmware update blunder bricks hundreds of home 'smart' locks • The Register
Mac Developer: Revealed: The naughty tricks used by web ads to bypass blockers • The Register
Mac Developer: Suspected sextortionist hiding behind Tor is outed by booby-trapped video | Ars Technica
Suspected sextortionist hiding behind Tor is outed by booby-trapped video | Ars Technica: "The FBI used a booby-trapped video to identify a California man who allegedly used the Tor network to anonymously extort sexually explicit material from minors online."
Score one for the good guys!
Labels: security exploit, security flaw, security policy
Mac Developer: BBC - Future - Why can't films and TV accurately portray hackers?
BBC - Future - Why can't films and TV accurately portray hackers?: "As time goes on, it’s becoming more difficult to get away with false portrayals of hacking and technology. Some of the most famous offenders are..."
Sneakers was awesome.
Labels: hacking, hacking osx, hackintosh
Mac Developer: Why the Bitcoin network just split in half and why it matters | Ars Technica
Mac Developer: Slayer of WCry worm charged with creating unrelated banking malware | Ars Technica
Mac Developer: Why the feds took down one of Bitcoin’s largest exchanges - The Verge
Why the feds took down one of Bitcoin’s largest exchanges - The Verge: "There will continue to be demand for exchanges like BTC-e, and with feds directly targeting exchanges that don’t play by the book, the split between the two halves of Bitcoin is becoming starker and starker."
Draining the swamp to make way for a new digital future free of meddling by the central banks.
Labels: bitcoin, blockchain
Mac Developer: Apple posts strong $45.4 billion in revenue on growing sales of 41 million iPhones
Apple posts strong $45.4 billion in revenue on growing sales of 41 million iPhones: "As for the Mac, sales were 4.3 million, up slightly from the same period in 2016. Sales of the Mac were also up from 4.2 million in the March 2017 quarter."
Or, as they say, back to my Mac!
Labels: Apple ][ Forever, Apple vs. Apple
Mac Developer: Kid found a way to travel for free in Budapest. He filed a bug report. And was promptly arrested • The Register
Kid found a way to travel for free in Budapest. He filed a bug report. And was promptly arrested • The Register: "The arrest of a Hungarian bloke after he discovered a massive flaw in the website of Budapest's transport authority – and reported it – has sparked a wave of protests."
How to ensure that security, which is already ridiculously difficult, remains impossible.
Labels: security policy
Mac Developer: Wisconsin court orders Apple pay $506M for infringing on WARF patent
Wisconsin court orders Apple pay $506M for infringing on WARF patent: "WARF first sued Apple in 2014 over alleged infringement of U.S. Patent No. U.S. 5,781,752 for a "Table based data speculation circuit for parallel processing computer." According to WARF and original patent claims, the IP provides a novel method of improving power efficiency and performance in modern computer processor designs using "predictor circuit" technology. The university leveraged the same patent to force Intel into a settlement in 2008."
If you had any questions as to why college education is barely affordable, here's your answer. How far have we come since Steve Jobs got excited about Mach at Carnegie-Mellon?
Labels: microprocessor patents, software engineering, software patents
Mac Developer: “Perverse” malware infecting hundreds of Macs remained undetected for years | Ars Technica
“Perverse” malware infecting hundreds of Macs remained undetected for years | Ars Technica: "One of the interesting aspects of the latest Fruitfly variant is that it flew under the radar for so long. The malware relies on functions that were retired long ago and uses a crude method to remain installed once a Mac is infected. Compared to newer, more sophisticated malware, Fruitfly is much easier to detect. And yet, for whatever reason, no one caught it until recently. Two pieces of Mac software developed by Wardle would have given victims a strong indication they were infected. One, called BlockBlock, would have warned of the suspicious launch agent used by the malware. "
BlockBlock, like I said, good things.
Labels: security research
Mac Developer: Microsoft’s secret weapon in ongoing struggle against Fancy Bear? Trademark law | Ars Technica
Microsoft’s secret weapon in ongoing struggle against Fancy Bear? Trademark law | Ars Technica: "In other words, any time an infected computer attempts to contact a command and control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server. "
That bear is dance.
Labels: security policy
Mac Developer: Google drops the boom on WoSign, StartCom certs for good | Ars Technica
Google drops the boom on WoSign, StartCom certs for good | Ars Technica: "The investigation uncovered a pattern of bad practices at WoSign and its subsidiary StartCom dating back to the spring of 2015. As a result, Google moved last October to begin distrusting new certificates issued by the two companies, stating "Google has determined that two CAs, WoSign and StartCom, have not maintained the high standards expected of CAs and will no longer be trusted by Google Chrome."
Now for the root CAs in lala land.
Labels: security policy
Mac Developer: Objective-See
Objective-SeeBlockBlock has the ability query VirusTotal to see if either the process or startup item that was persisted, is known malware. Clicking on the 'virus total' button will generate a network request, which contains the path, name, and hash of both the process and startup item.
This looks very promising.
Labels: security tools mac
Mac Developer: Apple no longer accepting VPN-based ad blockers to App Store, report says
Mac Developer: Qubes OS will ship pre-installed on Purism’s security-focused Librem 13 laptop | Ars Technica
Qubes OS will ship pre-installed on Purism’s security-focused Librem 13 laptop | Ars Technica: "Qubes OS, the security-focused operating system that Edward Snowden said in November he was “really excited” about, announced this week that laptop maker Purism will ship their privacy-focused Librem 13 notebook with Qubes pre-installed."
This is the future of something, possibly the future of everything.
Labels: security policy, security research
Mac Developer: Amazon supercharges GPU power, spits out Nvidia-backed G3 • The Register