C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation
Tighten Pro - in the Mac App Store
Tighten Pro is now available in the Mac App Store.
Simply click on the icon to the left to purchase directly from Apple.
Or choose PKCS#7Viewer.app by clicking the image to the right.
Mac Developer: From file-sharing to prison: A Megaupload programmer tells his story | Ars Technica
From file-sharing to prison: A Megaupload programmer tells his story | Ars TechnicaThe legal saga dragged on for three years. In 2012, Nõmm was first arrested by authorities in the Netherlands and placed under house arrest. Like Dotcom, Nõmm next spent a significant amount of time fighting extradition. But eventually in 2015, he voluntarily traveled to the US and was arrested in Virginia. Nõmm pleaded guilty to felony copyright infringement and was sentenced to a year and a day in a US federal prison.
A drop in the bucket compared to the grievous harm caused by banksters, none of whom saw a day of prison time.
Mac Developer: Catching up with the guy who stole Half-Life 2’s source code, 10 years later | Ars Technica
Catching up with the guy who stole Half-Life 2’s source code, 10 years later | Ars Technica: "the chief of police greeted him. He walked up to Gembe, looked him in the eye and said: "Have you any idea how lucky you are that we got to you before you got on that plane?"
Deutschland über alles!
Labels: best hacker stories, zero day exploit
Mac Developer: User testing is essential for app development, says Bill Atkinson
User testing is essential for app development, says Bill AtkinsonSAN FRANCISCO — If you want to make a truly killer app, here’s a crucial part of the creative process you shouldn’t overlook: Give your “finished” software to someone, ask them to do something with it, and then shut the hell up.
Sir Bill from the Knights of the Rounded Rectangle speaks!
Labels: bill atkinson, bill budge, woz
Mac Developer: Kill Flash now. Or patch these 36 vulnerabilities. Your choice • The Register
Kill Flash now. Or patch these 36 vulnerabilities. Your choice • The Register: "Adobe has released an update for Flash that addresses three dozen CVE-listed vulnerabilities.
The update includes a fix for the CVE-2016-4171 remote code execution vulnerability that is right now being exploited in the wild to install malware on victims' computers."
Flash is like the Windows XP of the internet. Didn't quite anticipate the rise in security concerns. Not that anyone did, but Flash is paying the heaviest price.
Labels: security flaw
Mac Developer: Microsoft releases open source bug-bomb in the rambling house of C • The Register
Microsoft releases open source bug-bomb in the rambling house of C • The Register: "Key to it is better handling of pointers in C programs. Checked C “allows programmers to better describe how they intend to use pointers and the range of memory occupied by data that a pointer points to,” MS Research explains at its project page."
New features for an old friend. You don't know sizeof like I know sizeof.
Labels: security, security exploit
Mac Developer: FBI expands code theft charges against Chinese national • The Register
FBI expands code theft charges against Chinese national • The Register: "The charge is that he stole source code from his employer, believed to have been IBM but not yet confirmed, intending to turn it over to the Chinese government.
Xu was employed by the company from 2010 to 2014, and was one of what the DoJ says was a “small subset” of staff with access to the source code of a clustered file system. The indictment notes that individuals had to sign NDAs to access the code."
Justice for IP theft IFF your name is IBM.
Labels: IP theft
Mac Developer: iOS 10 warns users when opening legacy apps not encoded in 64-bit
iOS 10 warns users when opening legacy apps not encoded in 64-bit: "More than a year after Apple mandated that all new apps must be 64-bit compatible, iOS 10 will begin warning users that non-compliant legacy apps may affect the stability of their iPhone or iPad."
for (NSInteger memoryBandwidth=0; memoryBandwidth<ohReally; ++memoryBandwidth) overkill=YES;
Mac Developer: How a college student tricked 17k coders into running his sketchy script | Ars Technica
How a college student tricked 17k coders into running his sketchy script | Ars Technica: "The eye-opening (if ethically questionable) research was conducted by University of Hamburg student Nikolai Philipp Tschacher as part of his bachelor thesis. Using a variation of a decade-old attack known as typosquatting, he uploaded his code to three popular developer communities and gave them names that were similar to widely used packages already submitted by other users."
Labels: social hacking
Mac Developer: Microsoft's BITS file transfer tool fooled into malware distribution • The Register
Microsoft's BITS file transfer tool fooled into malware distribution • The Register: "While working on a customer clean-up project, SecureWorks staff found that attackers had created self-contained BITS tasks that didn't appear in the registries of affected machines, and their footprints were limited to entries on the BITS database."
Security is hard, real hard.
Labels: attack surface, security exploit
Mac Developer: Why does an Android keyboard need to see your camera and log files – and why does it phone home to China? • The Register
Why does an Android keyboard need to see your camera and log files – and why does it phone home to China? • The Register: "UK-based Pentest said a whitepaper study [PDF] of the popular Flash Keyboard found that the Android app is "abusing" OS permissions, inserting potentially malicious ads, and tracking user behavior, then sending data to servers in China."
Marketing 101 - computer users ain't that smart.
Labels: security flaw
Mac Developer: TeamViewer users are being hacked in bulk, and we still don’t know how | Ars Technica
TeamViewer users are being hacked in bulk, and we still don’t know how | Ars Technica: "For more than a month, users of the remote login service TeamViewer have taken to Internet forums to report their computers have been ransacked by attackers who somehow gained access to their accounts."
Labels: security leak
Mac Developer: Giveaway: Win an mCookie Kit from Microduino
Giveaway: Win an mCookie Kit from Microduino: "Microduino is partnering with AppleInsider to offer readers the chance to win an mCookie kit, which contains a magnetic stackable Arduino microcontroller for programmers and DIY-ers. As a bonus, not one, but two kits are up for grabs this week."
For all you hackers out there.
Labels: think different
Mac Developer: The guy who named iMac says Apple's names are too confusing | Cult of Mac
The guy who named iMac says Apple's names are too confusing | Cult of Mac: "Former Apple marketing guru Ken Segall helped launched Apple’s string of i-devices, but now he says that the company has lost its way from simplicity lately and there’s no clearer sign than the confusing naming scheme of the iPhone.
Labels: Apple vs. Apple
Mac Developer: Don't panic, says Blue Coat, we're not using CA cert to snoop on you • The Register
Don't panic, says Blue Coat, we're not using CA cert to snoop on you • The Register: "These trusted certs can be used to disguise malicious servers as legit websites; netizens connecting to the systems would think they're using the real deal, but really they're talking to imposters and handing over sensitive information like passwords to strangers."
If it's happening here, it's happening all over the world.
Labels: security policy
Mac Developer: Feinstein-Burr's bonkers backdoor crypto law is dead in the water • The Register
Feinstein-Burr's bonkers backdoor crypto law is dead in the water • The Register: "The daft bill was championed by Senators Richard Burr (R‑NC) and Dianne Feinstein (D‑CA) in February following an increasingly rancorous debate over encryption, and at one point it looked likely to make it into law. Just last month, Senator Ron Wyden said he was planning to filibuster it."
Sounds like California needs a Senator that understands California.
Labels: security policy
Mac Developer: Armed FBI agents raid home of researcher who found unsecured patient data | Ars Technica
Armed FBI agents raid home of researcher who found unsecured patient data | Ars Technica: "FBI agents, one armed with an assault weapon, reportedly raided the home of a security professional who discovered sensitive data for 22,000 dental patients was available on the Internet, according to a report published Friday."
You are living in an Orwellian police state where the only winners are the corporate overlords. If Eaglesoft's security leaks were to result in the loss of property by private citizens, they would be charged with nothing.
Labels: security fail, security policy, security research
Mac Developer: Dedupe, dedupe, dedupe dedupe dedupe... Who snuck in to attack Microsoft Edge? • The Register
Rowhammer involves rapidly writing and rewriting memory to force capacitor errors in DRAM that can then be exploited to gain control of the system. The hardware hack was brought to public attention by security researchers at Google Project Zero last year."
Comforting thoughts not so much.
Labels: security flaw
Mac Developer: Quiet cryptologist Bill Duane's war with Beijing's best • The Register
Quiet cryptologist Bill Duane's war with Beijing's best • The Register: ""I have never worked so hard, under so much stress, and with so much at risk," Duane told the AusCERT security conference on the Gold Coast."
Considering his credentials, this is easily one of the most disconcerting security articles published in recent memory.
Labels: security policy, security research
Mac Developer: Google to bring official Android support to the Raspberry Pi 3 | Ars Technica
Google to bring official Android support to the Raspberry Pi 3 | Ars Technica: "The Raspberry Pi 3 is not hurting for operating system choices. The tiny ARM computer is supported by several Linux distributions and even has a version of Windows 10 IoT core available. Now, it looks like the Pi is about to get official support for one of the most popular operating systems out there: Android. In Google's Android Open Source Project (AOSP) repository, a new device tree recently popped up for the Raspberry Pi 3."
When I was a kid, the Apple ][ was my dream machine, but I could never afford one, so I bought a Commodore 64 and programmed the Apple at my High School. In the end, the C64 provided a superior education because of the ASICs that handled sound (especially), since audio synthesis has played a role in, well, most of my life. If I had the time, I'd get into the Raspberry Pi. You know, with C and Linux, not with Java or Windows. Sorry, guys.
Labels: Apple ][ Forever, Commodore 64
Mac Developer: Government agencies keep sacrificing cash to zombie IT systems, GAO finds | Ars Technica
Government agencies keep sacrificing cash to zombie IT systems, GAO finds | Ars Technica: "Some of the most critical business systems run by US government agencies are older than many of the IT people who support them, written in mainframe assembler code or COBOL. That might not shock or surprise anyone who works in mainframe-centric industries like insurance and finance, where the time-tested reliability of some systems has granted them lives that reach back to the Johnson administration."
The other thing that is absolutely clear from this report is that the only company that understands the needs of its customers is IBM. Continues to manufacture and support the hardware necessary to keep these systems running. Which is what the CUSTOMER needs.
Labels: IBM vs. Everyone Else
Mac Developer: Pastejack attack turns your clipboard into a threat • The Register
Pastejack attack turns your clipboard into a threat • The Register: "Dylan Ayrey, who published the exploit at GitHub, explains: “If a user attempts to copy the text with keyboard shortcuts, i.e. ctrl+c or command+c, an 800ms timer gets set that will override the user's clipboard with malicious code”."
Labels: security flaw
Mac Developer: Apple reportedly working on a rival to Amazon's Echo
Apple reportedly working on a rival to Amazon's Echo: "More interestingly, however, Apple is also apparently working on a smart Bluetooth speaker not unlike Amazon's Echo or Google Home."
I don't find this interesting at all. I guess when Steve Jobs died, so did "Focus is saying no to 1000 good ideas".
Labels: amazon vs. google vs. apple
Mac Developer: Google’s closing argument: Android was built from scratch, the fair way | Ars Technica
Google’s closing argument: Android was built from scratch, the fair way | Ars Technica: "SAN FRANCISCO—Google attorney Robert Van Nest made his closing argument to a panel of jurors here today, asking them to clear Android of copyright infringement allegations as a matter of "fairness and fair use.""
They should eliminate all the APIs that look substantially similar to object-oriented system interfaces that preceded Java. That should sober them up a bit. Yawner until it's not.
Labels: software engineering, software fail
Mac Developer: Apple brings back crypto whiz Jon Callas as encryption battles heat up
Apple brings back crypto whiz Jon Callas as encryption battles heat up: "Callas is known to support this view, but has proposed a compromise in which agencies can exploit zero-day vulnerabilities so long as they're later disclosed for fixing."
The cat came back, the very next day...
Labels: 1984, security policy
Mac Developer: Snowden: NBN leaker raids a 'misuse' of Australian Federal Police • The Register
Snowden: NBN leaker raids a 'misuse' of Australian Federal Police • The Register: "The privacy pundit backs his argument by citing the ubiquitous mantra of the pro-surveillance crowd "if you have nothing to hide, you have nothing to fear" attributing the quote to Nazi propaganda minister Joseph Goebbels."
Orwellian future arrives extra early in Australia.
Labels: orwell 1984
Mac Developer: Snowden calls for whistleblower shield after claims by new Pentagon source | US news | The Guardian
Snowden calls for whistleblower shield after claims by new Pentagon source | US news | The Guardian: "The account of John Crane, a former senior Pentagon investigator, appears to undermine Barack Obama, Hillary Clinton and other major establishment figures who argue that there were established routes for Snowden other than leaking to the media."
Hard to believe that just after WWII, the world used to look to the US for idealism and freedom.
Labels: security policy
Mac Developer: After a year of using NodeJS in production - elCurator
After a year of using NodeJS in production - elCurator: "All this to say that it feels like the Node ecosystem is constantly moving. Not in a good way. New tools that 'trump' old tools seem to come out daily. Theres always a new shiny thing to replace the other. You'll be surprised on how easily this happens to you and the community seems to encourage it. You use Grunt!? Everyone uses Gulp!? Wait no, use native NPM scripts!"
Here's an awesome article about the hype bullsh*t that is Node. Hopefully it will die during the unicorn culling.