Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

7.29.2016
Mac Developer: Apple's Ivan Krstic to give 'behind the scenes' iOS security talk at Black Hat USA

Apple's Ivan Krstic to give 'behind the scenes' iOS security talk at Black Hat USA: "Ivan Krstic will explore the "cryptographic design and implementation of our novel secure synchronization fabric" as it relates to technology like HomeKit, Auto Unlock, and iCloud Keychain, according to Apple. The briefing, scheduled for Aug. 4, will also go into the Secure Enclave present on Touch ID-capable devices, and "a unique JIT hardening mechanism" intended to make Safari's JIT (Just-in-Time) compiler a harder target."

Hello kimono...

Labels:

By : Tighten Apple's Ivan Krstic to give 'behind the scenes' iOS security talk at Black Hat USA 0 comments

7.28.2016
Mac Developer: Kim Dotcom’s lawyer will also represent alleged KickassTorrents founder | Ars Technica

Kim Dotcom’s lawyer will also represent alleged KickassTorrents founder | Ars Technica: "Just over a week ago, federal authorities announced the arrest of Artem Vaulin, a Ukrainian man that they say is the mastermind of KickassTorrents (KAT), which was the world’s largest BitTorrent search site until recently.

Vaulin, 30, has retained Ira Rothken, the California lawyer who has successfully kept Kim Dotcom out of custody in New Zealand since 2012. "

Nothing succeeds like success.

Labels:

By : Tighten Kim Dotcom’s lawyer will also represent alleged KickassTorrents founder | Ars Technica 0 comments

7.26.2016
Mac Developer: New attack that cripples HTTPS crypto works on Macs, Windows, and Linux | Ars Technica

New attack that cripples HTTPS crypto works on Macs, Windows, and Linux | Ars Technica: "A key guarantee provided by HTTPS encryption is that the addresses of visited websites aren't visible to attackers who may be monitoring an end user's network traffic. Now, researchers have devised an attack that breaks this protection."

Let's get those patches out ASAP. Feel sorry for all the embedded routers that have to be flashed. Yeah, that's likely to happen...

Labels:

By : Tighten New attack that cripples HTTPS crypto works on Macs, Windows, and Linux | Ars Technica 0 comments

7.23.2016
Mac Developer: Hacker who published LA Times login credentials ordered to prison | Ars Technica

Hacker who published LA Times login credentials ordered to prison | Ars Technica: "The original headline said, "Pressure builds in House to pass tax-cut package." It was changed to "Pressure builds in House to elect CHIPPY 1337.""

If only the same rule of law were applied to the elected officials of this same nation.

Labels: ,

By : Tighten Hacker who published LA Times login credentials ordered to prison | Ars Technica 0 comments

Mac Developer: Apple's latest software updates fix flaw resembling Android Stagefright

Apple's latest software updates fix flaw resembling Android Stagefright: "Apple's recent iOS, OS X, tvOS and watchOS updates patch a previously unknown security flaw that allows the surreptitious gathering of sensitive data with a simple text message, an OS-level bug which bears a striking resemblance to last year's much derided Stagefright exploit on Google's Android platform."

How long was this baby in the wild rooting devices? Security is still hard.

Labels:

By : Tighten Apple's latest software updates fix flaw resembling Android Stagefright 0 comments

7.21.2016
Mac Developer: Critical flaw leaves all Apple devices open to password thieves

Critical flaw leaves all Apple devices open to password thieves: "Tyler Bohan, senior security researcher at Cisco Talos, has discovered a serious vulnerability in “ImageIO,” a framework built into Apple’s platforms that handle image data. Hackers are able to take advantage of this to steal passwords stored locally on your devices."

Security is still hard.

Labels:

By : Tighten Critical flaw leaves all Apple devices open to password thieves 0 comments

Mac Developer: Alleged founder of world’s largest BitTorrent distribution site arrested | Ars Technica

Alleged founder of world’s largest BitTorrent distribution site arrested | Ars Technica: "HSI and IRS looked into the historical hosting records of KAT and found that for about 3.5 years, ending in January 2016, the operation was hosted out of Chicago, Illinois, which explains why the case is now being prosecuted out of the Northern District of Illinois. The site also used a Canadian hosting service—the two American agencies also used MLAT to get an image of the Canadian server."

"Don't follow leaders, Watch the parking meters" - Bob Dylan

Labels:

By : Tighten Alleged founder of world’s largest BitTorrent distribution site arrested | Ars Technica 0 comments

7.15.2016
Mac Developer: Crypto flaw made it easy for attackers to snoop on Juniper customers | Ars Technica

Crypto flaw made it easy for attackers to snoop on Juniper customers | Ars Technica: "As if people didn't already have cause to distrust the security of Juniper products, the networking gear maker just disclosed a vulnerability that allowed attackers to eavesdrop on sensitive communications traveling through customers' virtual private networks."

Big pipe style.

Labels: ,

By : Tighten Crypto flaw made it easy for attackers to snoop on Juniper customers | Ars Technica 0 comments

7.11.2016
Mac Developer: HTTPS crypto’s days are numbered. Here’s how Google wants to save it | Ars Technica

HTTPS crypto’s days are numbered. Here’s how Google wants to save it | Ars Technica: "Like many forms of encryption in use today, HTTPS protections are on the brink of a collapse that could bring down the world as we know it. Hanging in the balance are most encrypted communications sent over the last several decades. On Thursday, Google unveiled an experiment designed to head off, or at least lessen, the catastrophe."

HTTPS is dead! Long-live HTTPS!

Labels: ,

By : Tighten HTTPS crypto’s days are numbered. Here’s how Google wants to save it | Ars Technica 0 comments

7.08.2016
Mac Developer: Another Mac-specific malware pops up, but Apple's Gatekeeper still prevents infection

Another Mac-specific malware pops up, but Apple's Gatekeeper still prevents infection: "A second piece of Mac-specific malware has been discovered this week, one that could expose the passwords stored in the macOS Keychain. But once again, Apple's Gatekeeper security — when properly configured — will block the attack from succeeding."

Hmmm.

Labels: , , ,

By : Tighten Another Mac-specific malware pops up, but Apple's Gatekeeper still prevents infection 0 comments

7.02.2016
Mac Developer: Major weakness in Google's key storage breaks open Android's Full Disk Encryption

Major weakness in Google's key storage breaks open Android's Full Disk Encryption: "Higher end Android phones using premium Qualcomm chips have been seeking to court the attention of enterprise users, but new research shows that Android encryption is easy to defeat because the devices store their disk encryption keys in software, unlike Apple's iOS."

Say it ain't so!

Labels:

By : Tighten Major weakness in Google's key storage breaks open Android's Full Disk Encryption 0 comments

6.30.2016
Mac Developer: While you filled your face at Noodles and Co, malware was slurping your bank cards • The Register

While you filled your face at Noodles and Co, malware was slurping your bank cards • The Register: "American fast-food chain Noodles and Company says malware got into its sales registers, allowing it to slurp customers' payment card numbers."

Time to introduce the financial firewall to the general public.

Labels: ,

By : Tighten While you filled your face at Noodles and Co, malware was slurping your bank cards • The Register 0 comments

Mac Developer: Safari 10 brings fast, native App Extensions to the macOS browser, web content

Safari 10 brings fast, native App Extensions to the macOS browser, web content: "Building on work completed last year to enable Web Content Blockers, Apple's new Safari 10 enables a wide range of native code App Extensions that users can automatically obtain and update through the Mac App Store, contributing to faster performance, enhanced security and better reliability. "

Flash is dead, long live the Flash!

Labels:

By : Tighten Safari 10 brings fast, native App Extensions to the macOS browser, web content 0 comments

Mac Developer: High-severity bugs in 25 Symantec/Norton products imperil millions | Ars Technica

High-severity bugs in 25 Symantec/Norton products imperil millions | Ars Technica: ""These vulnerabilities are as bad as it gets," Tavis Ormandy, a researcher with Google's Project Zero, wrote in a blog post. "They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.""

Further proof that security is hard and you shouldn't hand over root level access to any app that's going to be "always on".

Labels:

By : Tighten High-severity bugs in 25 Symantec/Norton products imperil millions | Ars Technica 0 comments

6.24.2016
Mac Developer: From file-sharing to prison: A Megaupload programmer tells his story | Ars Technica

From file-sharing to prison: A Megaupload programmer tells his story | Ars TechnicaThe legal saga dragged on for three years. In 2012, Nõmm was first arrested by authorities in the Netherlands and placed under house arrest. Like Dotcom, Nõmm next spent a significant amount of time fighting extradition. But eventually in 2015, he voluntarily traveled to the US and was arrested in Virginia. Nõmm pleaded guilty to felony copyright infringement and was sentenced to a year and a day in a US federal prison.
A drop in the bucket compared to the grievous harm caused by banksters, none of whom saw a day of prison time.

Labels:

By : Tighten From file-sharing to prison: A Megaupload programmer tells his story | Ars Technica 0 comments

6.19.2016
Mac Developer: Catching up with the guy who stole Half-Life 2’s source code, 10 years later | Ars Technica

Catching up with the guy who stole Half-Life 2’s source code, 10 years later | Ars Technica: "the chief of police greeted him. He walked up to Gembe, looked him in the eye and said: "Have you any idea how lucky you are that we got to you before you got on that plane?" "

Deutschland über alles!

Labels: ,

By : Tighten Catching up with the guy who stole Half-Life 2’s source code, 10 years later | Ars Technica 0 comments

6.17.2016
Mac Developer: User testing is essential for app development, says Bill Atkinson

User testing is essential for app development, says Bill AtkinsonSAN FRANCISCO — If you want to make a truly killer app, here’s a crucial part of the creative process you shouldn’t overlook: Give your “finished” software to someone, ask them to do something with it, and then shut the hell up.
Sir Bill from the Knights of the Rounded Rectangle speaks!

Labels: , ,

By : Tighten User testing is essential for app development, says Bill Atkinson 0 comments

Mac Developer: Kill Flash now. Or patch these 36 vulnerabilities. Your choice • The Register

Kill Flash now. Or patch these 36 vulnerabilities. Your choice • The Register: "Adobe has released an update for Flash that addresses three dozen CVE-listed vulnerabilities.

The update includes a fix for the CVE-2016-4171 remote code execution vulnerability that is right now being exploited in the wild to install malware on victims' computers."

Flash is like the Windows XP of the internet. Didn't quite anticipate the rise in security concerns. Not that anyone did, but Flash is paying the heaviest price.

Labels:

By : Tighten Kill Flash now. Or patch these 36 vulnerabilities. Your choice • The Register 0 comments

6.16.2016
Mac Developer: Microsoft releases open source bug-bomb in the rambling house of C • The Register

Microsoft releases open source bug-bomb in the rambling house of C • The Register: "Key to it is better handling of pointers in C programs. Checked C “allows programmers to better describe how they intend to use pointers and the range of memory occupied by data that a pointer points to,” MS Research explains at its project page."

New features for an old friend. You don't know sizeof like I know sizeof.

Labels: ,

By : Tighten Microsoft releases open source bug-bomb in the rambling house of C • The Register 0 comments

Mac Developer: FBI expands code theft charges against Chinese national • The Register

FBI expands code theft charges against Chinese national • The Register: "The charge is that he stole source code from his employer, believed to have been IBM but not yet confirmed, intending to turn it over to the Chinese government.

Xu was employed by the company from 2010 to 2014, and was one of what the DoJ says was a “small subset” of staff with access to the source code of a clustered file system. The indictment notes that individuals had to sign NDAs to access the code."

Justice for IP theft IFF your name is IBM.

Labels:

By : Tighten FBI expands code theft charges against Chinese national • The Register 0 comments

Mac Developer: iOS 10 warns users when opening legacy apps not encoded in 64-bit

iOS 10 warns users when opening legacy apps not encoded in 64-bit: "More than a year after Apple mandated that all new apps must be 64-bit compatible, iOS 10 will begin warning users that non-compliant legacy apps may affect the stability of their iPhone or iPad."

for (NSInteger memoryBandwidth=0; memoryBandwidth<ohReally; ++memoryBandwidth) overkill=YES;

Labels:

By : Tighten iOS 10 warns users when opening legacy apps not encoded in 64-bit 0 comments

6.14.2016
Mac Developer: How a college student tricked 17k coders into running his sketchy script | Ars Technica

How a college student tricked 17k coders into running his sketchy script | Ars Technica: "The eye-opening (if ethically questionable) research was conducted by University of Hamburg student Nikolai Philipp Tschacher as part of his bachelor thesis. Using a variation of a decade-old attack known as typosquatting, he uploaded his code to three popular developer communities and gave them names that were similar to widely used packages already submitted by other users."

Hmmm.

Labels:

By : Tighten How a college student tricked 17k coders into running his sketchy script | Ars Technica 0 comments

6.08.2016
Mac Developer: Microsoft's BITS file transfer tool fooled into malware distribution • The Register

Microsoft's BITS file transfer tool fooled into malware distribution • The Register: "While working on a customer clean-up project, SecureWorks staff found that attackers had created self-contained BITS tasks that didn't appear in the registries of affected machines, and their footprints were limited to entries on the BITS database."

Security is hard, real hard.

Labels: ,

By : Tighten Microsoft's BITS file transfer tool fooled into malware distribution • The Register 0 comments

Mac Developer: Why does an Android keyboard need to see your camera and log files – and why does it phone home to China? • The Register

Why does an Android keyboard need to see your camera and log files – and why does it phone home to China? • The Register: "UK-based Pentest said a whitepaper study [PDF] of the popular Flash Keyboard found that the Android app is "abusing" OS permissions, inserting potentially malicious ads, and tracking user behavior, then sending data to servers in China."

Marketing 101 - computer users ain't that smart.

Labels:

By : Tighten Why does an Android keyboard need to see your camera and log files – and why does it phone home to China? • The Register 0 comments

6.06.2016
Mac Developer: TeamViewer users are being hacked in bulk, and we still don’t know how | Ars Technica

TeamViewer users are being hacked in bulk, and we still don’t know how | Ars Technica: "For more than a month, users of the remote login service TeamViewer have taken to Internet forums to report their computers have been ransacked by attackers who somehow gained access to their accounts."

Uh-oh.

Labels:

By : Tighten TeamViewer users are being hacked in bulk, and we still don’t know how | Ars Technica 0 comments

Mac Developer: Giveaway: Win an mCookie Kit from Microduino

Giveaway: Win an mCookie Kit from Microduino: "Microduino is partnering with AppleInsider to offer readers the chance to win an mCookie kit, which contains a magnetic stackable Arduino microcontroller for programmers and DIY-ers. As a bonus, not one, but two kits are up for grabs this week."

For all you hackers out there.

Labels:

By : Tighten Giveaway: Win an mCookie Kit from Microduino 0 comments

Mac Developer: The guy who named iMac says Apple's names are too confusing | Cult of Mac

The guy who named iMac says Apple's names are too confusing | Cult of Mac: "Former Apple marketing guru Ken Segall helped launched Apple’s string of i-devices, but now he says that the company has lost its way from simplicity lately and there’s no clearer sign than the confusing naming scheme of the iPhone.

Hmmmmm.

Labels:

By : Tighten The guy who named iMac says Apple's names are too confusing | Cult of Mac 0 comments

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2015
All Rights Reserved
Tighten Pro