Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

5.24.2018
Mac Developer: Amazon Echo recorded household audio, sent it to random contact

Amazon Echo recorded household audio, sent it to random contact: "An Oregon family's Amazon Echo recorded household audio and sent it to an employee of the family's husband, something Amazon blamed on a rare bug that it intends to fix."

Hmmm.

Labels: ,

By : Tighten Amazon Echo recorded household audio, sent it to random contact 0 comments

5.23.2018
Mac Developer: Police use of Amazon’s face-recognition service draws privacy warnings | Ars Technica

Police use of Amazon’s face-recognition service draws privacy warnings | Ars Technica: "Amazon is actively courting law-enforcement agencies to use a cloud-based facial-recognition service that can identify people in real time, the American Civil Liberties Union reported Tuesday, citing the documents obtained from two US departments."

Hmmm.

Labels:

By : Tighten Police use of Amazon’s face-recognition service draws privacy warnings | Ars Technica 0 comments

Mac Developer: Smartphone app that allows credit card skimming ‘real risk’ to consumers: experts - National | Globalnews.ca

Smartphone app that allows credit card skimming ‘real risk’ to consumers: experts - National | Globalnews.ca: "A smartphone app, which allows the user to read credit card information through wallets and purses, is cause for concern amongst consumers that carry credit cards with radio-frequency identification (RFID) technology, according to experts.

The free app, available on the Samsung Galaxy S3 through the Google Play store, allows the phone to read the RFID chip on a credit card, picking up the cardholder’s name, credit card number and expiry date, according to a CBC investigation."

Way to go global payment processing plutocracy!

Labels:

By : Tighten Smartphone app that allows credit card skimming ‘real risk’ to consumers: experts - National | Globalnews.ca 0 comments

Mac Developer: YubiKey NEO's physical NFC key can now unlock apps on iPhone 7 & later

YubiKey NEO's physical NFC key can now unlock apps on iPhone 7 & later: "Taking advantage of the more open NFC access on iPhones made possible with iOS 11, Yubico has announced that its physical YubiKey NEO authentication key can now be used to unlock compatible iOS apps. "

Cool!

Labels: , ,

By : Tighten YubiKey NEO's physical NFC key can now unlock apps on iPhone 7 & later 0 comments

5.22.2018
Mac Developer: Intel promises fix for new 'Variant 4' Meltdown, Spectre vulnerability

Intel promises fix for new 'Variant 4' Meltdown, Spectre vulnerability: "Industry woes over Meltdown and Spectre continued this week when Google and Microsoft on Monday revealed a newly discovered silicon-level vulnerability impacting chips used in millions of computers, including those marketed by Apple. "

I'm totally cereal about this.

Labels: , , ,

By : Tighten Intel promises fix for new 'Variant 4' Meltdown, Spectre vulnerability 0 comments

5.11.2018
Mac Developer: Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed • The Register

Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed • The Register: "Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed"

Wot!

Labels: ,

By : Tighten Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed • The Register 0 comments

5.04.2018
Mac Developer: More Spectre-style chip flaws discovered in Intel processors

More Spectre-style chip flaws discovered in Intel processors: "The eighth vulnerability is apparently an exception, potentially posing a greater threat than Spectre itself, as it could allow an attacker to launch an exploit in a virtual machine (VM) as a way to attack the host system. Largely affecting enterprise, as well as some individual users who operate VMs privately, the vulnerability could also be used to attack other VM instances on the same server, and due to Intel's Software Guard Extensions (SGX) not being "Spectre-safe," it could also intercept passwords and keys transmitted between VM instances. "

"Nobody ever got fired for buying IBM."

Labels: , ,

By : Tighten More Spectre-style chip flaws discovered in Intel processors 0 comments

5.03.2018
Mac Developer: Drive-by Rowhammer attack uses GPU to compromise an Android phone | Ars Technica

Drive-by Rowhammer attack uses GPU to compromise an Android phone | Ars Technica: "Over the past few years, there has been a steady evolution in Rowhammer, the once largely theoretical attack that exploits physical defects in memory chips to tamper with the security of the devices they run on. On Thursday, researchers are unveiling the most practical demonstration yet of Rowhammer's power and reach: an exploit that remotely executes malicious code on Android phones by harnessing their graphical processors."

Yo! Hammer! Can't touch this...

Labels: ,

By : Tighten Drive-by Rowhammer attack uses GPU to compromise an Android phone | Ars Technica 0 comments

Mac Developer: Hands off! Arm pitches tamper-resistant Cortex-M35-P CPU cores • The Register

Hands off! Arm pitches tamper-resistant Cortex-M35-P CPU cores • The Register: "Arm has released a new processor core design for Cortex-M-powered system-on-chips that will try to stop physical tampering and side-channel attacks by hackers."

Hackey sacked.

Labels:

By : Tighten Hands off! Arm pitches tamper-resistant Cortex-M35-P CPU cores • The Register 0 comments

4.06.2018
Mac Developer: Baltimore’s 911 system, Boeing join Atlanta in week of crypto-malware outbreaks | Ars Technica

Baltimore’s 911 system, Boeing join Atlanta in week of crypto-malware outbreaks | Ars Technica: "Last Friday, the City of Atlanta was struck by a ransomware attack that took much of the city's internal and external services offline. As of today, many of those services have been restored, but two public portals remain offline."

Security is hard, people. And getting harder. Humans are the weak link in the chain.

Labels:

By : Tighten Baltimore’s 911 system, Boeing join Atlanta in week of crypto-malware outbreaks | Ars Technica 0 comments

4.04.2018
Mac Developer: Intel drops plans to develop Spectre microcode for ancient chips | Ars Technica

Intel drops plans to develop Spectre microcode for ancient chips | Ars Technica: "Intel has scaled back its plans to produce microcode updates for some of its older processors to address the "Spectre variant 2" attack. Core 2 processors are no longer scheduled to receive updates, and, while some first generation Core products have microcode updates available already, others have had their update cancelled.

I wanted to fix the worst computer bug in the history of humankind but then I realized if I don't fix it, people will buy more new CPU chips. It's a win-win situation!

Labels:

By : Tighten Intel drops plans to develop Spectre microcode for ancient chips | Ars Technica 0 comments

1.16.2018
Mac Developer: There's a new malicious link that can crash or hang Messages and Safari

There's a new malicious link that can crash or hang Messages and Safari: "Yet another "text bomb" has surfaced, this time in the form of a website that can sometimes cause system crashes or hangups when received through Apple's Messages app on iOS and macOS."

Wonky tonk.

Labels:

By : Tighten There's a new malicious link that can crash or hang Messages and Safari 0 comments

Mac Developer: Found: New Android malware with never-before-seen spying capabilities | Ars Technica

Found: New Android malware with never-before-seen spying capabilities | Ars Technica: "Now, in a discovery that underscores the growing arms race among competing malware developers, researchers have uncovered a new Android spying platform that includes location-based audio recording and other features that have never been seen in the wild before."

aka Wowsers and browsers.

Labels:

By : Tighten Found: New Android malware with never-before-seen spying capabilities | Ars Technica 0 comments

12.19.2017
Mac Developer: Geekbench and Reddit think they’ve cracked why iPhones get slower over time | Ars Technica

Geekbench and Reddit think they’ve cracked why iPhones get slower over time | Ars Technica: "Based on anecdotal observation, many iPhone users have long believed that older iPhones get slower over time. Generally, people have assumed that this is because of new features and additions in new versions of iOS that are better optimized for the latest phones."

Conspiracy theories laid to rest: it's the hardware, stupid!

Labels: ,

By : Tighten Geekbench and Reddit think they’ve cracked why iPhones get slower over time | Ars Technica 0 comments

12.04.2017
Mac Developer: Guilty: NSA bloke who took home exploits at the heart of Kaspersky antivirus slurp row • The Register

Guilty: NSA bloke who took home exploits at the heart of Kaspersky antivirus slurp row • The Register: "Kaspersky Lab has denied any wrongdoing in the matter or illicit ties to Russian intelligence. The security vendor also pointed out Pho's machine was infected with loads of malware, meaning any miscreant could have stolen Uncle Sam's cyber-weapons."

At the very least Kaspersky needs a new publicist.

Labels: ,

By : Tighten Guilty: NSA bloke who took home exploits at the heart of Kaspersky antivirus slurp row • The Register 0 comments

11.02.2017
Mac Developer: The underground story of Cobra, the 1980s’ illicit handmade computer | Ars Technica

The underground story of Cobra, the 1980s’ illicit handmade computer | Ars Technica: "Back then, Romania’s hardware industry mainly cloned the British Sinclair ZX Spectrum, a machine released in the UK in 1982. This device was copied all across Central and Eastern Europe. The ZX Spectrum was an 8-bit personal computer built around a Zilog Z80 A CPU running a BASIC interpreter, an easy-to-use programming language widespread on microcomputers at that time. It used a TV set as a display and audio cassettes for storage."

I have seen the future and it is the past.

Labels:

By : Tighten The underground story of Cobra, the 1980s’ illicit handmade computer | Ars Technica 0 comments

10.26.2017
Mac Developer: Google engineer proves any iPhone app with permission to access the camera is capable of spying

Google engineer proves any iPhone app with permission to access the camera is capable of spying: "Once granted, Krause advises it is possible for an app to photograph and record from the cameras any time the app is in the foreground, without informing the user the images and video are being captured with flashes or other indictors. "

Troubling but not nearly as troubling as the gaping security holes on Android.

Labels:

By : Tighten Google engineer proves any iPhone app with permission to access the camera is capable of spying 0 comments

10.16.2017
Mac Developer: Apple confirms KRACK Wi-Fi WPA-2 attack vector patched in iOS, tvOS, watchOS, macOS betas

Apple confirms KRACK Wi-Fi WPA-2 attack vector patched in iOS, tvOS, watchOS, macOS betas: "AppleInsider has learned that Apple has rectified the "KRACK Attack" Wi-Fi WPA-2 exploit in "recent" macOS, iOS, tvOS, and watchOS betas —but was unable to confirm that a patch is coming for the AirPort series of routers."

The other shoe dropping...

Labels:

By : Tighten Apple confirms KRACK Wi-Fi WPA-2 attack vector patched in iOS, tvOS, watchOS, macOS betas 0 comments

Mac Developer: Wi-Fi security has been breached, say researchers - The Verge

Wi-Fi security has been breached, say researchers - The Verge: "At about 7AM ET this morning, researchers revealed details of a new exploit called KRACK that takes advantage of vulnerabilities in Wi-Fi security to let attackers eavesdrop on traffic between computers and wireless access points."

Kind of a major fail.

Labels: ,

By : Tighten Wi-Fi security has been breached, say researchers - The Verge 0 comments

10.15.2017
Mac Developer: Cult of Mac Magazine: Why you shouldn’t trust every Apple ID prompt, and more | Cult of Mac

Cult of Mac Magazine: Why you shouldn’t trust every Apple ID prompt, and more | Cult of Mac: "It’s not uncommon to see a random popup that asks you to “Sign In to iTunes Store” on iOS. They sometimes appear unexpectedly, but they’re usually genuine. There is a chance that the app’s developer is phishing for your Apple ID password. We’ll show you an easy trick to distinguish legit popups from phishing attempts."

The beginning of the end...

Labels:

By : Tighten Cult of Mac Magazine: Why you shouldn’t trust every Apple ID prompt, and more | Cult of Mac 0 comments

10.11.2017
Mac Developer: Israeli spies 'watched Russian agents breach Kaspersky software' - BBC News

Israeli spies 'watched Russian agents breach Kaspersky software' - BBC News: "Israeli spies looked on as Russian hackers breached Kaspersky cyber-security software two years ago, US media report. The Russians were allegedly attempting to gather data on US intelligence programs, according to the New York Times and Washington Post."

Well, they can still sell to the Eastern Bloc and Brazil et al.

Labels:

By : Tighten Israeli spies 'watched Russian agents breach Kaspersky software' - BBC News 0 comments

9.29.2017
Mac Developer: Security study finds old or improperly updated Macs in limited danger from EFI attack vectors

Security study finds old or improperly updated Macs in limited danger from EFI attack vectors: " Duo suggests that Mac system administrators use the Apple-provided combo OS update, instead of delta updates —and to not use restore images to update machines even though it may be quicker."

Executive summary!

Labels:

By : Tighten Security study finds old or improperly updated Macs in limited danger from EFI attack vectors 0 comments

9.28.2017
Mac Developer: Patch alert! Easy-to-exploit flaw in Linux kernel rated 'high risk' • The Register

Patch alert! Easy-to-exploit flaw in Linux kernel rated 'high risk' • The Register: "If a malicious program is built as a Position Independent Executable (PIE), the loader can be exploited to map part of that application's data segment over the memory area reserved for its stack. This can result in memory corruption and possible local privilege escalation."

It's a lot of surface to keep secure.

Labels:

By : Tighten Patch alert! Easy-to-exploit flaw in Linux kernel rated 'high risk' • The Register 0 comments

9.26.2017
Mac Developer: Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked' • The Register

Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked' • The Register: "In addition, it appears that a Deloitte employee uploaded company proxy login credentials to his public Google+ page. The information was up there for over six months – and was removed in the past few minutes."

Trusted computing.

Labels: ,

By : Tighten Deloitte is a sitting duck: Key systems with RDP open, VPN and proxy 'login details leaked' • The Register 0 comments

Mac Developer: macOS's Keychain vulnerability reported earlier in Sept., Apple patch likely coming soon

macOS's Keychain vulnerability reported earlier in Sept., Apple patch likely coming soon: "The Keychain password vulnerability affecting multiple versions of macOS —including High Sierra —was reported to Apple on Sept. 7, and will likely be patched by the company in the near future, according to the security researcher who first publicized the issue. "

Hmmm.

Labels:

By : Tighten macOS's Keychain vulnerability reported earlier in Sept., Apple patch likely coming soon 0 comments

9.25.2017
Mac Developer: In spectacular fail, Adobe security team posts private PGP key on blog | Ars Technica

In spectacular fail, Adobe security team posts private PGP key on blog | Ars Technica: "But instead of clicking on the "public" button, the person responsible clicked on "all" and exported both keys into a text file. Then, without realizing the error, the text file was cut/pasted directly to Adobe's PSIRT blog."

Hmmm.

Labels: ,

By : Tighten In spectacular fail, Adobe security team posts private PGP key on blog | Ars Technica 0 comments

Mac Developer: Justice Department goes nuclear on Google in search warrant fight | Ars Technica

Justice Department goes nuclear on Google in search warrant fight | Ars Technica: "The Supreme Court is expected to announce any day whether it will hear the government's appeal of that Microsoft case, which has huge privacy ramifications for consumers and for the tech sector. The sector is being asked by the US government to comply with court orders that sometimes conflict with the laws of where the data is stored."

Do yeah, do yeah, do yeah?

Labels:

By : Tighten Justice Department goes nuclear on Google in search warrant fight | Ars Technica 0 comments

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2015
All Rights Reserved
Tighten Pro