Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

12.02.2016
Mac Developer: Buffer overflow exploit can bypass Activation Lock on iPads running iOS 10.1.1 | Ars Technica

Buffer overflow exploit can bypass Activation Lock on iPads running iOS 10.1.1 | Ars Technica: "The feature has been difficult to crack, but a new exploit disclosed by Vulnerability Lab security analyst Benjamin Kunz Mejri uses a buffer overflow exploit and some iPad-specific bugs to bypass Activation Lock in iOS 10.1.1."

iPhones are what's at risk for snatchey-time.

Labels: , ,

By : Tighten Buffer overflow exploit can bypass Activation Lock on iPads running iOS 10.1.1 | Ars Technica 0 comments

12.01.2016
Mac Developer: Legal raids in five countries seize botnet servers, sinkhole 800,000+ domains | Ars Technica

Legal raids in five countries seize botnet servers, sinkhole 800,000+ domains | Ars Technica: "In 2010, an Anti-Phishing Working Group report called out Avalanche as "the world’s most prolific phishing gang," noting that the Avalanche botnet was responsible for two-thirds of all phishing attacks recorded in the second half of 2009 (84,250 out of 126,697). "During that time, it targeted more than 40 major financial institutions, online services, and job search providers," APWG reported. In December of 2009, the network used 959 distinct domains for its phishing campaigns. Avalanche also actively spread the Zeus financial fraud botnet at the time."

Hmmm.

Labels: , ,

By : Tighten Legal raids in five countries seize botnet servers, sinkhole 800,000+ domains | Ars Technica 0 comments

11.30.2016
Mac Developer: Gooligan malware roots 1M Android phones in "largest Google account breach to date"

Gooligan malware roots 1M Android phones in "largest Google account breach to date": "A new strain of Android malware dubbed "Gooligan," thought to be "the largest Google account breach to date," is already in active circulation and three-fourths of the Android installed base is vulnerable. Once infected, devices give hackers access to the users' Gmail, Google Photos, Docs, Drive and other Google services accounts. "

So excited to have a new iPhone courtesy of a free upgrade from my carrier. I enjoyed learning about Android, but in the end, let me say it again: interpreted languages SUCK! 6502 ASM forever!

Labels:

By : Tighten Gooligan malware roots 1M Android phones in "largest Google account breach to date" 0 comments

Mac Developer: Journalist linked to Anonymous released from prison - CNET

Journalist linked to Anonymous released from prison - CNET: "Barrett Brown, a journalist who served as an unofficial spokesman for various Anonymous hacking operations, was released from prison Tuesday after serving more than four years behind bars for sharing stolen data and threatening an FBI agent.

More of Obama's sad legacy.

Labels:

By : Tighten Journalist linked to Anonymous released from prison - CNET 0 comments

11.29.2016
Mac Developer: Worried about US surveillance, Internet Archive announces mirror in Canada | Ars Technica

Worried about US surveillance, Internet Archive announces mirror in Canada | Ars Technica: "In a Tuesday blog post, Brewster Kahle, the founder of the Internet Archive, announced plans to mirror the entire massive repository in Canada—largely over fear of the incoming Trump administration."

Hidden among the moose and beavers.

Labels:

By : Tighten Worried about US surveillance, Internet Archive announces mirror in Canada | Ars Technica 0 comments

11.27.2016
Mac Developer: Security researcher Morgan Marquis-Boire explains “data contraception” | Ars Technica

Security researcher Morgan Marquis-Boire explains “data contraception” | Ars TechnicaMarquis-Boire also told us about the difference between doing security for a company like Google vs. First Look Media. First Look is the company that owns The Intercept, which has published Snowden documents. So part of his job is protecting those documents, as well as the journalists reporting on them and similarly sensitive information. It sounds difficult, but one of the first things he realized was that he could just store things off the network. That never would have been an option at Google.
The Marquis de Security.

Labels:

By : Tighten Security researcher Morgan Marquis-Boire explains “data contraception” | Ars Technica 0 comments

11.26.2016
Mac Developer: Cyber college for wannabe codebreakers planned at UK’s iconic Bletchley Park | Ars Technica

Cyber college for wannabe codebreakers planned at UK’s iconic Bletchley Park | Ars Technica: "Bletchley Park—the home of codebreakers whose pioneering work helped Britain and its allies win the Second World War—could be the site for a College of National Security, with plans for it to open in 2018."

Your future home.

Labels: ,

By : Tighten Cyber college for wannabe codebreakers planned at UK’s iconic Bletchley Park | Ars Technica 0 comments

Mac Developer: Poison .JPG spreading ransomware through Facebook Messenger • The Register

Poison .JPG spreading ransomware through Facebook Messenger • The Register: "The security firm has not released technical details as the flaw it relies on still impacts Facebook and LinkedIn, among other unnamed web properties."

Security is hard, unless you build your apps with JavaScript, in which case it is impossible.

Labels:

By : Tighten Poison .JPG spreading ransomware through Facebook Messenger • The Register 0 comments

11.24.2016
Mac Developer: Get patching: Xen bug blows hypervisor security to bits – literally • The Register

Get patching: Xen bug blows hypervisor security to bits – literally • The Register: "Meanwhile, Lars Kurth, of the Xen project, has blogged about how the vulnerabilities were found – internal audits and fuzzing"

Run - it's the fuzz, man!

Labels: ,

By : Tighten Get patching: Xen bug blows hypervisor security to bits – literally • The Register 0 comments

11.23.2016
Mac Developer: President-elect Trump considers potential Apple manufacturing in US a 'real achievement'

President-elect Trump considers potential Apple manufacturing in US a 'real achievement': ""Tim, you know one of the things that will be a real achievement for me is when I get Apple to build a big plant in the United States, or many big plants in the United States," recounted Trump to the New York Times about the recent call with the Apple CEO. "Instead of going to China, and going to Vietnam, and going to the places that you go to, you're making your product right here.""

Apple ][ computers were made in America.

Labels:

By : Tighten President-elect Trump considers potential Apple manufacturing in US a 'real achievement' 0 comments

Mac Developer: FYI: The FBI is being awfully evasive about its fresh cyber-spy powers • The Register

FYI: The FBI is being awfully evasive about its fresh cyber-spy powers • The Register: "Those are the spying powers granted by Congressional inaction over an update to Rule 41 of the Federal Rules of Criminal Procedure. These changes will kick in on December 1 unless they are somehow stopped, and it's highly unlikely they will be challenged as we slide into the Thanksgiving weekend.

More of Obama's legacy.

Labels:

By : Tighten FYI: The FBI is being awfully evasive about its fresh cyber-spy powers • The Register 0 comments

11.16.2016
Mac Developer: PoisonTap fools your PC into thinking the whole internet lives in an rPi • The Register

PoisonTap fools your PC into thinking the whole internet lives in an rPi • The Register: "How do you get a sniff of a locked computer? Tell it you're its gateway to the entire Internet IPv4 routing space.

That's the basic principle behind a demo from brainiac cracker Samy Kamkar. Plugged into a victim, his Raspberry Pi Zero-based "PoisonTap" isn't just a network sniffer, it's a backdoor-digger.

MacOS users can breathe a sigh of relief: Kamkar's attack currently only works on Windows and Linux boxen.

Breathing now.

Labels:

By : Tighten PoisonTap fools your PC into thinking the whole internet lives in an rPi • The Register 0 comments

Mac Developer: Microsoft releases preview edition of Visual Studio for Mac

Microsoft releases preview edition of Visual Studio for Mac: "As anticipated earlier this week, Microsoft on Wednesday released Visual Studio for the Mac, bringing over one of its signature Windows developer tools."

Dang!

Labels:

By : Tighten Microsoft releases preview edition of Visual Studio for Mac 0 comments

11.15.2016
Mac Developer: Monitoring software on some US Android phones sent text messages, location info to China

Monitoring software on some US Android phones sent text messages, location info to China: "Pre-installed software on some Android phones from a developer contracted to develop the software for an undisclosed Chinese manufacturer sends the contents of text messages composed on the device, in addition to other user metadata, to a server in China."

Quite unfortunate.

Labels:

By : Tighten Monitoring software on some US Android phones sent text messages, location info to China 0 comments

Mac Developer: Pwnfest drops a nasty surprise on VMware • The Register

Pwnfest drops a nasty surprise on VMware • The Register: "The bug scores a critical rating because it could allow a guest to “execute code on the operating system that runs Workstation or Fusion”, the company's advisory says. That's a big no-no in the virtual world: hypervisors are supposed to contain guests and keep the host OS pristine."

Filed under security is hard, and even if you are secure, your VM might be at risk.

Labels: ,

By : Tighten Pwnfest drops a nasty surprise on VMware • The Register 0 comments

11.14.2016
Mac Developer: Study finds malware lurking in Amazon, Google and Groupon cloud services - PC & Tech Authority

Study finds malware lurking in Amazon, Google and Groupon cloud services - PC & Tech Authority: "Researchers from the Georgia Institute of Technology, Indiana University Bloomington and the University of California Santa Barbara scanned more than 140,000 sites on 20 major cloud hosting services and found that as many as 10 percent of the repositories hosted by them had been compromised, according to the “Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service” report."

So many places to hide, so many surfaces to protect.

Labels:

By : Tighten Study finds malware lurking in Amazon, Google and Groupon cloud services - PC & Tech Authority 0 comments

11.13.2016
Mac Developer: Mac administrators brace for big changes to Apple-powered fleets • The Register

Mac administrators brace for big changes to Apple-powered fleets • The Register: "The idea of a shift to MDM was outlined by admin Michael Lynn earlier this fall in a blog post, and immediately gained a following. While Lynn stresses that his piece was merely speculation and not a prediction of Apple's plans, a number of other admins who manage Mac networks and spoke with The Register believe he is onto something, and that Apple is in fact looking to move toward an MDM model for managing macOS machines."

Things that go hmmmm in the night.

Labels: ,

By : Tighten Mac administrators brace for big changes to Apple-powered fleets • The Register 0 comments

11.12.2016
Mac Developer: CoinDesk Bitcoin Startup Blockstream Seeking Patent for Sidechains Design - CoinDesk

CoinDesk Bitcoin Startup Blockstream Seeking Patent for Sidechains Design - CoinDesk: "Sidechains are envisioned as a way to allow the movement of digital assets from one blockchain to another, opening the door to new kinds of applications and experiments using the tech."

Downstream from the fork in the hash.

Labels:

By : Tighten CoinDesk Bitcoin Startup Blockstream Seeking Patent for Sidechains Design - CoinDesk 0 comments

Mac Developer: Google Pixel pwned in 60 seconds • The Register

Google Pixel pwned in 60 seconds • The Register: "Apple's updated Safari browser running on MacOS Sierra also fell. Respected Chinese hacker outfit Pangu Team renowned for releasing million-dollar persistent modern iOS jailbreaks for free, along with hacker JH, blasted Cupertino's web browser with a root privilege escalation zero day that took 20 seconds to run, earning the team $80,000."

How many fingers am I holding up?

Labels:

By : Tighten Google Pixel pwned in 60 seconds • The Register 0 comments

11.10.2016
Mac Developer: Hackers cook god-mode remote exploits against Edge, VMware in world-first • The Register

Hackers cook god-mode remote exploits against Edge, VMware in world-first • The Register: "Power of Community Hackers have twice completely compromised Microsoft Edge operating on Windows 10 Red Stone 1 and for the first time twice broken VMWare Workstation without user interaction."

Who could keep up?

Labels:

By : Tighten Hackers cook god-mode remote exploits against Edge, VMware in world-first • The Register 0 comments

11.09.2016
Mac Developer: Bay Area: Join us 11/16 to talk about infosec for dissidents and citizens | Ars Technica

Bay Area: Join us 11/16 to talk about infosec for dissidents and citizens | Ars Technica: "The eighth episode of Ars Technica Live is coming up next Wednesday, November 16, in Oakland, California, at Longitude! Join Ars Technica editors Dan Goodin and Annalee Newitz with guest Morgan Marquis-Boire for a conversation about infosec, surveillance, and digital authoritarianism."

If you're not part of the solution, you're part of the problem.

Labels:

By : Tighten Bay Area: Join us 11/16 to talk about infosec for dissidents and citizens | Ars Technica 0 comments

Mac Developer: Browsers nix add-on after Web of Trust is caught selling users' browsing histories • The Register

Browsers nix add-on after Web of Trust is caught selling users' browsing histories • The Register: "Updated A browser extension which was found to be harvesting users' browsing histories and selling them to third parties has had its availability pulled from a number of web browsers' add-on repositories."

Things that go hmmm in the night. As if seeing advertisements derived from the contents of your Amazon shopping card wasn't creepy enough.

Labels: , ,

By : Tighten Browsers nix add-on after Web of Trust is caught selling users' browsing histories • The Register 0 comments

11.07.2016
Mac Developer: Fake apps on Apple App Stores seeing a pre-holiday surge, purges ongoing

Fake apps on Apple App Stores seeing a pre-holiday surge, purges ongoing: "A report by the New York Times points out that a rogue app producer going by the name of "Footlocke Sports" populated the app store with fake apps for Puma, Nike, Canada Goose, Celine, and others. The apps, when functional, were attempting to induce shoppers to buy products that would never arrive, with the scammers collecting user information and credit card data."

But your valid, innocuous app has been rejected due to violation of some meaningless clause in the app store guidelines.

Labels:

By : Tighten Fake apps on Apple App Stores seeing a pre-holiday surge, purges ongoing 0 comments

11.06.2016
Mac Developer: This evil office printer hijacks your cellphone connection | Ars Technica

This evil office printer hijacks your cellphone connection | Ars Technica: "Oliver built his spy printer from easy-to-buy hardware: A Raspberry Pi minicomputer, a BladeRF software-defined radio, two GSM antennae and of course, a Hewlett Packard Laserjet 1320 printer. He’s also released the code for Stealth Cell Tower on his website."

Whoa!

Labels: , ,

By : Tighten This evil office printer hijacks your cellphone connection | Ars Technica 0 comments

Mac Developer: What is a blockchain, and why is it growing in popularity? | Ars Technica

What is a blockchain, and why is it growing in popularity? | Ars Technica: "Blockchains: For when everyone distrusts each other"

Lots of change coming to the Department of Transparency.

Labels: ,

By : Tighten What is a blockchain, and why is it growing in popularity? | Ars Technica 0 comments

11.05.2016
Mac Developer: How ThousandEyes grew up from discarded computers - Business Insider

How ThousandEyes grew up from discarded computers - Business Insider: "They also bought used servers from a place in Sunnyvale called Weird Stuff. "It used to be a common stop for us," Lad said."

This is an awesome article.

Labels:

By : Tighten How ThousandEyes grew up from discarded computers - Business Insider 0 comments

Mac Developer: Google knifes Eclipse Android Developer Tools • The Register

Google knifes Eclipse Android Developer Tools • The Register: "Android Studio 2.2 was previewed at Google I/O 2016, an event described as "the conference version of hell," and released in September."

The real hell is Android performance. Native code forever and no pooftas!

Labels:

By : Tighten Google knifes Eclipse Android Developer Tools • The Register 0 comments

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2015
All Rights Reserved
Tighten Pro