Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

8.03.2015
Mac Developer: Security researchers build on PC vulnerabilities to create first firmware-based Mac worm

Security researchers build on PC vulnerabilities to create first firmware-based Mac worm: "Firmware attacks are possible because many computer manufacturers put few safeguards in place to prevent malicious updates or changes, leaving many computers vulnerable. According to Wired, Apple could have put protections in place to prevent at least one type of attack discovered by the research group, but apparently elected not to."
More O Daeng!

Labels: ,

By : Tighten Security researchers build on PC vulnerabilities to create first firmware-based Mac worm 0 comments

8.02.2015
Mac Developer: The iOS 8.4 jailbreak app is now available on Mac

The iOS 8.4 jailbreak app is now available on Mac
Do not pass go, do not collect $200.

Labels:

By : Tighten The iOS 8.4 jailbreak app is now available on Mac 0 comments

7.29.2015
Mac Developer: 'Stagefright' Android Text Message Vulnerability May Affect 950M Devices | MacTrast

'Stagefright' Android Text Message Vulnerability May Affect 950M Devices | MacTrast: "A newly discovered security flaw in the Android mobile operating system has been dubbed one of the worst vulnerabilities to date. ‘Stagefright’ could affect around 950 million Android devices."
This is a real goshwhacker.

Labels:

By : Tighten 'Stagefright' Android Text Message Vulnerability May Affect 950M Devices | MacTrast 0 comments

Mac Developer: Hackers combine coded photos and Twitter to hit targets - BBC News

Hackers combine coded photos and Twitter to hit targets - BBC News: "On several occasions, the commands, encrypted by using a technique called steganography, have instructed Hammertoss to upload information from a victim's network to accounts on cloud storage services."
Quite a dance.

Labels:

By : Tighten Hackers combine coded photos and Twitter to hit targets - BBC News 0 comments

7.24.2015
Mac Developer: Hackers Remotely Kill a Jeep on the Highway—With Me in It | WIRED

Hackers Remotely Kill a Jeep on the Highway—With Me in It | WIRED: "The Jeep’s strange behavior wasn’t entirely unexpected. I’d come to St. Louis to be Miller and Valasek’s digital crash-test dummy, a willing subject on whom they could test the car-hacking research they’d been doing over the past year. "
I'd say this falls into the category of "must read"

Labels: , ,

By : Tighten Hackers Remotely Kill a Jeep on the Highway—With Me in It | WIRED 0 comments

7.13.2015
Mac Developer: It's time to uninstall Adobe's Flash from your Mac - here's how

It's time to uninstall Adobe's Flash from your Mac - here's how: "Adobe has patched more than twenty Flash vulnerabilities in the last week — some of them days after active exploits were discovered in the wild — and issued over a dozen Flash Player security advisories since the beginning of this year."
This was my basic thought in 2001. Back then it was more about open standards and accessibility.

Labels:

By : Tighten It's time to uninstall Adobe's Flash from your Mac - here's how 0 comments

7.09.2015
Mac Developer: The unbelievable true story of Farty Troll‘s struggle to release | Cult of Mac

The unbelievable true story of Farty Troll‘s struggle to release | Cult of Mac: "Scott Kurtz, artist and writer of popular webcomic PvP, and his business partner Cory Casoni decided to find out with Farty Troll, a Flappy Bird clone about propelling a flatulent, blue giant named Skull through a maze of coffee cups using nothing but his own wind. Apple repeatedly rejected the app, but after a bit of straining and a lot of effort, it has finally come out."
The curious case of Farty Troll.

Labels:

By : Tighten The unbelievable true story of Farty Troll‘s struggle to release | Cult of Mac 0 comments

7.07.2015
Mac Developer: Hacking Team, the company that sells snooping software to governments, gets hacked | VentureBeat | Security | by Paul Sawers

Hacking Team, the company that sells snooping software to governments, gets hacked | VentureBeat | Security | by Paul Sawers: "Based out of Milan, Italy, Hacking Team has been known for a while, but it hit the headlines last year after security experts revealed the extent to which its software gives law enforcement and intelligence agencies remote access to mobile operating systems. It lets them access texts, phone calls, location data, and other forms of digital communications."
I guess, "Physician, heal thyself!"

Labels:

By : Tighten Hacking Team, the company that sells snooping software to governments, gets hacked | VentureBeat | Security | by Paul Sawers 0 comments

7.04.2015
Mac Developer: This might be our first look at BlackBerry’s Android smartphone (Update) | 9to5Google

This might be our first look at BlackBerry’s Android smartphone (Update) | 9to5Google: "Evan Blass just can’t stop. Earlier today he came out on Twitter to say that BlackBerry’s Android-powered ‘Venice’ smartphone is on its way to AT&T, and now he has shared an image of what looks to be some kind of BlackBerry device running Google’s mobile operating system."
A novel approach might be to run Android as a subsystem under QNX, and keep the highly secure Blackberry mail running in the better (ie. QNX) OS.

Labels:

By : Tighten This might be our first look at BlackBerry’s Android smartphone (Update) | 9to5Google 0 comments

6.29.2015
Mac Developer: Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks | Ars Technica

Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks | Ars Technica: "in 2011 Duqu 1.0 attackers compromised computers at NetLock, a Hungarian certificate authority. That hack allowed them to sign their wares with digital stamps trusted by Windows machines."
Fascinating tale. Or "How I learned to stop worrying and love the Nation-state sponsored cyberwars."

Labels: , ,

By : Tighten Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks | Ars Technica 0 comments

6.25.2015
Mac Developer: NSA, GCHQ hacked Kaspersky, other cybersecurity companies – Snowden docs - YouTube

NSA, GCHQ hacked Kaspersky, other cybersecurity companies – Snowden docs - YouTube: "Published on Jun 23, 2015 US and British spy agencies worked to reverse-engineer antivirus software in order to 'exploit such software and to prevent detection of our activities.' Russian security firm Kaspersky Lab was particularly targeted."
Saw this on RT. Nothing in the Western press about it, which I think is very interesting.

Labels: ,

By : Tighten NSA, GCHQ hacked Kaspersky, other cybersecurity companies – Snowden docs - YouTube 0 comments

Mac Developer: Some T-Mobile iPhone users suffering from random restarts, 'blue screen of death' | iMore

Some T-Mobile iPhone users suffering from random restarts, 'blue screen of death' | iMore: "If you're encountering random reboots on your T-Mobile iPhone, you're not the only one. Several users on social media are reporting that iPhones on the Uncarrier are flashing blue for a second, and randomly rebooting every 20 to 30 minutes."
Is this why there are no more Mac vs. PC ads? Let us use the billions to crush PCs once and for all! Mac! Mac! Mac!

Labels:

By : Tighten Some T-Mobile iPhone users suffering from random restarts, 'blue screen of death' | iMore 0 comments

6.24.2015
Mac Developer: XARA, deconstructed: An in-depth look at OS X and iOS cross-app resource attacks | iMore

XARA, deconstructed: An in-depth look at OS X and iOS cross-app resource attacks | iMore: "This week, security researchers from Indiana University released details of four security vulnerabilities they discovered in Mac OS X and iOS. The researchers detailed their discoveries of what they call 'cross-app resource attacks' (referred to as XARA) in a whitepaper released Wednesday. Unfortunately, there has been a lot of confusion surrounding their research."
A little more about XARA which I think is quite serious on OSX.

Labels:

By : Tighten XARA, deconstructed: An in-depth look at OS X and iOS cross-app resource attacks | iMore 0 comments

6.23.2015
Mac Developer: Popcorn Time for iOS passes 1 million downloads on non-jailbroken devices | VentureBeat | Media | by Emil Protalinski

Popcorn Time for iOS passes 1 million downloads on non-jailbroken devices | VentureBeat | Media | by Emil Protalinski: "Because sideloading apps onto iOS was not achievable without jailbreaking your device, until now, the Popcorn Time group is ecstatic at having reached this milestone. It shows that iOS users are not just very interested in a Popcorn Time app for iOS, but they are eager to try an alternative to jailbreaking in order to get apps that Apple doesn’t approve of."
Don't fret. This is probably a good thing at this point in the evolution of the OS.

Labels:

By : Tighten Popcorn Time for iOS passes 1 million downloads on non-jailbroken devices | VentureBeat | Media | by Emil Protalinski 0 comments

6.18.2015
Mac Developer: Developer hacks Apple Watch to run native UIKit apps on watchOS 1.0 | 9to5Mac

Developer hacks Apple Watch to run native UIKit apps on watchOS 1.0 | 9to5Mac: "Well-known developer Steve Troughton-Smith, who previously was able to get real UIKit-backed apps running on Apple Watch with watchOS 2.0, now says that he has gotten native UIKit apps running on watchOS 1.0. Smith shared a video showing off the feat, which can be seen via the embed below."
O Daeng!

Labels:

By : Tighten Developer hacks Apple Watch to run native UIKit apps on watchOS 1.0 | 9to5Mac 0 comments

Mac Developer: Major zero-day security flaws in iOS & OS X allow theft of both Keychain and app passwords | 9to5Mac

Major zero-day security flaws in iOS & OS X allow theft of both Keychain and app passwords | 9to5Mac: "Researchers from Indiana University and the Georgia Institute of Technology said that security holes in both iOS and OS X allow a malicious app to steal passwords from Apple’s Keychain, as well as both Apple and third-party apps. The claims appear to have been confirmed by Apple, Google and others."
Hmmmm.

Labels: , , ,

By : Tighten Major zero-day security flaws in iOS & OS X allow theft of both Keychain and app passwords | 9to5Mac 0 comments

6.15.2015
Mac Developer: The US Navy wants to buy unpatched security flaws

The US Navy wants to buy unpatched security flaws: "It won't surprise you to hear that governments are eager to buy unpatched security exploits for the sake of cyberdefense or surveillance, but they're rarely overt about it. No one must have told that to the US Navy until this week, however. The Electronic Frontier Foundation caught the military branch soliciting for both zero-day exploits and recently discovered vulnerabilities (less than six months old) for relatively common software from the likes of Apple, Google and Microsoft."
I don't feel like I'm the target. Do you?

Labels:

By : Tighten The US Navy wants to buy unpatched security flaws 0 comments

6.12.2015
Mac Developer: Report: Hack of government employee records discovered by product demo | Ars Technica

Report: Hack of government employee records discovered by product demo | Ars Technica: "Those statements may not be entirely accurate. According to a Wall Street Journal report, the breach was indeed discovered in April. But according to sources who spoke to the WSJ's Damian Paletta and Siobhan Hughes, it was in fact discovered during a sales demonstration of a network forensics software package called CyFIR by its developer, CyTech Services."
Will the truth be known?

Labels:

By : Tighten Report: Hack of government employee records discovered by product demo | Ars Technica 0 comments

6.09.2015
Mac Developer: Apple combines iOS and Mac developer programs into single Apple Developer Program | 9to5Mac

Apple combines iOS and Mac developer programs into single Apple Developer Program | 9to5Mac: "Apple has ended its separate iOS and Mac developer programs that required software makers to buy two different memberships in order to publish across the company’s various platforms and replaecd them with a single combined Apple Developer Program."
Even when they were separate the membership was still cheaper than buying a codesign certificate for WinXP development from a 3rd party service provider. Or call me wrong.

https://www.sslshopper.com/microsoft-authenticode-certificates.html

The range is $200 to $500 with no assurances as to the security of the root CA. With Apple's root protecting billions in IP, I feel pretty confident the trust chain is banzai!

Labels:

By : Tighten Apple combines iOS and Mac developer programs into single Apple Developer Program | 9to5Mac 0 comments

6.07.2015
Mac Developer: Edward Snowden hails Apple as 'pioneering' for iOS 8 security measures

Edward Snowden hails Apple as 'pioneering' for iOS 8 security measures: "'Basic technical safeguards such as encryption — once considered esoteric and unnecessary — are now enabled by default in the products of pioneering companies like Apple, ensuring that even if your phone is stolen, your private life remains private,' Snowden said."
Snowden gives thumbs up to iOS security.

Labels: ,

By : Tighten Edward Snowden hails Apple as 'pioneering' for iOS 8 security measures 0 comments

6.03.2015
Mac Developer: New exploit leaves most Macs vulnerable to permanent backdooring | Ars Technica

New exploit leaves most Macs vulnerable to permanent backdooring | Ars Technica: "The attack, according to a blog post published Friday by well-known OS X security researcher Pedro Vilaca, affects Macs shipped prior to the middle of 2014 that are allowed to go into sleep mode. He found a way to reflash a Mac's BIOS using functionality contained in userland, which is the part of an operating system where installed applications and drivers are executed. By exploiting vulnerabilities such as those regularly found in Safari and other Web browsers, attackers can install malicious firmware that survives hard drive reformatting and reinstallation of the operating system."
Kind of disheartening, really.

Labels:

By : Tighten New exploit leaves most Macs vulnerable to permanent backdooring | Ars Technica 0 comments

5.29.2015
Mac Developer: Opinion: Google’s new Photos may just have won my library away from Apple | 9to5Mac

Opinion: Google’s new Photos may just have won my library away from Apple | 9to5Mac
My relationship with Apple’s hardware is simple: I’m happily locked in, and not changing platforms any time soon. But my relationship with Apple’s software is complex: I want to love it, but every time Apple decides to “throw everything away” and “start over” with an app, it’s disruptive — and for many users, unnecessary.


When you treat software like furniture or jewelry. Imagine getting up in the morning to go to work and having to learn how to drive a car all over again. I've got other things to do. It's not just Apple. Google just messed up their contacts webapp. It was my favorite and now I can't stand it. Unfortunately, because it's tightly integrated with gmail and hangouts and voice, I'm more or less forced to use it.

Once again, it's like the web programmers are in charge of everything. Which is why dropbox doesn't work from a CoreDuo MacBook running 10.6.8 and Chrome.

I think Steve Jobs famously said he hoped the internet would never lose it's "dial tone" HTML functionality. If you ask me, the dial tone is gone silent.

Labels:

By : Tighten Opinion: Google’s new Photos may just have won my library away from Apple | 9to5Mac 0 comments

5.28.2015
Mac Developer: Security Bug in Safari Browsers Puts OS X and iOS Users at Risk | The Mac Security Blog

Security Bug in Safari Browsers Puts OS X and iOS Users at Risk | The Mac Security Blog
Security researchers have discovered a serious Safari address-spoofing bug that can deceive users about the sites they're visiting. The exploit works on fully patched versions of OS X and iOS, and could be used by cyber-criminals in phishing or malware attacks.


Once again, Safari providing the holes while the reams of third party developers trying to shoehorn their code into increasingly restrictive runtime requirements. I like the security features of OSX, I just think that the attack vectors are not small 3rd party apps in the Mac App Store.

Labels:

By : Tighten Security Bug in Safari Browsers Puts OS X and iOS Users at Risk | The Mac Security Blog 0 comments

Mac Developer: Bug in iOS Unicode handling crashes iPhones with a simple text

Bug in iOS Unicode handling crashes iPhones with a simple text
A peculiar iOS bug apparently that allows pranksters to crash a victim's iPhone by sending a text message from their own iPhone containing what appears to be a single line of seemingly innocuous Arabic script.


A little troubling to be sure.

Labels: ,

By : Tighten Bug in iOS Unicode handling crashes iPhones with a simple text 0 comments

5.25.2015
Mac Developer: Security features in Mac OS X Yosemite | Kaspersky Lab Official Blog

Security features in Mac OS X Yosemite | Kaspersky Lab Official Blog
It doesn’t, however, mean that it is an “absolutely” protected operating system – unfortunately, there are no such systems. Moreover, the number of threats targeting OS X, specifically, is growing as is the number of Mac users. This certainly has drawn the attention of criminals, who are looking into vulnerabilities and occasionally finding them.


Some attention directed here. Not nearly as much as directed elsewhere, thank goodness.

Labels: , ,

By : Tighten Security features in Mac OS X Yosemite | Kaspersky Lab Official Blog 0 comments

5.24.2015
Mac Developer: Chrome for Android goes almost “entirely open source” | 9to5Google

Chrome for Android goes almost “entirely open source” | 9to5Google
Launched in September 2008, Google’s Chrome browser is now dominant in its share of the desktop web browser market, with approximately 1 in 4 Internet users interfacing with the web using the browser.


This is now the only secure, modern browser that runs under Snow Leopard. Which indicates security policy. I wish they would port Chrome to XP SP2. I'm sure that's still 500 million desktops, if there were 2 billion to begin with.

Labels:

By : Tighten Chrome for Android goes almost “entirely open source” | 9to5Google 0 comments

5.23.2015
Mac Developer: Apple attends 'spy summit' to discuss data privacy, mass surveillance issues

Apple attends 'spy summit' to discuss data privacy, mass surveillance issues
According to The Intercept, which obtained a copy of the event program, the summit was chaired by former British MI6 Sir John Scarlett as part of an ongoing series of conferences put on by the Ditchley Foundation. Said to discuss "complex issues of international concern," these highly confidential meetings are held at the foundation's mansion in Oxfordshire.


As long as they've got someone with the title "Sir" leading the discussion, I'm sure everything will be grand.

Labels:

By : Tighten Apple attends 'spy summit' to discuss data privacy, mass surveillance issues 0 comments

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2015
All Rights Reserved
Tighten Pro