Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

5.25.2017
Mac Developer: Fragile Base Class

If you want to see an example of the fragile base class problem in action, just run one of the, I dunno, 20 or so Cocoa applications I wrote in Xcode (from 2007-present) on Sierra. I spent a lot of time ensuring they were bug-free on 10.6-10.10. Here's a hint: new design idiom, new base classes. Don't be trying to staple new underwear onto the baby.

For a comparand, I have 16-bit Windows applications I wrote in 1989 that still run in the WOW layer. This is why Microsoft rules the corporate desktop and no amount of clever advertising (throwing shade) is going to change that. Sadly.

But I guess you win some and you lose some: yesterday I learned that iMovie '11 runs perfectly on Sierra. For certain jobs, it's my tool of choice (4:3 small and fast m4v files).

Labels:

By : Tighten Fragile Base Class 0 comments

5.21.2017
Mac Developer: Fearing Shadow Brokers leak, NSA reported critical flaw to Microsoft | Ars Technica

Fearing Shadow Brokers leak, NSA reported critical flaw to Microsoft | Ars Technica: "Four weeks later, MS17-010 was released. And precisely 28 days after that, the Shadow Brokers published EternalBlue, DoublePulsar, and dozens more hacking tools."

Hmmmm.

Labels: ,

By : Tighten Fearing Shadow Brokers leak, NSA reported critical flaw to Microsoft | Ars Technica 0 comments

5.20.2017
Mac Developer: Security firm recovers iCloud Notes beyond Apple's 30-day deletion window

Security firm recovers iCloud Notes beyond Apple's 30-day deletion window: "Using a new version of its Phone Breaker tool, Russia's Elcomsoft said it was able to retrieve notes dating weeks, months, or years beyond Apple's 30-day window. In extreme cases, notes were retrieved from as far back as 2015."

NOTE TO SELF: Pen and paper.

Labels:

By : Tighten Security firm recovers iCloud Notes beyond Apple's 30-day deletion window 0 comments

Mac Developer: 'Fair Repair Act' proposal in New York under fire by Apple lobbyists

'Fair Repair Act' proposal in New York under fire by Apple lobbyists: "A bill currently on the table which would require electronics companies to sell replacement parts and service tools to the general public is being challenged by a lobbyist group being funded by Apple."

https://www.youtube.com/watch?v=BxShzoUjiAQ

Labels:

By : Tighten 'Fair Repair Act' proposal in New York under fire by Apple lobbyists 0 comments

5.17.2017
Mac Developer: Massive cryptocurrency botnet used leaked NSA exploits weeks before WCry | Ars Technica

Massive cryptocurrency botnet used leaked NSA exploits weeks before WCry | Ars Technica: "The researcher went on to say this overlooked attack may have limited the spread of WannaCry by shutting down SMB networking to prevent the compromised machines from falling into the hands of competing botnets."

Brave new world.

Labels: ,

By : Tighten Massive cryptocurrency botnet used leaked NSA exploits weeks before WCry | Ars Technica 0 comments

5.13.2017
Mac Developer: Kaspersky Denies Report It Might Help Russian Government Spy on US Citizens

Kaspersky Denies Report It Might Help Russian Government Spy on US Citizens: "Some of the accusations and fears are based on the fact that Eugene Kaspersky, founder and CEO of Kaspersky Lab, was trained by the KGB and worked as a Soviet intelligence officer in the Red Army, a period which he previously declined to talk about."

May you live in interesting times...

Labels:

By : Tighten Kaspersky Denies Report It Might Help Russian Government Spy on US Citizens 0 comments

Mac Developer: Keylogger Found in Audio Driver of HP Laptops

Keylogger Found in Audio Driver of HP Laptops: "The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user's keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look."

I can't hear you, could you turn it up?

Labels:

By : Tighten Keylogger Found in Audio Driver of HP Laptops 0 comments

5.10.2017
Mac Developer: Microsoft launches finished Visual Studio for Mac with support for all Apple platforms

Microsoft launches finished Visual Studio for Mac with support for all Apple platforms: "The finished Studio release can be used to create apps for macOS, iOS, tvOS, watchOS and Android, as well as Web and cloud apps, Microsoft said. Some features include Git integration, an extension system, and multi-platform app templates."

I'm a big fan of Apple products and a long-time lover of Xcode. However, with that said, once the iPhone started taking off, Xcode became a somewhat hostile platform for traditional Mac development. Too many changes, too many compromises from supporting both iOS/Mac in one tool, too many releases, too little backwards compatibility, too many bugs. Too many great Mac development features were ripped out of Xcode. I still enjoy/use the tools but I also like to be able to chart a practical development plan without getting hit on the head with a forced upgrade once a year. Not everything about agile and continuous deployment is a boon. Microsoft, for what it's worth, built a huge business by taking care of their ISV's first, not chasing consumer fads. The ISV's built Windows into what it is, a platform juggernaut in vertical and horizontal markets. I'm cautiously optimistic about these new tools from Microsoft and I also think it's great for the Mac platform to have more serious developers using Macs for everything: shell scripting, Android, Mac, iOS, web, and, why not, Windows and C#.

Honestly, I don't need a new compiler and a new operating system upgrade once a year. And I don't think anyone else does either. Except maybe the press.

It could be worse though, one might be stuck maintaining JavaScript. That's the real nightmare: code written last week that only runs on one browser (and only the build that came out last week).

Mac OS X development was so orderly under the stewardship of Avie Tevanian.

Here are some interesting, related thoughts about the lack real value in the hype of constant churn:
youtube.com/watch?v=3E7hkPZ-HTk
https://arstechnica.com/information-technology/2017/05/windows-10-hits-500-million-devices-growing-by-two-thirds-in-a-year/

Labels:

By : Tighten Microsoft launches finished Visual Studio for Mac with support for all Apple platforms 0 comments

Mac Developer: It's 2017 and Windows PCs are being owned by EPS files, webpages • The Register

It's 2017 and Windows PCs are being owned by EPS files, webpages • The Register: "Basically, when a vulnerable installation of Office opens a booby-trapped EPS document, it can end up executing code within the file, and this code can use the privilege escalation hole to gain full control over the machine – essentially allowing emailed and downloaded documents to hijack computers and install spyware and other nasties, if victims are tricked into opening them."

Security, it's not getting easier.

Labels: ,

By : Tighten It's 2017 and Windows PCs are being owned by EPS files, webpages • The Register 0 comments

Mac Developer: Crooks can nick Brits' identities just by picking up the phone and lying • The Register

Crooks can nick Brits' identities just by picking up the phone and lying • The Register: "Data breaches, social media footprints and other open-source information can help facilitate this process. Often fraudsters need to approach their intended mark to get enough information, according to Cifas."

When the answers to your security questions are in your public Facebook profile.

Labels:

By : Tighten Crooks can nick Brits' identities just by picking up the phone and lying • The Register 0 comments

5.07.2017
Mac Developer: Russian RATs bite Handbrake OSX download mirror • The Register

Russian RATs bite Handbrake OSX download mirror • The Register: "“Anyone who has installed HandBrake for Mac needs to verify their system is not infected with a Trojan. You have 50/50 chance if you've downloaded HandBrake during this period,” the note states. Windows users aren't affected."

Watch your parking meters...

Labels: ,

By : Tighten Russian RATs bite Handbrake OSX download mirror • The Register 0 comments

5.06.2017
Mac Developer: How to remote hijack computers using Intel's insecure chips: Just use an empty login string • The Register

How to remote hijack computers using Intel's insecure chips: Just use an empty login string • The Register: "Intel provides a remote management toolkit called AMT for its business and enterprise-friendly processors; this software is part of Chipzilla's vPro suite and runs at the firmware level, below and out of sight of Windows, Linux, or whatever operating system you're using. The code runs on Intel's Management Engine, a tiny secret computer within your computer that has full control of the hardware and talks directly to the network port, allowing a device to be remotely controlled regardless of whatever OS and applications are running, or not, above it."

Geez Louise!

Labels: , ,

By : Tighten How to remote hijack computers using Intel's insecure chips: Just use an empty login string • The Register 0 comments

Mac Developer: Windows malware 'Snake' ported to Mac for first time, masquerades as Adobe Flash

Windows malware 'Snake' ported to Mac for first time, masquerades as Adobe Flash: "A piece of malware long targeting Windows users —known sometimes as "Snake," "Turla," or "Uroboros" —is now reportedly being turned against Mac owners."

Not everything should be cross-ported.

Labels:

By : Tighten Windows malware 'Snake' ported to Mac for first time, masquerades as Adobe Flash 0 comments

5.05.2017
Mac Developer: Inside the 'Stalkerware' Surveillance Market, Where Ordinary People Tap Each Other's Phones - Motherboard

Inside the 'Stalkerware' Surveillance Market, Where Ordinary People Tap Each Other's Phones - Motherboard: "John is just one of tens of thousands of individuals around the world who are unwitting targets of powerful, relatively cheap spyware that anyone can buy. Ordinary people—lawyers, teachers, construction workers, parents, jealous lovers—have bought malware to monitor mobile phones or computers, according to a large cache of hacked files from Retina-X and FlexiSpy, another spyware company."

Dang!

Labels:

By : Tighten Inside the 'Stalkerware' Surveillance Market, Where Ordinary People Tap Each Other's Phones - Motherboard 0 comments

Mac Developer: We Were Warned About Flaws in the Mobile Data Backbone for Years. Now 2FA Is Screwed. - Motherboard

We Were Warned About Flaws in the Mobile Data Backbone for Years. Now 2FA Is Screwed. - Motherboard: "For years, researchers, hackers, and even some politicians have warned about stark vulnerabilities in a mobile data network called SS7. These flaws allow attackers to listen to calls, intercept text messages, and pinpoint a device's location armed with just the target's phone number. "

Tick tock tick tock.

Labels: ,

By : Tighten We Were Warned About Flaws in the Mobile Data Backbone for Years. Now 2FA Is Screwed. - Motherboard 0 comments

5.03.2017
Mac Developer: Don’t trust OAuth: Why the “Google Docs” worm was so convincing | Ars Technica

Don’t trust OAuth: Why the “Google Docs” worm was so convincing | Ars Technica: "An evil phishing worm masquerading as "Google Docs" took the Internet by storm today. It sent an e-mail claiming to be from a friend or relative who wanted to share a document with you. Clicking on the "Open in Docs" button asked you to log in to Google, then it popped up a familiar OAuth request asking for some permissions."

Leggo my eggo.

Labels:

By : Tighten Don’t trust OAuth: Why the “Google Docs” worm was so convincing | Ars Technica 0 comments

Mac Developer: Tim Cook says Apple is 'investing aggressively' in the future of the Mac

Tim Cook says Apple is 'investing aggressively' in the future of the Mac: "Apple noted that it sold 4.2 million Macs, up 4 percent from the year-ago quarter, in a market that isn't growing. Specifically, the MacBook Pro sales grew the company's portable growth by 10 percent, more than twice the expansion of the category industry-wide."

Can't we take the 300bn in cash parked overseas and crush Wintel? Don't quite understand this.

Labels:

By : Tighten Tim Cook says Apple is 'investing aggressively' in the future of the Mac 0 comments

5.02.2017
Mac Developer: Pen-tester gets past Microsoft VB macro barriers • The Register

Pen-tester gets past Microsoft VB macro barriers • The Register: "A nice side affect [sic] is that the user will inadvertently trigger the payload if they try “forward” it to the incident response team”, he writes."

Hmmm.

Labels:

By : Tighten Pen-tester gets past Microsoft VB macro barriers • The Register 0 comments

5.01.2017
Mac Developer: Red alert! Intel patches remote execution hole that's been hidden in its chips since 2008 • The Register

Red alert! Intel patches remote execution hole that's been hidden in its chips since 2008 • The Register: "For the past nine years, millions of Intel desktop and server chips have harbored a security flaw that can be exploited to remotely control and infect vulnerable systems with spyware."

Good lord! Who updates firmware? Nobody expects the Spanish inquisition!

Labels:

By : Tighten Red alert! Intel patches remote execution hole that's been hidden in its chips since 2008 • The Register 0 comments

Mac Developer: California Spent Nearly $1.8 Million on Controversial Facial Recognition Software - Motherboard

California Spent Nearly $1.8 Million on Controversial Facial Recognition Software - Motherboard: "In responding to our records request California Department of Justice (CADOJ) has provided documents detailing its acquisition of an expansive and highly advanced facial recognition system. We also received two booklets that explain how the system works and its vast array of specifications."

Hey look, the year is 1984.

Labels:

By : Tighten California Spent Nearly $1.8 Million on Controversial Facial Recognition Software - Motherboard 0 comments

4.29.2017
Mac Developer: New 'Dok' malware targets Macs using signed Apple developer certificate

New 'Dok' malware targets Macs using signed Apple developer certificate: "The code, dubbed "Dok" by security firm Check Point, is said to affect "all versions" of macOS/OS X, and be the first "major scale" malware directed at Mac owners through a "coordinated email phishing campaign." The emails are aimed mostly at Europeans, one example being a German-language message from a supposed Swiss official, claiming problems with the target's tax return."

Revoke! Revoke! Remote delete! Remote delete?

Labels: , ,

By : Tighten New 'Dok' malware targets Macs using signed Apple developer certificate 0 comments

4.26.2017
Mac Developer: UK.gov throws hissy fit after Twitter chokes off snoop firm's access • The Register

UK.gov throws hissy fit after Twitter chokes off snoop firm's access • The Register: "Twitter has reportedly blocked a third-party firm used by the Home Office from accessing its firehose, prompting the government to complain that the social network is siding with terrorists."

Big brother is watching you tweet.

Labels:

By : Tighten UK.gov throws hissy fit after Twitter chokes off snoop firm's access • The Register 0 comments

4.25.2017
Mac Developer: Interpol unplugs nearly 9,000 Asian command and control networks • The Register

Interpol unplugs nearly 9,000 Asian command and control networks • The Register: "An Interpol investigation has revealed a worrying degree of insecurity in sout-east Asian countries, with even government-operated Web servers infected to operate as command and control systems for bot-herders."

Wordpress! Whodathunkit?

Labels: ,

By : Tighten Interpol unplugs nearly 9,000 Asian command and control networks • The Register 0 comments

4.23.2017
Mac Developer: Uber Secretly Tracked Users, Spied On Lyft Prompting Tim Cook To Threaten Apple Store Expulsion | Zero Hedge

Uber Secretly Tracked Users, Spied On Lyft Prompting Tim Cook To Threaten Apple Store Expulsion | Zero Hedge: " The idea of fooling Apple, the main distributor of Uber’s app, began in 2014. At the time, Uber was dealing with widespread account fraud in places like China, where tricksters bought stolen iPhones that were erased of their memory and resold. Some Uber drivers there would then create dozens of fake email addresses to sign up for new Uber rider accounts attached to each phone, and request rides from those phones, which they would then accept. Since Uber was handing out incentives to drivers to take more rides, the drivers could earn more money this way."

If the rules allow iPhone device holders to perpetrate fraud, I think the rules should be changed.

Labels:

By : Tighten Uber Secretly Tracked Users, Spied On Lyft Prompting Tim Cook To Threaten Apple Store Expulsion | Zero Hedge 0 comments

4.21.2017
Mac Developer: Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools • The Register

Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools • The Register: "Tentler reckons that when the Shadow Brokers' arsenal hit the web on Easter weekend, script kiddies around the world grabbed the cyber-arms, went out, and infected everything they could find."

The gift that keeps on giving...

Labels: ,

By : Tighten Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools • The Register 0 comments

4.19.2017
Mac Developer: We're spying on you for your own protection, says NSA, FBI • The Register

We're spying on you for your own protection, says NSA, FBI • The Register: "The document even claims that it is surveilling US citizens for their own protection while at the same time claiming that it is not doing so.

Hmmm.

Labels:

By : Tighten We're spying on you for your own protection, says NSA, FBI • The Register 0 comments

4.15.2017
Mac Developer: Apple's Mac, iPad dodge an ugly new NSA hacker bomb targeting majority of Windows PCs globally

Apple's Mac, iPad dodge an ugly new NSA hacker bomb targeting majority of Windows PCs globally: "As noted in a report by Lorenzo Franceschi-Bicchierai for Motherboard, the NSA tools were leaked by hacker group known as the "Shadow Brokers.""

I'm sure all the bugs are fixed.

Labels: ,

By : Tighten Apple's Mac, iPad dodge an ugly new NSA hacker bomb targeting majority of Windows PCs globally 0 comments

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2015
All Rights Reserved
Tighten Pro