C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation
Tighten Pro - in the Mac App Store
Tighten Pro is now available in the Mac App Store.
Simply click on the icon to the left to purchase directly from Apple.
Or choose PKCS#7Viewer.app by clicking the image to the right.
Mac Developer: Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks | Ars Technica
Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks | Ars Technica: "in 2011 Duqu 1.0 attackers compromised computers at NetLock, a Hungarian certificate authority. That hack allowed them to sign their wares with digital stamps trusted by Windows machines."
Fascinating tale. Or "How I learned to stop worrying and love the Nation-state sponsored cyberwars."
Labels: secure coding mac, security, security flaw
Mac Developer: NSA, GCHQ hacked Kaspersky, other cybersecurity companies – Snowden docs - YouTube
NSA, GCHQ hacked Kaspersky, other cybersecurity companies – Snowden docs - YouTube: "Published on Jun 23, 2015
US and British spy agencies worked to reverse-engineer antivirus software in order to 'exploit such software and to prevent detection of our activities.' Russian security firm Kaspersky Lab was particularly targeted."
Saw this on RT. Nothing in the Western press about it, which I think is very interesting.
Labels: security flaw, security policy
Mac Developer: Some T-Mobile iPhone users suffering from random restarts, 'blue screen of death' | iMore
Some T-Mobile iPhone users suffering from random restarts, 'blue screen of death' | iMore: "If you're encountering random reboots on your T-Mobile iPhone, you're not the only one. Several users on social media are reporting that iPhones on the Uncarrier are flashing blue for a second, and randomly rebooting every 20 to 30 minutes."
Is this why there are no more Mac vs. PC ads? Let us use the billions to crush PCs once and for all! Mac! Mac! Mac!
Labels: windows vs. ios vs android
Mac Developer: XARA, deconstructed: An in-depth look at OS X and iOS cross-app resource attacks | iMore
XARA, deconstructed: An in-depth look at OS X and iOS cross-app resource attacks | iMore: "This week, security researchers from Indiana University released details of four security vulnerabilities they discovered in Mac OS X and iOS. The researchers detailed their discoveries of what they call 'cross-app resource attacks' (referred to as XARA) in a whitepaper released Wednesday. Unfortunately, there has been a lot of confusion surrounding their research."
A little more about XARA which I think is quite serious on OSX.
Labels: security flaw
Mac Developer: Popcorn Time for iOS passes 1 million downloads on non-jailbroken devices | VentureBeat | Media | by Emil Protalinski
Popcorn Time for iOS passes 1 million downloads on non-jailbroken devices | VentureBeat | Media | by Emil Protalinski: "Because sideloading apps onto iOS was not achievable without jailbreaking your device, until now, the Popcorn Time group is ecstatic at having reached this milestone. It shows that iOS users are not just very interested in a Popcorn Time app for iOS, but they are eager to try an alternative to jailbreaking in order to get apps that Apple doesn’t approve of."
Don't fret. This is probably a good thing at this point in the evolution of the OS.
Labels: security policy
Mac Developer: Developer hacks Apple Watch to run native UIKit apps on watchOS 1.0 | 9to5Mac
Developer hacks Apple Watch to run native UIKit apps on watchOS 1.0 | 9to5Mac: "Well-known developer Steve Troughton-Smith, who previously was able to get real UIKit-backed apps running on Apple Watch with watchOS 2.0, now says that he has gotten native UIKit apps running on watchOS 1.0. Smith shared a video showing off the feat, which can be seen via the embed below."
Mac Developer: Major zero-day security flaws in iOS & OS X allow theft of both Keychain and app passwords | 9to5Mac
Major zero-day security flaws in iOS & OS X allow theft of both Keychain and app passwords | 9to5Mac: "Researchers from Indiana University and the Georgia Institute of Technology said that security holes in both iOS and OS X allow a malicious app to steal passwords from Apple’s Keychain, as well as both Apple and third-party apps. The claims appear to have been confirmed by Apple, Google and others."
Labels: quarantine, sandbox, sandbox policy language, security flaw
Mac Developer: The US Navy wants to buy unpatched security flaws
The US Navy wants to buy unpatched security flaws: "It won't surprise you to hear that governments are eager to buy unpatched security exploits for the sake of cyberdefense or surveillance, but they're rarely overt about it. No one must have told that to the US Navy until this week, however. The Electronic Frontier Foundation caught the military branch soliciting for both zero-day exploits and recently discovered vulnerabilities (less than six months old) for relatively common software from the likes of Apple, Google and Microsoft."
I don't feel like I'm the target. Do you?
Labels: security policy
Mac Developer: Report: Hack of government employee records discovered by product demo | Ars Technica
Report: Hack of government employee records discovered by product demo | Ars Technica: "Those statements may not be entirely accurate. According to a Wall Street Journal report, the breach was indeed discovered in April. But according to sources who spoke to the WSJ's Damian Paletta and Siobhan Hughes, it was in fact discovered during a sales demonstration of a network forensics software package called CyFIR by its developer, CyTech Services."
Will the truth be known?
Mac Developer: Apple combines iOS and Mac developer programs into single Apple Developer Program | 9to5Mac
Apple combines iOS and Mac developer programs into single Apple Developer Program | 9to5Mac: "Apple has ended its separate iOS and Mac developer programs that required software makers to buy two different memberships in order to publish across the company’s various platforms and replaecd them with a single combined Apple Developer Program."
Even when they were separate the membership was still cheaper than buying a codesign certificate for WinXP development from a 3rd party service provider. Or call me wrong.
The range is $200 to $500 with no assurances as to the security of the root CA. With Apple's root protecting billions in IP, I feel pretty confident the trust chain is banzai!
Mac Developer: Edward Snowden hails Apple as 'pioneering' for iOS 8 security measures
Edward Snowden hails Apple as 'pioneering' for iOS 8 security measures: "'Basic technical safeguards such as encryption — once considered esoteric and unnecessary — are now enabled by default in the products of pioneering companies like Apple, ensuring that even if your phone is stolen, your private life remains private,' Snowden said."
Snowden gives thumbs up to iOS security.
Labels: android vs. ios, security policy
Mac Developer: New exploit leaves most Macs vulnerable to permanent backdooring | Ars Technica
New exploit leaves most Macs vulnerable to permanent backdooring | Ars Technica: "The attack, according to a blog post published Friday by well-known OS X security researcher Pedro Vilaca, affects Macs shipped prior to the middle of 2014 that are allowed to go into sleep mode. He found a way to reflash a Mac's BIOS using functionality contained in userland, which is the part of an operating system where installed applications and drivers are executed. By exploiting vulnerabilities such as those regularly found in Safari and other Web browsers, attackers can install malicious firmware that survives hard drive reformatting and reinstallation of the operating system."
Kind of disheartening, really.
Labels: security flaw
Mac Developer: Opinion: Google’s new Photos may just have won my library away from Apple | 9to5Mac
Opinion: Google’s new Photos may just have won my library away from Apple | 9to5Mac
My relationship with Apple’s hardware is simple: I’m happily locked in, and not changing platforms any time soon. But my relationship with Apple’s software is complex: I want to love it, but every time Apple decides to “throw everything away” and “start over” with an app, it’s disruptive — and for many users, unnecessary.
When you treat software like furniture or jewelry. Imagine getting up in the morning to go to work and having to learn how to drive a car all over again. I've got other things to do. It's not just Apple. Google just messed up their contacts webapp. It was my favorite and now I can't stand it. Unfortunately, because it's tightly integrated with gmail and hangouts and voice, I'm more or less forced to use it.
Once again, it's like the web programmers are in charge of everything. Which is why dropbox doesn't work from a CoreDuo MacBook running 10.6.8 and Chrome.
I think Steve Jobs famously said he hoped the internet would never lose it's "dial tone" HTML functionality. If you ask me, the dial tone is gone silent.
Labels: blind leading the blind
Mac Developer: Security Bug in Safari Browsers Puts OS X and iOS Users at Risk | The Mac Security Blog
Security Bug in Safari Browsers Puts OS X and iOS Users at Risk | The Mac Security Blog
Security researchers have discovered a serious Safari address-spoofing bug that can deceive users about the sites they're visiting. The exploit works on fully patched versions of OS X and iOS, and could be used by cyber-criminals in phishing or malware attacks.
Once again, Safari providing the holes while the reams of third party developers trying to shoehorn their code into increasingly restrictive runtime requirements. I like the security features of OSX, I just think that the attack vectors are not small 3rd party apps in the Mac App Store.
Labels: security flaw
Mac Developer: Bug in iOS Unicode handling crashes iPhones with a simple text
Bug in iOS Unicode handling crashes iPhones with a simple text
A peculiar iOS bug apparently that allows pranksters to crash a victim's iPhone by sending a text message from their own iPhone containing what appears to be a single line of seemingly innocuous Arabic script.
A little troubling to be sure.
Labels: secure coding mac, security flaw
Mac Developer: Security features in Mac OS X Yosemite | Kaspersky Lab Official Blog
Security features in Mac OS X Yosemite | Kaspersky Lab Official Blog
It doesn’t, however, mean that it is an “absolutely” protected operating system – unfortunately, there are no such systems. Moreover, the number of threats targeting OS X, specifically, is growing as is the number of Mac users. This certainly has drawn the attention of criminals, who are looking into vulnerabilities and occasionally finding them.
Some attention directed here. Not nearly as much as directed elsewhere, thank goodness.
Labels: mac, mac security, malware
Mac Developer: Chrome for Android goes almost “entirely open source” | 9to5Google
Chrome for Android goes almost “entirely open source” | 9to5Google
Launched in September 2008, Google’s Chrome browser is now dominant in its share of the desktop web browser market, with approximately 1 in 4 Internet users interfacing with the web using the browser.
This is now the only secure, modern browser that runs under Snow Leopard. Which indicates security policy. I wish they would port Chrome to XP SP2. I'm sure that's still 500 million desktops, if there were 2 billion to begin with.
Mac Developer: Apple attends 'spy summit' to discuss data privacy, mass surveillance issues
Apple attends 'spy summit' to discuss data privacy, mass surveillance issues
According to The Intercept, which obtained a copy of the event program, the summit was chaired by former British MI6 Sir John Scarlett as part of an ongoing series of conferences put on by the Ditchley Foundation. Said to discuss "complex issues of international concern," these highly confidential meetings are held at the foundation's mansion in Oxfordshire.
As long as they've got someone with the title "Sir" leading the discussion, I'm sure everything will be grand.
Labels: security policy
Mac Developer: Cult of Android - NSA hijacked Google Play to install spyware
Cult of Android - NSA hijacked Google Play to install spyware
The National Security Agency and several of its allies around the world have hijacked connections to multiple Android app stores to plant spyware on hundreds of millions of devices.
Labels: security policy
Mac Developer: Intelligence officers given immunity from hacking laws, tribunal told | UK news | The Guardian
Intelligence officers given immunity from hacking laws, tribunal told | UK news | The Guardian: "GCHQ staff, intelligence officers and police have been given immunity from prosecution for hacking into computers, laptops and mobile phones under legislative changes that were never fully debated by parliament, a tribunal has been told."
What's good for the goose is good for the gander. Er, um, what was the middle part again?
Labels: security law, security policy
Mac Developer: White House appoints NSA-criticizing computer scientist Ed Felten to key post | VentureBeat | Security | by Dylan Tweney
White House appoints NSA-criticizing computer scientist Ed Felten to key post | VentureBeat | Security | by Dylan Tweney: "White House’s appointment today of Ed Felten, a Princeton computer science professor, as its deputy U.S. chief technology officer."
This looks good.
Labels: security, security law, security policy
Mac Developer: Install Xcode 3.2.6 on Lion & Mountain Lion - CocoaBob
Install Xcode 3.2.6 on Lion & Mountain Lion - CocoaBob: "Install Xcode 3.2.6 on Lion & Mountain Lion
Although I figured out how it works by myself, I still wanted to find some simpler procedures. Finally, I found these 2 tutorials from Eugene’s blog, which are so perfect that I’d like to share them."
Generally researching this and thought this was an informative post.
Xcode 3 on Mountain Lion: "The Definitive Guide to Installing Xcode 3 on Mountain Lion
(Without Kernel Panics)"
Another great one!
Labels: mountain lion, xcode, xcode 3
Mac Developer: Unity chief John Riccitiello on clash of big ideas: 'Sony f***ing nailed it, and they deserve the victory' | GamesBeat | Games | by Gavin Greene
Unity chief John Riccitiello | by Gavin Greene: "‘Go to anyone of these conferences, and someone will pull you aside and show you something on their phone, and it’s almost invariably a Clash of Clans clone,’ Riccitiello said. ‘There are examples of games at the very top of the charts where they literally took someone else’s idea and polished it and improved on it in a small way. But that level of execution is to be admired anywhere, in the execution there is art. But ultimately it is … demoralizing to see the level of copying and ‘me-too-ism’ that is typical of game development, it’s sort of the easiest route, and I understand why people do it.’"
The most articulate description of the problem of the independent developer that I have yet read.
Mac Developer: Apple iPad software issue grounds 'several dozen' American Airlines flights [u]
Apple iPad software issue grounds 'several dozen' American Airlines flights [u]: "At least one American Airlines flight was grounded before takeoff on Tuesday due to a software bug that disabled pilots' iPad-powered electronic flight bags, potentially affecting the carrier's entire fleet of 737 aircraft."
OTA upgrades are not the future of enterprise and mission-critical computing.
Mac Developer: Microsoft announces new tool for effortlessly porting iOS apps to Windows 10 | 9to5Mac
Microsoft announces new tool for effortlessly porting iOS apps to Windows 10 | 9to5Mac: "Microsoft announced today during its Build conference that it will release a tool for developers to port their iOS apps directly to Windows 10 as ‘universal apps’ that run on both phones and desktop computers. Developers will be able to feed their existing Objective-C code into a new software package and have it converted to work on the upcoming PC operating system."
Saved from my inevitable wrangling of Cocotron? Or Xamarin. Or both?
Labels: windows vs. ios vs android
Mac Developer: How to turn great iOS app ideas into something real | Cult of Mac
How to turn great iOS app ideas into something real | Cult of Mac
But I can offer one solid piece of advice for anybody hoping to turn a clever idea into a world-beating app: Find yourself an amazing developer and hold on tight.
Well said, Mr. Cult.
Labels: development tools mac
Mac Developer: OS X 10.10.3 update failed to fix Rootpipe vulnerability, says former NSA staffer | 9to5Mac
OS X 10.10.3 update failed to fix Rootpipe vulnerability, says former NSA staffer | 9to5Mac: "A former NSA staffer says that the OS X 10.10.3 update which Apple claims fixed a significant security vulnerability has failed to do so, reports Forbes. Patrick Wardle, who now heads up research at security firm Synack, demonstrated the vulnerability in a video (without revealing exactly how it was done) to allow Apple time to issue a further fix."
Labels: security flaw