C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation
Tighten Pro - in the Mac App Store
Tighten Pro is now available in the Mac App Store.
Simply click on the icon to the left to purchase directly from Apple.
Or choose PKCS#7Viewer.app by clicking the image to the right.
Mac Developer: Kid found a way to travel for free in Budapest. He filed a bug report. And was promptly arrested • The Register
Kid found a way to travel for free in Budapest. He filed a bug report. And was promptly arrested • The Register: "The arrest of a Hungarian bloke after he discovered a massive flaw in the website of Budapest's transport authority – and reported it – has sparked a wave of protests."
How to ensure that security, which is already ridiculously difficult, remains impossible.
Labels: security policy
Mac Developer: Wisconsin court orders Apple pay $506M for infringing on WARF patent
Wisconsin court orders Apple pay $506M for infringing on WARF patent: "WARF first sued Apple in 2014 over alleged infringement of U.S. Patent No. U.S. 5,781,752 for a "Table based data speculation circuit for parallel processing computer." According to WARF and original patent claims, the IP provides a novel method of improving power efficiency and performance in modern computer processor designs using "predictor circuit" technology. The university leveraged the same patent to force Intel into a settlement in 2008."
If you had any questions as to why college education is barely affordable, here's your answer. How far have we come since Steve Jobs got excited about Mach at Carnegie-Mellon?
Labels: microprocessor patents, software engineering, software patents
Mac Developer: “Perverse” malware infecting hundreds of Macs remained undetected for years | Ars Technica
“Perverse” malware infecting hundreds of Macs remained undetected for years | Ars Technica: "One of the interesting aspects of the latest Fruitfly variant is that it flew under the radar for so long. The malware relies on functions that were retired long ago and uses a crude method to remain installed once a Mac is infected. Compared to newer, more sophisticated malware, Fruitfly is much easier to detect. And yet, for whatever reason, no one caught it until recently. Two pieces of Mac software developed by Wardle would have given victims a strong indication they were infected. One, called BlockBlock, would have warned of the suspicious launch agent used by the malware. "
BlockBlock, like I said, good things.
Labels: security research
Mac Developer: Microsoft’s secret weapon in ongoing struggle against Fancy Bear? Trademark law | Ars Technica
Microsoft’s secret weapon in ongoing struggle against Fancy Bear? Trademark law | Ars Technica: "In other words, any time an infected computer attempts to contact a command and control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server. "
That bear is dance.
Labels: security policy
Mac Developer: Google drops the boom on WoSign, StartCom certs for good | Ars Technica
Google drops the boom on WoSign, StartCom certs for good | Ars Technica: "The investigation uncovered a pattern of bad practices at WoSign and its subsidiary StartCom dating back to the spring of 2015. As a result, Google moved last October to begin distrusting new certificates issued by the two companies, stating "Google has determined that two CAs, WoSign and StartCom, have not maintained the high standards expected of CAs and will no longer be trusted by Google Chrome."
Now for the root CAs in lala land.
Labels: security policy
Mac Developer: Objective-See
Objective-SeeBlockBlock has the ability query VirusTotal to see if either the process or startup item that was persisted, is known malware. Clicking on the 'virus total' button will generate a network request, which contains the path, name, and hash of both the process and startup item.
This looks very promising.
Labels: security tools mac
Mac Developer: Apple no longer accepting VPN-based ad blockers to App Store, report says
Mac Developer: Qubes OS will ship pre-installed on Purism’s security-focused Librem 13 laptop | Ars Technica
Qubes OS will ship pre-installed on Purism’s security-focused Librem 13 laptop | Ars Technica: "Qubes OS, the security-focused operating system that Edward Snowden said in November he was “really excited” about, announced this week that laptop maker Purism will ship their privacy-focused Librem 13 notebook with Qubes pre-installed."
This is the future of something, possibly the future of everything.
Labels: security policy, security research
Mac Developer: Amazon supercharges GPU power, spits out Nvidia-backed G3 • The Register
Mac Developer: An AI can replace what a world leader said in his video-taped speech. This will end well. Not • The Register
Mac Developer: Global Web standard for integrating DRM into browsers hits a snag | Ars Technica
Mac Developer: Bloke takes over every .io domain by snapping up crucial name servers • The Register
Mac Developer: Google Chrome's HTTPS ban-hammer drops on WoSign, StartCom in two months • The Register
Mac Developer: Spanish media claims iPhone 6 with Secure Enclave unlocked by Cellebrite in course of investigation
Mac Developer: 32TB of Windows 10 internal builds, core source code leak online • The Register
32TB of Windows 10 internal builds, core source code leak online • The Register: "The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code."
Bad for Microsoft but possibly great for Linux compatibility in the future.
Labels: security leak
Mac Developer: How the CIA infects air-gapped networks | Ars Technica
How the CIA infects air-gapped networks | Ars Technica: "Documents published Thursday purport to show how the Central Intelligence Agency has used USB drives to infiltrate computers so sensitive they are severed from the Internet to prevent them from being infected."
Nothing comforting in this article.
Labels: 2001, security exploit
Mac Developer: 'OK, everyone. Stop typing, this software is DONE,' said no one ever • The Register
Mac Developer: Leaked recording reveals Apple's plan to stop leakers | Cult of Mac
Mac Developer: Apple opens summer Apple Camp registrations, sessions start in July
Apple opens summer Apple Camp registrations, sessions start in July: "Apple on Tuesday opened up registrations for this year's free summer Apple Camps, which will teach kids 8 to 12 various creative and technology skills, exclusively using Apple-based hardware and software."
Happy, happy, joy, joy.
Labels: Apple ][ Forever
Mac Developer: Web host agrees to pay $1m after it’s hit by Linux-targeting ransomware | Ars Technica
Web host agrees to pay $1m after it’s hit by Linux-targeting ransomware | Ars Technica: "A Web-hosting service recently agreed to pay $1 million to a ransomware operation that encrypted data stored on 153 Linux servers and 3,400 customer websites, the company said recently."
Can you say diverse NOC ecosystem?
Mac Developer: AMD Vega 56 and Vega 64 GPUs destined for iMac Pro detailed in Linux driver
Labels: Apple ][ Forever
Mac Developer: Apple Airport not on latest 'Vault 7' list of gear susceptible to factory firmware hack by CIA
Apple Airport not on latest 'Vault 7' list of gear susceptible to factory firmware hack by CIA: "The latest dump of "leaked" documents from WikiLeaks reportedly from the CIA details the "Cherry Blossom" firmware modification program, which allowed intelligence agencies to change firmware in a networking company's factories —but Apple Airport hardware appears to be unaffected by the effort."
Dango tango wango!
Labels: 1984, security leak
Mac Developer: Soldiers bust massive click-farm that used 500k SIM cards, 100s of mobes to big up web tat • The Register
Mac Developer: The secret origin story of the iPhone - The Verge
The secret origin story of the iPhone - The Verge “WHEN I SAW THE RUBBER BAND, INERTIAL SCROLLING, AND A FEW OF THE OTHER THINGS, I THOUGHT, ‘MY GOD, WE CAN BUILD A PHONE OUT OF THIS.’ ”
Obviously, I have no idea if this is accurate but it's a great read.
Labels: 2001, Apple ][ Forever
Mac Developer: Developers Are Already Impressed With Apple's Augmented Reality Software - Motherboard
Developers Are Already Impressed With Apple's Augmented Reality Software - Motherboard: "At this year's annual Apple Worldwide Developers Conference (WWDC), Apple released a suite of augmented reality development tools, which it refers to as ARKit. It's only been out for a week, and already, it's being called a game changer. "
Also rich in superlatives and low-calorie. Personally, the amazeballs of Metal has given me reason to forgive Apple for Swift.
Labels: Apple vs. Apple
Mac Developer: Executable code allowed in iOS 11 apps for educational purposes, developer reference tools
Executable code allowed in iOS 11 apps for educational purposes, developer reference tools: "Apps designed to teach, develop, or test executable code may, in limited circumstances, download code provided that such code is not used for other purposes."
Mac Developer: Banking trojan executes when targets hover over link in PowerPoint doc | Ars Technica