Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

12.18.2014
Mac Developer: BBC News - Google considers warning internet users about data risks

BBC News - Google considers warning internet users about data risks: "Google is proposing to warn people their data is at risk every time they visit websites that do not use the 'HTTPS' system."
For years, HTTPS has been the leakiest system ever. Hey, let's encourage everyone to overuse it!

Labels: ,

By : Tighten BBC News - Google considers warning internet users about data risks 0 comments

12.13.2014
Mac Developer: Technical Note TN2206: OS X Code Signing In Depth

Technical Note TN2206: OS X Code Signing In Depth: "Checking Gatekeeper Conformance
To test Gatekeeper conformance, you must use OS X 10.9.5 or later. Follow these steps:

Package your program the way you ship it, such as in a disk image.
Download it from its website, or mail it to yourself, or send it to yourself using AirDrop or Message. This will quarantine the downloaded copy. This is necessary to trigger the Gatekeeper check as Gatekeeper only checks quarantined files the first time they're opened.

Hint: keep the downloaded .dmg around; it will stay quarantined and you can use it again and again to test.

Drag-install your app and launch it.
Observe the results.
Hint: Don't launch from inside the .dmg."
A quick guide to testing Gatekeeper conformance under 10.9.5

Labels:

By : Tighten Technical Note TN2206: OS X Code Signing In Depth 0 comments

12.10.2014
Mac Developer: Powerful, highly stealthy Linux trojan may have infected victims for years | Ars Technica

Powerful, highly stealthy Linux trojan may have infected victims for years | Ars Technica: "Researchers have uncovered an extremely stealthy trojan for Linux systems that attackers have been using to siphon sensitive data from governments and pharmaceutical companies around the world."
May you live in interesting times.

Labels:

By : Tighten Powerful, highly stealthy Linux trojan may have infected victims for years | Ars Technica 0 comments

11.30.2014
Mac Developer: Ranked: The 12 programming languages that will earn you the most | VentureBeat | Dev | by Dylan Tweney

Ranked: The 12 programming languages that will earn you the most | VentureBeat | Dev | by Dylan Tweney: "Quartz’s Max Nisen pulled out some figures on the most valuable programming languages based on a larger study from the Brookings Institution that was published in July."
Good news for Obj-C hackers.

Labels:

By : Tighten Ranked: The 12 programming languages that will earn you the most | VentureBeat | Dev | by Dylan Tweney 0 comments

11.26.2014
Mac Developer: US DOJ fines StealthGenie for selling Android, iOS spyware, demands source code

US DOJ fines StealthGenie for selling Android, iOS spyware, demands source code: "The United States Department of Justice has fined the CEO of spyware vendor StealthGenie $500,000 and demanded the firm turn over the source code for software designed to remotely monitor calls, texts and other activity on Android and jailbroken iOS devices."
Hmmm.

Labels: ,

By : Tighten US DOJ fines StealthGenie for selling Android, iOS spyware, demands source code 0 comments

11.15.2014
Mac Developer: SanDisk launches portable storage drive with built-in Lightning connector

SanDisk launches portable storage drive with built-in Lightning connector: "The iXpand Flash Drive comes in capacities of 16, 32 and 64 gigabytes and is compatible with any iOS device with a Lightning port running iOS 7 or later. File transfers and backups are accomplished through the SanDisk iXpand Sync app available for free on the App Store."
I'm actually quite curious as to what entitlements this app is using.

Labels: ,

By : Tighten SanDisk launches portable storage drive with built-in Lightning connector 0 comments

11.13.2014
Mac Developer: WSJ: Department of Justice uses fake cell towers on airplanes to capture data from mobile phones | 9to5Mac

WSJ: Department of Justice uses fake cell towers on airplanes to capture data from mobile phones | 9to5Mac: "The Wall Street Journal reported today that the United States Department of Justice has been using planes equipped with devices that pose as cellular towers (called ‘dirtboxes’) to collect data from suspected criminals’ cell phones—and capturing data from innocent bystanders in the process."
Yay for us!

Labels: ,

By : Tighten WSJ: Department of Justice uses fake cell towers on airplanes to capture data from mobile phones | 9to5Mac 0 comments

11.12.2014
Mac Developer: Major iOS security flaw ‘Masque Attack’ reportedly uncovered, found to ‘pose much bigger threat’ than WireLurker | 9to5Mac

Major iOS security flaw ‘Masque Attack’ reportedly uncovered, found to ‘pose much bigger threat’ than WireLurker | 9to5Mac: "FireEye claims that it notified Apple about this vulnerability, which affects both non-jailbroken and jailbroken devices running iOS 7.1.1 through iOS 8.1.1 beta, on July 26th. "
You are in a maze of twisty passages all alike.

Labels: ,

By : Tighten Major iOS security flaw ‘Masque Attack’ reportedly uncovered, found to ‘pose much bigger threat’ than WireLurker | 9to5Mac 0 comments

11.07.2014
Mac Developer: Apple blocks WireLurker malware apps from opening, but needs to do more, argues security researcher | 9to5Mac

Apple blocks WireLurker malware apps from opening, but needs to do more, argues security researcher | 9to5Mac: "We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources."
I believe the USB exploit is more or less impossible to defend against.

Labels: , ,

By : Tighten Apple blocks WireLurker malware apps from opening, but needs to do more, argues security researcher | 9to5Mac 0 comments

11.06.2014
Mac Developer: Chinese Mac and iOS users targeted by new ‘WireLurker’ malware capable of infecting non-jailbroken devices | 9to5Mac

Chinese Mac and iOS users targeted by new ‘WireLurker’ malware capable of infecting non-jailbroken devices | 9to5Mac: "The New York Times reports that a security firm called Palo Alto Networks has uncovered a new form of Apple-focused malware that is capable of infecting non-jailbroken iOS devices. Typically when such software pops up, as it does from time to time, one of the key factors that allows the malicious code to run on iOS is whether the device is jailbroken. The new ‘WireLurker’ malware, however, is installed on the mobile device over USB by an infected Mac."
Dang!

Labels: ,

By : Tighten Chinese Mac and iOS users targeted by new ‘WireLurker’ malware capable of infecting non-jailbroken devices | 9to5Mac 0 comments

10.27.2014
Mac Developer: After gaining U.S. government approval, Samsung Knox security for Android found to be "completely compromised" [u]

After gaining U.S. government approval, Samsung Knox security for Android found to be "completely compromised" [u]: "Samsung's Knox security layer for Android generates weak encryption keys, stores passwords locally and gives users login hints in a fatal 'security by obscurity' design 'compromising the security of the product completely,' a researcher has detailed."
I understand only one operating system has been certified secure by the NSA.

Labels: ,

By : Tighten After gaining U.S. government approval, Samsung Knox security for Android found to be "completely compromised" [u] 0 comments

10.06.2014
Mac Developer: 'iWorm' malware controls Macs via Reddit, more than 17K affected

'iWorm' malware controls Macs via Reddit, more than 17K affected: "Entered into the virus database of Russian research firm Dr. Web as 'Mac.BackDoor.iWorm,' the new threat is described as a complex multi-purpose backdoor capable of issuing a variety of commands to be carried out by an affected host Mac. Among the operations available to the malware are data gathering and limited system remote control.
The name is Evil, Dr. Evil. Ha ha ha!

Labels: ,

By : Tighten 'iWorm' malware controls Macs via Reddit, more than 17K affected 0 comments

9.08.2014
Mac Developer: BBC News - Personal data stores found leaking online

BBC News - Personal data stores found leaking online: "Those at risk are people who use home data storage devices known as Network Attached Storage (NAS). Correctly configured, these devices act as a common data store accessible by any other device connecting to that home network."
NAS hung on the wrong side of the NAT.

Labels:

By : Tighten BBC News - Personal data stores found leaking online 0 comments

9.06.2014
Mac Developer: genkiyooka/MacRuntimeSandboxDetection · GitHub

genkiyooka/MacRuntimeSandboxDetection · GitHub: "For CFPlugIn and AudioUnit developers - how to check Mac App Store sandbox capabilities at runtime."
Apologies for the delay, but just checked in bug fixes for detecting Mac OS X sandbox capabilities at runtime. I'm using this in production code now, and I believe it is stable and working correctly on 10.6-10.9.

This code is quite useful when building solutions that may be DeveloperID or Mac App Store and/or sandboxed. If you discover any cases that are not correctly handled, please let me know.

Labels: ,

By : Tighten genkiyooka/MacRuntimeSandboxDetection · GitHub 0 comments

8.31.2014
Mac Developer: 9to5Mac: Apple iPhone, Mac and iPad News Breaking All Day

9to5Mac: Apple iPhone, Mac and iPad News Breaking All Day: "As noticed by Apfelpage, Apple has published a new page to be more open about why it rejects apps. A chart at the bottom of the page shows the top ten reasons for app rejection in the last seven days; such as lack of information, crashes or bugs encountered, complicated user interfaces."
"Watch your parking meters." - Bob Dylan

Labels:

By : Tighten 9to5Mac: Apple iPhone, Mac and iPad News Breaking All Day 0 comments

8.23.2014
Mac Developer: BBC News - Gmail smartphone app hacked by researchers

BBC News - Gmail smartphone app hacked by researchers: "This shared memory is used by all apps, and by analysing its use the researchers were able to tell when a user was logging into apps such as Gmail, giving them the opportunity to steal login details and passwords."
Sounds like everyone is going to have zero memory when it's deallocated.

Labels:

By : Tighten BBC News - Gmail smartphone app hacked by researchers 0 comments

8.22.2014
Mac Developer: 9to5Mac: Apple iPhone, Mac and iPad News Breaking All Day

9to5Mac: Apple iPhone, Mac and iPad News Breaking All Day: "Following a recent ruling that Apple would have ten days to remove the anonymous social app Secret from its Brazilian App Store, Apple has complied with the order. The"
Ah, the benefits of centralized control.

Labels: ,

By : Tighten 9to5Mac: Apple iPhone, Mac and iPad News Breaking All Day 0 comments

8.19.2014
Mac Developer: Confirmed: Security breach is not reason for Gatekeeper app signing changes | 9to5Mac

Confirmed: Security breach is not reason for Gatekeeper app signing changes | 9to5Mac
We’ve now confirmed with sources close to the situation that there is no truth to the rumors and that a Dev Center breach was not the reason behind the Gatekeeper app signing changes.


In other words, it's just a worthless change (read: everybody churn!) aimed at making life difficult for 3rd party ISV's which, unlike Apple, do not have unlimited capital with which to hire engineers, do testing and so forth. Should be very popular with enterprise developers.

By : Tighten Confirmed: Security breach is not reason for Gatekeeper app signing changes | 9to5Mac 0 comments

Mac Developer: Spies used YouTube videos and Microsoft log-ins to take over devices

Spies used YouTube videos and Microsoft log-ins to take over devices: "The study names Hacking Team and FinFisher as two of the companies that sell law enforcement agencies 'network-injection' technologies like this for around $1 million dollars. In fact, Italian company Hacking Team is known for developing software to spy on people's emails, phone calls and the like specifically for sale to law enforcement in countries not blacklisted by NATO."
Like a blacklist is going to prevent the movement of software!

Labels: ,

By : Tighten Spies used YouTube videos and Microsoft log-ins to take over devices 0 comments

8.13.2014
Mac Developer: Surveillance leak shows spyware loves Android, but can't infect Apple's iPhones without jailbreak

Surveillance leak shows spyware loves Android, but can't infect Apple's iPhones without jailbreak: "The regularly updated software tool supports all releases of Android, devices running BlackBerry OS prior to the newest BB10, Symbian and Windows Mobile phones, but notes that in order to spy on an iPhone, the user must jailbreak their device, a step that disables Apple's security. "
At last, some good news.

Labels:

By : Tighten Surveillance leak shows spyware loves Android, but can't infect Apple's iPhones without jailbreak 0 comments

8.08.2014
Mac Developer: BBC News - US should pay hackers who find threats, says analyst

BBC News - US should pay hackers who find threats, says analyst
Dan Geer said large bounties would prevent the vulnerabilities from ending up in the hands of criminal gangs or hostile authorities.


Have hackers ever been motivated by money?

Labels:

By : Tighten BBC News - US should pay hackers who find threats, says analyst 0 comments

8.06.2014
Mac Developer: 'Canvas fingerprinting' has a new enemy, and its name is Ghostery | VentureBeat | Security | by Richard Byrne Reilly

'Canvas fingerprinting' has a new enemy, and its name is Ghostery | VentureBeat | Security | by Richard Byrne Reilly: "Critically, canvas fingerprinting cannot be blocked by refusing or deleting browser cookies, which is what most tracking tools use. Although canvas fingerprinting works on both desktop and mobile, it thrives in the former, because the technology is older."
All signs point to the browser as the main security vulnerability.

Labels:

By : Tighten 'Canvas fingerprinting' has a new enemy, and its name is Ghostery | VentureBeat | Security | by Richard Byrne Reilly 0 comments

8.05.2014
Mac Developer: Master Control Program

Are you sure it's what you want? A centralized control of everything in the system? Such a thing is necessarily brittle. Nothing can stop open systems: like water, it will flow into the future regardless as to the barriers.

By : Tighten Master Control Program 0 comments

8.04.2014
Mac Developer: Apple changing Gatekeeper app signing rules in OS X 10.9.5 & Yosemite, could break some apps | 9to5Mac

Apple changing Gatekeeper app signing rules in OS X 10.9.5 & Yosemite, could break some apps | 9to5Mac: "For users, this will add an extra layer of annoyance when dealing with certain third-party apps, especially those downloaded from the web rather than through the Mac App Store."
Pretty soon, dealing with publishing requirements will take more time than developing applications. Great news for crap developers that wrap HTML5 in WebViews!

Labels: ,

By : Tighten Apple changing Gatekeeper app signing rules in OS X 10.9.5 & Yosemite, could break some apps | 9to5Mac 0 comments

8.03.2014
Mac Developer: BBC News - Wearable users tracked with Raspberry Pi

BBC News - Wearable users tracked with Raspberry Pi: People who use wearable gadgets to monitor their health or activity can be tracked with only $70 (£40) of hardware, research suggests. The work, carried out by security firm Symantec, used a Raspberry Pi computer to grab data broadcast by the gadgets. The snooping Pi was taken to parks and sporting events where it was able to pick out individuals in the crowds.
I'm sure the situation is much worse than you'd expect because embedded systems on these kinds of devices are rarely scrutinized like desktop and mobile operating systems.

Labels: , ,

By : Tighten BBC News - Wearable users tracked with Raspberry Pi 0 comments

Mac Developer: 'BadUSB' malware lives in USB firmware to remain undetected, unfixable

'BadUSB' malware lives in USB firmware to remain undetected, unfixable: "As there is no easy fix to malware like BadUSB, the researchers suggest users adopt a new way of thinking about USB hardware. Instead of thoughtlessly transporting files and other data back and forth between machines, Nohl and Lell recommend connecting only to known devices that are user-owned or trusted. "
Goodbye USB, hello my old friend FireWire.

Labels: ,

By : Tighten 'BadUSB' malware lives in USB firmware to remain undetected, unfixable 0 comments

7.30.2014
Mac Developer: Russia requests Apple provide access to source code | 9to5Mac

Russia requests Apple provide access to source code | 9to5Mac: "Reuters reports that Russia has asked Apple to provide the government with access to the company’s source code to make sure its iOS devices and Macs aren’t used for spying.
This is weirdly hilarious and disturbing at the same time.

Labels:

By : Tighten Russia requests Apple provide access to source code | 9to5Mac 0 comments

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Download    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2012
All Rights Reserved
Tighten Pro