Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

8.28.2015
Mac Developer: Google offers 'short term fix' to help ad publishers bypass Apple's iOS 9 security protocol

Google offers 'short term fix' to help ad publishers bypass Apple's iOS 9 security protocol: "The workaround was published to Google's official Ads Developer Blog in a post titled 'Handling App Transport Security in iOS 9,' a reference to Apple's upcoming privacy tool."
A backdoor in every ad-serving app.

Labels: , ,

By : Tighten Google offers 'short term fix' to help ad publishers bypass Apple's iOS 9 security protocol 0 comments

 
8.27.2015
Mac Developer: China sentences 14 people in plot to convert US iPhones for Chinese networks

China sentences 14 people in plot to convert US iPhones for Chinese networks
With the help of people inside Foxconn, the group managed to steal iPhone serial numbers and then hack into the certificate system to make needed changes. The altered certificates were then used to activate the American iPhones.


Once that cat gets out of the bag, there is no getting kitty back inside.

Labels: ,

By : Tighten China sentences 14 people in plot to convert US iPhones for Chinese networks 0 comments

 
Mac Developer: Flipboard, we hardly knew ye

I'm toying around with the idea of becoming and independent detector of malware. It's such an important field. Take Flipboard (Android) for instance. It looks to me like Flipboard "synthesized" a login to Facebook on my behalf (I was using it without a login), effectively bypassing my privacy concerns so the app (I'm certain) could harvest my address book. That was immediately followed by an attempt to manipulate my Facebook permissions to allow the Flipboard Android app to create a Like for the Flipboard Facebook page programmatically. This is all very nasty, borderline malware activity that is indicative of the desperation that technology companies experience as they take on rounds of funding where pressure to monetize overrules common sense.

Best of luck with that strategy, guys. Let's see how you keep on that growth curve if Facebook locks you out of their ecosystem.

Labels:

By : Tighten Flipboard, we hardly knew ye 0 comments

 
8.24.2015
Mac Developer: Mozilla unveils major changes to Firefox add-on development: Cross-browser, multi-process, and mandatory signing | VentureBeat | Dev | by Emil Protalinski

Mozilla unveils major changes to Firefox add-on development: Cross-browser, multi-process, and mandatory signing | VentureBeat | Dev | by Emil Protalinski
When Mozilla released Firefox 40 last week, the company kicked off its plan to require that all Firefox add-ons are certified, regardless of where they are hosted. Digital signing will be done through addons.mozilla.org.


Hmmm.

Labels:

By : Tighten Mozilla unveils major changes to Firefox add-on development: Cross-browser, multi-process, and mandatory signing | VentureBeat | Dev | by Emil Protalinski 0 comments

 
8.23.2015
Mac Developer: Blackphone 2 from Silent Circle will test whether security is a priority for smartphone buyers | VentureBeat | Mobile | by Chris O'Brien

Blackphone 2 from Silent Circle will test whether security is a priority for smartphone buyers | VentureBeat | Mobile | by Chris O'Brien
... release in September the Blackphone 2, an Android-based smartphone that is optimized to protect security and privacy so that none of your data can be discovered or used by a third-party.


It's that phone.

Labels:

By : Tighten Blackphone 2 from Silent Circle will test whether security is a priority for smartphone buyers | VentureBeat | Mobile | by Chris O'Brien 0 comments

 
8.17.2015
Mac Developer: New privilege escalation exploit discovered in OS X Yosemite, also affects just-released 10.10.5

New privilege escalation exploit discovered in OS X Yosemite, also affects just-released 10.10.5: "The exploit was discovered by Italian developer Luca Todesco, who relies on a combination of attacks — including a null pointer dereference in OS X's IOKit — to drop a proof-of-concept payload into a root shell. It affects every version of OS X Yosemite"
Almost as if someone wants them to find the vulnerabilities. I mean, OSX is hardly a target for hackers. So many bigger fish to fry.

Labels:

By : Tighten New privilege escalation exploit discovered in OS X Yosemite, also affects just-released 10.10.5 0 comments

 
8.15.2015
Mac Developer: Google's initial Android Stagefright patch inadequate, forced to issue second fix

Google's initial Android Stagefright patch inadequate, forced to issue second fix: "The first software patch designed to mitigate the high-profile Stagefright vulnerability in Google's Android mobile operating system was insufficient, one security researcher discovered, leading to the issuance of yet another update."
Security is unbelievably difficult when the OS foundation is based on Unix and C. Maybe a new operating system is in order. I've long believed that the crown jewels of Blackberry was QNX.

Labels: ,

By : Tighten Google's initial Android Stagefright patch inadequate, forced to issue second fix 0 comments

 
Mac Developer: The parfait approach to cyber defense: It's all about the layers | VentureBeat | Security | by Israel Levy, Bufferzone

The parfait approach to cyber defense: It's all about the layers | VentureBeat | Security | by Israel Levy, Bufferzone: "And as security consulting firm Security Compass wrote in early 2014, for all of its advantages, HTML5 isn’t bulletproof and shouldn’t be viewed as such: ‘HTML5 applications regardless of deployment can still be plagued with the same vulnerabilities as web applications (SQL injection, cross-site scripting, weak encryption, business logic attacks, etc.).’"
The secure web browser of the future will have no JavaScript and no Flash. I use Little Snitch extensively and it's amazing how many web pages (read: advertisements) open raw socket connections to remote servers.

Labels:

By : Tighten The parfait approach to cyber defense: It's all about the layers | VentureBeat | Security | by Israel Levy, Bufferzone 0 comments

 
Mac Developer: Kaspersky ex-employees say Russian antivirus firm faked malware to harm rivals | VentureBeat | Security | by Reuters

Kaspersky ex-employees say Russian antivirus firm faked malware to harm rivals | VentureBeat | Security | by Reuters: "SAN FRANCISCO (Reuters, Joseph Menn) – Beginning more than a decade ago, one of the largest security companies in the world, Moscow-based Kaspersky Lab, tried to damage rivals in the marketplace by tricking their antivirus software programs into classifying benign files as malicious, according to two former employees.
The heat is on.

Labels: , ,

By : Tighten Kaspersky ex-employees say Russian antivirus firm faked malware to harm rivals | VentureBeat | Security | by Reuters 0 comments

 
8.12.2015
Mac Developer: Lenovo once again reminds everyone why it's better to get a Mac

Lenovo once again reminds everyone why it's better to get a Mac: "Back in February Windows PC manufacturer Lenovo was caught injecting Superfish adware onto some of their laptops, not only exploiting their own customers but leaving those customers open to man-in-the-middle attacks. Now they've been charged with using something akin to a rootkit to make sure their own customers can't cleanly reinstall Windows, not without Lenovo re-intalling updaters, app installers, and system data collectors as well. And yes, this Lenovo hack was also potentially exploitable by malware. "
When shopping for that new PC to run Windows 10 for your WinObjC project, do yourself a favor and get a Dell or use a Mac with bootcamp. I found the Windows 8 to Windows 10 transition on the Dell totally painless. I upgrade the chap to a SSD, used Windows 8 Media Creation to burn an ISO and am now up and running on Windows 10 with VS Community 2015.

I'm totally intrigued by the new HyperV malware protection in Windows and may switch to such a laptop for all my internet related work in the immediate future.

Labels: ,

By : Tighten Lenovo once again reminds everyone why it's better to get a Mac 0 comments

 
8.11.2015
Mac Developer: Practical Windows Code and Driver Signing

Practical Windows Code and Driver Signing: "A lot of this information can be verified in official Microsoft documentation found on MSDN, and I will try to cite the official documentation when needed. The authoritative documents on kernel-mode code signing are kmsigning.doc and KMCS_walkthrough.doc. These are pretty good resources, but they are from 2007 and thus contain no information about Windows 7, Windows 8, or SHA-2. Also, their scope is more limited than the scope of this document because they don't talk about signing executables. Therefore, a lot of the things I say here are actually conclusions that I have drawn from my own experiments. When I am telling you something that I determined experimentally, I will use phrases like 'it seems like' or 'in my experience'. When my experiments contradict the official documentation I will say so."
Terrific guide to code signing in Windows environment. Better bone up because WinObjC is here and works great.

Labels: ,

By : Tighten Practical Windows Code and Driver Signing 0 comments

 
Mac Developer: Windows 10 Device Guard: Microsoft's effort to keep malware off PCs • The Register

Windows 10 Device Guard: Microsoft's effort to keep malware off PCs • The Register: "If the Windows 10 kernel, which has control over the PC, is compromised, Device Guard will remain fire-walled off, and cannot be subverted into allowing unauthorized code to run. A hypervisor running beneath the kernel and Device Guard enforces this.
Some interesting developments here.

Labels: , ,

By : Tighten Windows 10 Device Guard: Microsoft's effort to keep malware off PCs • The Register 0 comments

 
8.07.2015
Mac Developer: Apple fans can't tell the difference between iOS and Android - Business Insider

Apple fans can't tell the difference between iOS and Android - Business Insider: "Two pranksters from the Netherlands, Alexander Spoor and Sacha Harland, handed an iPhone running Android to several iPhone users and told them it was running iOS 9. "
The real question here is: who has the time for this kind of hacking?

Labels:

By : Tighten Apple fans can't tell the difference between iOS and Android - Business Insider 0 comments

 
8.03.2015
Mac Developer: Security researchers build on PC vulnerabilities to create first firmware-based Mac worm

Security researchers build on PC vulnerabilities to create first firmware-based Mac worm: "Firmware attacks are possible because many computer manufacturers put few safeguards in place to prevent malicious updates or changes, leaving many computers vulnerable. According to Wired, Apple could have put protections in place to prevent at least one type of attack discovered by the research group, but apparently elected not to."
More O Daeng!

Labels: ,

By : Tighten Security researchers build on PC vulnerabilities to create first firmware-based Mac worm 0 comments

 
8.02.2015
Mac Developer: The iOS 8.4 jailbreak app is now available on Mac

The iOS 8.4 jailbreak app is now available on Mac
Do not pass go, do not collect $200.

Labels:

By : Tighten The iOS 8.4 jailbreak app is now available on Mac 0 comments

 

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 QTZ    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 Quarzenegger.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2020
All Rights Reserved
Tighten Pro