Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

1.27.2015
Mac Developer: The 3 Hottest Physical Security Products at CES 2015 | The Mac Security Blog

The 3 Hottest Physical Security Products at CES 2015 | The Mac Security Blog: "You already know where to turn for the best Mac security products on the planet. But as any good security practitioner will tell you, it's important to take a layered approach to security."
Love the Noke padlock, would hate if it ran out of battery power!

Labels:

By : Tighten The 3 Hottest Physical Security Products at CES 2015 | The Mac Security Blog 0 comments

 
1.26.2015
Mac Developer: OS X 10.10.2 will fix years-old Thunderbolt hardware vulnerability

OS X 10.10.2 will fix years-old Thunderbolt hardware vulnerability: "The so-called 'Thunderstrike' hardware exploit was publicized late last year, but the hack takes advantage of a flaw in the Thunderbolt Option ROM first disclosed in 2012. Until now, that flaw hasn't been patched, but according to iMore, the latest beta of Apple's OS X 10.10.2 update fixes the problem."
Un-striked.

Labels: , ,

By : Tighten OS X 10.10.2 will fix years-old Thunderbolt hardware vulnerability 0 comments

 
1.25.2015
Mac Developer: Twitter’s war on developers continues: Tweetbot for Mac falls victim to token limit, gets pulled from App Store | 9to5Mac

Twitter’s war on developers continues: Tweetbot for Mac falls victim to token limit, gets pulled from App Store | 9to5Mac: "In November, 9to5Mac brought you an exclusive interview on Twitter’s limitations on third-party developers with the Iconfactory’s Gedeon Maheux. In the original article, Maheux said that development on Twitterrific 5 for Mac had stalled due to Twitter’s strict limits on how many users can login to a particular application."
All in good fun until somebody loses an eye.

Labels: ,

By : Tighten Twitter’s war on developers continues: Tweetbot for Mac falls victim to token limit, gets pulled from App Store | 9to5Mac 0 comments

 
1.23.2015
Mac Developer: Google's Project Zero reveals three new zero-day exploits in Apple's OS X [u]

Google's Project Zero reveals three new zero-day exploits in Apple's OS X [u]: "An internal software security research team at Google has publicly revealed three of recently-discovered zero-day exploits in Apple's Mac OS X desktop operating system, though the severity of each vulnerability is unknown."
Don't like the sound of sandbox escape via XPC.

Labels: ,

By : Tighten Google's Project Zero reveals three new zero-day exploits in Apple's OS X [u] 0 comments

 
1.18.2015
Mac Developer: Security bug Heartbleed may be forgotten, but it's not gone | VentureBeat | Security | by Ruth Reader

Security bug Heartbleed may be forgotten, but it's not gone | VentureBeat | Security | by Ruth Reader
However, a new bill called the Cyber Supply Chain Management and Transparency Act of 2014, would require software makers to provide a bill of materials for all the code components used in the software.


Obviously, bureaucracy will provide a solution that software engineers themselves cannot provide. Right.

Labels:

By : Tighten Security bug Heartbleed may be forgotten, but it's not gone | VentureBeat | Security | by Ruth Reader 0 comments

 
1.17.2015
Mac Developer: What Blackhat Gets Right: A Chat With Former Hacker Kevin Poulsen

What Blackhat Gets Right: A Chat With Former Hacker Kevin Poulsen: "Back in Kevin Poulsen's hacker days, before he became writer and Wired editor, he pulled stunts like taking over the phone lines in a radio contest to win himself a Porsche, or breaking into the FBI's computer system when he ended up on the agency's Most Wanted list to change his physical description. He served a five-year sentence for his crimes. Now he's consulting for Hollywood hacker films."
It's an interesting plot, low on tech details that runs toward an ever-closing noose. Instead of ever heightening public stakes. I enjoyed it.

Labels: ,

By : Tighten What Blackhat Gets Right: A Chat With Former Hacker Kevin Poulsen 0 comments

 
1.13.2015
Mac Developer: This USB wall charger secretly logs keystrokes from Microsoft wireless keyboards nearby | VentureBeat | Security | by Emil Protalinski

This USB wall charger secretly logs keystrokes from Microsoft wireless keyboards nearby | VentureBeat | Security | by Emil Protalinski: "Privacy and security researcher Samy Kamkar has released a keylogger for Microsoft wireless keyboards cleverly hidden in what appears to be a rather large, but functioning USB wall charger. Called KeySweeper, the stealthy Arduino-based device can sniff, decrypt, log, and report back all keystrokes — saving them both locally and online."
It ain't getting better...

Labels: ,

By : Tighten This USB wall charger secretly logs keystrokes from Microsoft wireless keyboards nearby | VentureBeat | Security | by Emil Protalinski 0 comments

 
1.11.2015
Mac Developer: Today's computers face more attacks than ever - CNET

Today's computers face more attacks than ever - CNET: "Kaspersky saw four times more mobile malware attacks in 2014 than the year before, said Patrick Nielsen, a researcher with the company."
Dang! Glad most of those are for the Windows.

Labels:

By : Tighten Today's computers face more attacks than ever - CNET 0 comments

 
1.08.2015
Mac Developer: Quarantino - xattr com.apple.quarantine in an App

Introducing Quarantino.app for Mac OS X (10.6.8 through 10.10.x) - a simple and effective way to view the signing credentials of an app downloaded from the internet, and if so desired, remove the quarantine attribute (xattr -l com.apple.quarantine).

The fact of the matter is, some OS features are not available to properly signed applications if they are in the quarantine. Don't believe me? See if you can spot the differences in operation between Quarantino.app (quarantined) and after you remove it from the quarantine.

Available for download now from this website (DeveloperID credentials) and coming soon to the App Store (fingers crossed - in review)!

Labels: , , , ,

By : Tighten Quarantino - xattr com.apple.quarantine in an App 0 comments

 
Mac Developer: Mac OS X Security Overview


http://www.giac.org/paper/gsec/28443/mac-security/124082


Nice security overview of Mac OS X. Different features and advantages are covered.

Labels: , , , ,

By : Tighten Mac OS X Security Overview 0 comments

 
1.01.2015
Mac Developer: Security researcher rewrites Mac firmware over Thunderbolt, says most Intel Thunderbolt Macs vulnerable | 9to5Mac

Security researcher rewrites Mac firmware over Thunderbolt, says most Intel Thunderbolt Macs vulnerable | 9to5Mac: "Once installed, the firmware cannot be removed since it replaces Apple’s public RSA key, which means that further firmware updates will be denied unless signed by the attacker’s private key"
Most hardware manufacturing is done overseas.

Labels:

By : Tighten Security researcher rewrites Mac firmware over Thunderbolt, says most Intel Thunderbolt Macs vulnerable | 9to5Mac 0 comments

 
Mac Developer: Technical notes, my online memory: Gatekeeper, XProtect and the Quarantine attribute

Technical notes, my online memory: Gatekeeper, XProtect and the Quarantine attribute: "Apps can opt-in to Gatekeeper and Xprotect protection by adding LSFileQuarantineEnabled to their Contents/Info.plist. This means that any files created by that app will get tagged with the apple quarantine HFS+ extended attribute.
Everything you wanted to know about quarantine but were afraid to ask.

Labels: , , ,

By : Tighten Technical notes, my online memory: Gatekeeper, XProtect and the Quarantine attribute 0 comments

 

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2015
All Rights Reserved
Tighten Pro