Links...
 
Tighten Pro
C/C++/Cocoa tool for codesign security, Developer ID, & Mac App Store Receipt Validation

Tighten Pro - in the Mac App Store

Tighten Pro is now available in the Mac App Store. Simply click on the icon to the left to purchase directly from Apple. Or choose PKCS#7Viewer.app by clicking the image to the right.

6.29.2015
Mac Developer: Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks | Ars Technica

Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks | Ars Technica: "in 2011 Duqu 1.0 attackers compromised computers at NetLock, a Hungarian certificate authority. That hack allowed them to sign their wares with digital stamps trusted by Windows machines."
Fascinating tale. Or "How I learned to stop worrying and love the Nation-state sponsored cyberwars."

Labels: , ,

By : Tighten Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks | Ars Technica 0 comments

 
6.25.2015
Mac Developer: NSA, GCHQ hacked Kaspersky, other cybersecurity companies – Snowden docs - YouTube

NSA, GCHQ hacked Kaspersky, other cybersecurity companies – Snowden docs - YouTube: "Published on Jun 23, 2015 US and British spy agencies worked to reverse-engineer antivirus software in order to 'exploit such software and to prevent detection of our activities.' Russian security firm Kaspersky Lab was particularly targeted."
Saw this on RT. Nothing in the Western press about it, which I think is very interesting.

Labels: ,

By : Tighten NSA, GCHQ hacked Kaspersky, other cybersecurity companies – Snowden docs - YouTube 0 comments

 
Mac Developer: Some T-Mobile iPhone users suffering from random restarts, 'blue screen of death' | iMore

Some T-Mobile iPhone users suffering from random restarts, 'blue screen of death' | iMore: "If you're encountering random reboots on your T-Mobile iPhone, you're not the only one. Several users on social media are reporting that iPhones on the Uncarrier are flashing blue for a second, and randomly rebooting every 20 to 30 minutes."
Is this why there are no more Mac vs. PC ads? Let us use the billions to crush PCs once and for all! Mac! Mac! Mac!

Labels:

By : Tighten Some T-Mobile iPhone users suffering from random restarts, 'blue screen of death' | iMore 1 comments

 
6.24.2015
Mac Developer: XARA, deconstructed: An in-depth look at OS X and iOS cross-app resource attacks | iMore

XARA, deconstructed: An in-depth look at OS X and iOS cross-app resource attacks | iMore: "This week, security researchers from Indiana University released details of four security vulnerabilities they discovered in Mac OS X and iOS. The researchers detailed their discoveries of what they call 'cross-app resource attacks' (referred to as XARA) in a whitepaper released Wednesday. Unfortunately, there has been a lot of confusion surrounding their research."
A little more about XARA which I think is quite serious on OSX.

Labels:

By : Tighten XARA, deconstructed: An in-depth look at OS X and iOS cross-app resource attacks | iMore 0 comments

 
6.23.2015
Mac Developer: Popcorn Time for iOS passes 1 million downloads on non-jailbroken devices | VentureBeat | Media | by Emil Protalinski

Popcorn Time for iOS passes 1 million downloads on non-jailbroken devices | VentureBeat | Media | by Emil Protalinski: "Because sideloading apps onto iOS was not achievable without jailbreaking your device, until now, the Popcorn Time group is ecstatic at having reached this milestone. It shows that iOS users are not just very interested in a Popcorn Time app for iOS, but they are eager to try an alternative to jailbreaking in order to get apps that Apple doesn’t approve of."
Don't fret. This is probably a good thing at this point in the evolution of the OS.

Labels:

By : Tighten Popcorn Time for iOS passes 1 million downloads on non-jailbroken devices | VentureBeat | Media | by Emil Protalinski 0 comments

 
6.18.2015
Mac Developer: Developer hacks Apple Watch to run native UIKit apps on watchOS 1.0 | 9to5Mac

Developer hacks Apple Watch to run native UIKit apps on watchOS 1.0 | 9to5Mac: "Well-known developer Steve Troughton-Smith, who previously was able to get real UIKit-backed apps running on Apple Watch with watchOS 2.0, now says that he has gotten native UIKit apps running on watchOS 1.0. Smith shared a video showing off the feat, which can be seen via the embed below."
O Daeng!

Labels:

By : Tighten Developer hacks Apple Watch to run native UIKit apps on watchOS 1.0 | 9to5Mac 0 comments

 
Mac Developer: Major zero-day security flaws in iOS & OS X allow theft of both Keychain and app passwords | 9to5Mac

Major zero-day security flaws in iOS & OS X allow theft of both Keychain and app passwords | 9to5Mac: "Researchers from Indiana University and the Georgia Institute of Technology said that security holes in both iOS and OS X allow a malicious app to steal passwords from Apple’s Keychain, as well as both Apple and third-party apps. The claims appear to have been confirmed by Apple, Google and others."
Hmmmm.

Labels: , , ,

By : Tighten Major zero-day security flaws in iOS & OS X allow theft of both Keychain and app passwords | 9to5Mac 0 comments

 
6.15.2015
Mac Developer: The US Navy wants to buy unpatched security flaws

The US Navy wants to buy unpatched security flaws: "It won't surprise you to hear that governments are eager to buy unpatched security exploits for the sake of cyberdefense or surveillance, but they're rarely overt about it. No one must have told that to the US Navy until this week, however. The Electronic Frontier Foundation caught the military branch soliciting for both zero-day exploits and recently discovered vulnerabilities (less than six months old) for relatively common software from the likes of Apple, Google and Microsoft."
I don't feel like I'm the target. Do you?

Labels:

By : Tighten The US Navy wants to buy unpatched security flaws 0 comments

 
6.12.2015
Mac Developer: Report: Hack of government employee records discovered by product demo | Ars Technica

Report: Hack of government employee records discovered by product demo | Ars Technica: "Those statements may not be entirely accurate. According to a Wall Street Journal report, the breach was indeed discovered in April. But according to sources who spoke to the WSJ's Damian Paletta and Siobhan Hughes, it was in fact discovered during a sales demonstration of a network forensics software package called CyFIR by its developer, CyTech Services."
Will the truth be known?

Labels:

By : Tighten Report: Hack of government employee records discovered by product demo | Ars Technica 0 comments

 
6.09.2015
Mac Developer: Apple combines iOS and Mac developer programs into single Apple Developer Program | 9to5Mac

Apple combines iOS and Mac developer programs into single Apple Developer Program | 9to5Mac: "Apple has ended its separate iOS and Mac developer programs that required software makers to buy two different memberships in order to publish across the company’s various platforms and replaecd them with a single combined Apple Developer Program."
Even when they were separate the membership was still cheaper than buying a codesign certificate for WinXP development from a 3rd party service provider. Or call me wrong.

https://www.sslshopper.com/microsoft-authenticode-certificates.html

The range is $200 to $500 with no assurances as to the security of the root CA. With Apple's root protecting billions in IP, I feel pretty confident the trust chain is banzai!

Labels:

By : Tighten Apple combines iOS and Mac developer programs into single Apple Developer Program | 9to5Mac 0 comments

 
6.07.2015
Mac Developer: Edward Snowden hails Apple as 'pioneering' for iOS 8 security measures

Edward Snowden hails Apple as 'pioneering' for iOS 8 security measures: "'Basic technical safeguards such as encryption — once considered esoteric and unnecessary — are now enabled by default in the products of pioneering companies like Apple, ensuring that even if your phone is stolen, your private life remains private,' Snowden said."
Snowden gives thumbs up to iOS security.

Labels: ,

By : Tighten Edward Snowden hails Apple as 'pioneering' for iOS 8 security measures 0 comments

 
6.03.2015
Mac Developer: New exploit leaves most Macs vulnerable to permanent backdooring | Ars Technica

New exploit leaves most Macs vulnerable to permanent backdooring | Ars Technica: "The attack, according to a blog post published Friday by well-known OS X security researcher Pedro Vilaca, affects Macs shipped prior to the middle of 2014 that are allowed to go into sleep mode. He found a way to reflash a Mac's BIOS using functionality contained in userland, which is the part of an operating system where installed applications and drivers are executed. By exploiting vulnerabilities such as those regularly found in Safari and other Web browsers, attackers can install malicious firmware that survives hard drive reformatting and reinstallation of the operating system."
Kind of disheartening, really.

Labels:

By : Tighten New exploit leaves most Macs vulnerable to permanent backdooring | Ars Technica 0 comments

 

 

 
 
 

 Tighten    
 Generate    
 Secure    
 Inspect    
 Quarantino    
 Downloads    
 Support    
 Documentation    
 Tighten App.app    
 Tighten Pro.app    
 PKCS#7Viewer.app    
 About    
 Hire    
 Contact    
 Blogger    
 FaceBook    
 iTunes Direct Link    
 Hollywood CA    
 spctl --assess -vvv    
 spctl --master-enable    
 spctl --master-disable    
 Mac App Store Receipt Validation    
 Apple Code Signing Certificates    
 Gatekeeper Developer ID Apple    
 Xcode codesign tutorial    
 [Site Map]    
 


Copyright © 2005-2015
All Rights Reserved
Tighten Pro